From daffster at gmail.com Fri Sep 1 13:54:28 2006 From: daffster at gmail.com (Kieran Murphy) Date: Fri, 1 Sep 2006 14:54:28 +0100 Subject: [rancid] Re: Huawie Router and Switchs In-Reply-To: References: Message-ID: Sadly Not, But I'd like to express my interest in this. If anyone were to add support for Huawei Switches, I would be extremely grateful. Regards, Kieran Murphy. On 8/29/06, George Gagbla wrote: > > Hi, > > > > Is it possible to use rancid for Huawei routers and switchs? If yes, I > will appreciate some lines of code. > > > > > > Cheers > > George > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060901/0b8d3a39/attachment.html From raich at chello.at Fri Sep 1 17:20:19 2006 From: raich at chello.at (Rene Aichmayer) Date: Fri, 01 Sep 2006 17:20:19 +0000 Subject: [rancid] Arris C4 Message-ID: <44F86BD3.4090805@chello.at> Hi everyone, I am new to rancid, but I like it much. I have it now running for Cisco devices, but I also would like to use it on Arris C4 CMTS's. The bad thing is that there is no login script and no ..rancid script for that purpose. Has anyone ever tried to get that running? Regards, Ren? From heas at shrubbery.net Sat Sep 2 21:01:53 2006 From: heas at shrubbery.net (john heasley) Date: Sat, 2 Sep 2006 14:01:53 -0700 Subject: [rancid] Re: nlogin of rancid-2.3.2a In-Reply-To: <0F354FDFECA12647B75F7B154EC3828502592FBF@LNWEXMB58.msad.ms.com> References: <0F354FDFECA12647B75F7B154EC3828502592FBF@LNWEXMB58.msad.ms.com> Message-ID: <20060902210153.GP11425@shrubbery.net> Thu, Aug 31, 2006 at 02:44:43PM +0100, Chitty, Dan (IT): > Hi > > Getting this error when trying to connect to a device. > > -bash-2.05b$ bin/nlogin pislns01 > invalid command name "@INCLUDE" > while executing > "@INCLUDE login.top@" > (file "bin/nlogin" line 34) > -bash-2.05b$ This leaked out and shouldn't have, yet. Please try 2.3.2a5 From psmith at metafore.ca Mon Sep 4 14:33:16 2006 From: psmith at metafore.ca (psmith at metafore.ca) Date: Mon, 4 Sep 2006 10:33:16 -0400 Subject: [rancid] any way to pass variables to commands being input by nlogin -c ? Message-ID: Hi again, I am using rancid to modify configs on 500 Netscreen devices. Thanks to the developers, it has cut down the amount of work needed manually. I have written a script which modifies most of the configs, but I was wondering if it is possible to use variables i.e. $2 $3 inside of the commands being passed with nlogin -c ? i.e. nlogin -c 'set hostname host_$1; set modem isp "Dialup" account login "host_$1 at dialupisp.net" password "password", save' -t 3000 $2 I did attempt it, but must have done something wrong, or it can't be done, because I got a bunch of errors spat back at me. [rancid at monitor ~]$ ./scripted-config-update.sh 9130 xxx.xxx.xxx.xxx can't read "2": no such variable while executing "subst [lindex $commands $i]" invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} {..." (procedure "run_commands" line 9) invoked from within "run_commands $prompt $command" ("foreach" body line 71) invoked from within "foreach firewall [lrange $argv $i end] { set firewall [string tolower $firewall] send_user "$firewall\n" set prompt {-> } # Figure o..." (file "/usr/local/rancid/bin/nlogin" line 436) Many thanks! --------------------------------------------------- Paul W. Smith Senior Network Operations Engineer MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, JNCIA-FWV, JNSS-S, JNSA-S Enterprise Services Metafore IT Solutions Direct: 905.362.7290 Cell: 416.271.6937 Toll Free: 800.563.7515 x 4086 psmith at metafore.ca http://www.metafore.ca M E T A F O R E IT SOLUTIONS ---------------------------------------------------- From heas at shrubbery.net Mon Sep 4 17:37:00 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 4 Sep 2006 17:37:00 +0000 Subject: [rancid] Re: any way to pass variables to commands being input by nlogin -c ? In-Reply-To: References: Message-ID: <20060904173700.GA17776@shrubbery.net> Mon, Sep 04, 2006 at 10:33:16AM -0400, psmith at metafore.ca: > > Hi again, > > I am using rancid to modify configs on 500 Netscreen devices. Thanks to the > developers, it has cut down the amount of work needed manually. > > I have written a script which modifies most of the configs, but I was > wondering if it is possible to use variables i.e. $2 $3 inside of the > commands being passed with nlogin -c ? I think that you want nlogin -E, see clogin(1) > i.e. nlogin -c 'set hostname host_$1; set modem isp "Dialup" account login > "host_$1 at dialupisp.net" password "password", save' -t 3000 $2 > > I did attempt it, but must have done something wrong, or it can't be done, > because I got a bunch of errors spat back at me. > > [rancid at monitor ~]$ ./scripted-config-update.sh 9130 xxx.xxx.xxx.xxx > can't read "2": no such variable > while executing > "subst [lindex $commands $i]" > invoked from within > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > > for {set i 0} {$i < $num_commands} {..." > (procedure "run_commands" line 9) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 71) > invoked from within > "foreach firewall [lrange $argv $i end] { > set firewall [string tolower $firewall] > send_user "$firewall\n" > > set prompt {-> } > > # Figure o..." > (file "/usr/local/rancid/bin/nlogin" line 436) > > Many thanks! > > --------------------------------------------------- > Paul W. Smith > Senior Network Operations Engineer > MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, JNCIA-FWV, JNSS-S, JNSA-S > Enterprise Services > Metafore IT Solutions > Direct: 905.362.7290 > Cell: 416.271.6937 > Toll Free: 800.563.7515 x 4086 > psmith at metafore.ca > http://www.metafore.ca > > M E T A F O R E > IT SOLUTIONS > ---------------------------------------------------- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From psmith at metafore.ca Mon Sep 4 20:18:24 2006 From: psmith at metafore.ca (psmith at metafore.ca) Date: Mon, 4 Sep 2006 16:18:24 -0400 Subject: [rancid] Force a disconnect after running some commands? Message-ID: Many thanks to John for his assistance so far.. My final issue is this. My script runs a bunch of commands, and the final command is after doing a firmware update. The final command is "reset save-config yes no-prompt". The Netscreen then returns the line "In reset ..." Program flash (8534273 bytes) ... +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++done Done harv5007-> reset save-config yes no-prompt In reset ... However, Rancid appears to hang at this point, until I do CTRL-C to break the script. Is there any way to have nlogin ends its run when it see the "In reset" part? I am trying to automate as much of this project I am working on, and I have the master shell script email the results from the firmware upgrade and config changes after nlogin works its magic. However at this point, with nlogin hanging, the email is not sent until the CTRL-C is issued. Any advice? --------------------------------------------------- Paul W. Smith Senior Network Operations Engineer MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, JNCIA-FWV, JNSS-S, JNSA-S Enterprise Services Metafore IT Solutions Direct: 905.362.7290 Cell: 416.271.6937 Toll Free: 800.563.7515 x 4086 psmith at metafore.ca http://www.metafore.ca M E T A F O R E IT SOLUTIONS ---------------------------------------------------- From heas at shrubbery.net Mon Sep 4 20:25:27 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 4 Sep 2006 13:25:27 -0700 Subject: [rancid] Re: Force a disconnect after running some commands? In-Reply-To: References: Message-ID: <20060904202527.GA21899@shrubbery.net> Mon, Sep 04, 2006 at 04:18:24PM -0400, psmith at metafore.ca: > > Many thanks to John for his assistance so far.. > > My final issue is this. > > My script runs a bunch of commands, and the final command is after doing a > firmware update. The final command is "reset save-config yes no-prompt". > The Netscreen then returns the line "In reset ..." > > > Program flash (8534273 bytes) ... > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++done > > Done > harv5007-> reset save-config yes no-prompt > In reset ... > > However, Rancid appears to hang at this point, until I do CTRL-C to break > the script. Is there any way to have nlogin ends its run when it see the > "In reset" part? just "return". the main loop of the login scripts sources the supplied script. when that script ends, it closes the pty and goes on to the next router (if there is one). send load config expect {success {send reset ...} failure {}} # script EOF you could also just call exit, but then you can't run multiple routers from 1 nlogin. > I am trying to automate as much of this project I am working on, and I have > the master shell script email the results from the firmware upgrade and > config changes after nlogin works its magic. > > However at this point, with nlogin hanging, the email is not sent until the > CTRL-C is issued. > > Any advice? > > --------------------------------------------------- > Paul W. Smith > Senior Network Operations Engineer > MCP, SCWSE, SCSA, SCNA, ACE, 3CSA, CNS, CLS, JNCIA-FWV, JNSS-S, JNSA-S > Enterprise Services > Metafore IT Solutions > Direct: 905.362.7290 > Cell: 416.271.6937 > Toll Free: 800.563.7515 x 4086 > psmith at metafore.ca > http://www.metafore.ca > > M E T A F O R E > IT SOLUTIONS > ---------------------------------------------------- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bwindle at fint.org Wed Sep 6 19:07:05 2006 From: bwindle at fint.org (Burton Windle) Date: Wed, 6 Sep 2006 15:07:05 -0400 (EDT) Subject: [rancid] determing RANCID version Message-ID: I feel like an idiot, but how does one determine the version of RANCID which is installed (assuming it was done via tgz, and not a rpm/deb/etc, but said tgz and all associated source files have since been removed)? I've tried ./rancid -v, ./rancid -V, ./rancid --version to no luck, and have even resorted to grepping rancid's bin directory for likely versions. I haven't checked in CVS yet -- Burton Windle bwindle at fint.org From JJackson at aninetworks.com Wed Sep 6 19:09:00 2006 From: JJackson at aninetworks.com (Joseph Jackson) Date: Wed, 6 Sep 2006 12:09:00 -0700 Subject: [rancid] Re: determing RANCID version Message-ID: Look at the top of the rancid script in */rancid/bin/ > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Burton Windle > Sent: Wednesday, September 06, 2006 12:07 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] determing RANCID version > > I feel like an idiot, but how does one determine the version > of RANCID which is installed (assuming it was done via tgz, > and not a rpm/deb/etc, but said tgz and all associated source > files have since been removed)? > > I've tried ./rancid -v, ./rancid -V, ./rancid --version to no > luck, and have even resorted to grepping rancid's bin > directory for likely versions. > > I haven't checked in CVS yet > > -- > Burton Windle bwindle at fint.org > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From jeekay at gmail.com Thu Sep 7 16:47:14 2006 From: jeekay at gmail.com (Jee Kay) Date: Thu, 7 Sep 2006 17:47:14 +0100 Subject: [rancid] Re: determing RANCID version In-Reply-To: References: Message-ID: On 06/09/06, Joseph Jackson wrote: > Look at the top of the rancid script in */rancid/bin/ Failing that, check the top of share/rancid/CHANGES. From shlomo at dubrowin.org Wed Sep 13 15:21:12 2006 From: shlomo at dubrowin.org (Shlomo Dubrowin) Date: Wed, 13 Sep 2006 18:21:12 +0300 Subject: [rancid] Weird Log Entries Message-ID: Rancid Gurus, I have been using rancid for about a year now and have finally convinced my bosses to let me expand rancid to cover more than just access switches. I am now attempting to cover routers and devices that are using TACACS with autoenable. However, I have run into a problem, I can log in using clogin to a router, but when rancid-run goes to try to back it up, it fails. It appears to my untrained eye to be an autoenable problem, can you confirm and point me in the right direction to getting this to work. Rancid is running on Red Hat Enterprise Linux. Thank you. Shlomo Files Snippets, we'll be using r2.isr1.igi as the sample router: router.db: r2.isr1.igi:cisco:up (this router is in DNS properly) .cloginrc: # Router Passwrods add user r* username add userpassword r* password add method r* telnet add autoenable r* 1 add noenable r* 1 (I tried this with and without the noenable and received the same errors) The Log errors: ! write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re + { exp_continue } -re {^[^ *]*r2.isr1.igi([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send..." invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on ..." (procedure "run_commands" line 34) invoked from within "run_commands $prompt $command" ("foreach" body line 144) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/rancid/bin/clogin" line 616) r2.isr1.igi: missed cmd(s): dir /all slavedisk2:,dir /all sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,dir /all slavedisk1:,show module,show controllers,show diagbus,dir /all slavedisk0:,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,show running-config,show c7200,dir /all slot1: r2.isr1.igi: End of run not found ! -- ----------------------------------------------------------------------- ,-~~-.___. ._. / | ' \ | |"""""""""| Shlomo Dubrowin ( ) 0 | | | (Sheldon) \_/-, ,----' | | | ==== !_!--v---v--" / \-'~; |""""""""| shlomo at dubrowin.org / __/~| ._-""|| | http://www.dubrowin.org =( _____|_|____||________| ----------------------------------------------------------------------- From heas at shrubbery.net Wed Sep 13 19:43:00 2006 From: heas at shrubbery.net (john heasley) Date: Wed, 13 Sep 2006 19:43:00 +0000 Subject: [rancid] Re: Weird Log Entries In-Reply-To: References: Message-ID: <20060913194300.GI7081@shrubbery.net> Wed, Sep 13, 2006 at 06:21:12PM +0300, Shlomo Dubrowin: > Rancid Gurus, ^smelling > .cloginrc: > # Router Passwrods > add user r* username > add userpassword r* password > add method r* telnet > add autoenable r* 1 > The Log errors: > ! > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re + { exp_continue } -re {^[^ > > *]*r2.isr1.igi([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > "$expect_out(buffer)" > } -re {..." > invoked from within > "expect { > -re "\b+" { exp_continue } > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send..." This indicates to me that the pty closed, which it should not. That'd mean that rancid (the perl script) would have exitted, assuming that you do not have NOPIPE=YES in rancid.conf. Does it work from the command line? rancid hostname Does a simple multi-command clogin work? clogin -c 'dir /all nvram;dir /all bootflash:" hostname > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on ..." > (procedure "run_commands" line 34) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 144) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # Figure out prompt. > # Since autoena..." > (file "/rancid/bin/clogin" line 616) > r2.isr1.igi: missed cmd(s): dir /all slavedisk2:,dir /all > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all > disk2:,dir /all sec-bootflash:,show spe version,dir /all > slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all > sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all > sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all > harddiskb:,dir /all slavedisk1:,show module,show controllers,show > diagbus,dir /all slavedisk0:,dir /all bootflash:,dir /all > sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all > sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir > /all sup-microcode:,dir /all slavebootflash:,show controllers cbus,dir > /all slaveslot1:,show running-config,show c7200,dir /all slot1: From shlomo at dubrowin.org Thu Sep 14 09:09:06 2006 From: shlomo at dubrowin.org (Shlomo Dubrowin) Date: Thu, 14 Sep 2006 12:09:06 +0300 Subject: [rancid] Re: Weird Log Entries In-Reply-To: <20060913194300.GI7081@shrubbery.net> References: <20060913194300.GI7081@shrubbery.net> Message-ID: Hi John, It turns out the user in TACACS I was using for rancid did not have access to use all the commands required. I found the commands in the clogin script and sent it to the TACACS Admin, and now the router(s) is being backed up properly. Thank you. Shlomo On 9/13/06, john heasley wrote: > Wed, Sep 13, 2006 at 06:21:12PM +0300, Shlomo Dubrowin: > > Rancid Gurus, > ^smelling > > > .cloginrc: > > # Router Passwrods > > add user r* username > > add userpassword r* password > > add method r* telnet > > add autoenable r* 1 > > > The Log errors: > > ! > > write(spawn_id=1): broken pipe > > while executing > > "send_user -- "$expect_out(buffer)"" > > invoked from within > > "expect -nobrace -re + { exp_continue } -re {^[^ > > > > *]*r2.isr1.igi([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > > "$expect_out(buffer)" > > } -re {..." > > invoked from within > > "expect { > > -re "\b+" { exp_continue } > > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > > } > > -re "^\[^\n\r]*$reprompt." { send..." > > This indicates to me that the pty closed, which it should not. That'd mean > that rancid (the perl script) would have exitted, assuming that you do not > have NOPIPE=YES in rancid.conf. > > Does it work from the command line? rancid hostname > Does a simple multi-command clogin work? > clogin -c 'dir /all nvram;dir /all bootflash:" hostname > > > "if [ string match "*\;*" "$command" ] { > > set commands [split $command \;] > > set num_commands [llength $commands] > > # the pager can not be turned off on ..." > > (procedure "run_commands" line 34) > > invoked from within > > "run_commands $prompt $command" > > ("foreach" body line 144) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out prompt. > > # Since autoena..." > > (file "/rancid/bin/clogin" line 616) > > r2.isr1.igi: missed cmd(s): dir /all slavedisk2:,dir /all > > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all > > disk2:,dir /all sec-bootflash:,show spe version,dir /all > > slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all > > sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all > > sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all > > harddiskb:,dir /all slavedisk1:,show module,show controllers,show > > diagbus,dir /all slavedisk0:,dir /all bootflash:,dir /all > > sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all > > sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir > > /all sup-microcode:,dir /all slavebootflash:,show controllers cbus,dir > > /all slaveslot1:,show running-config,show c7200,dir /all slot1: > -- ----------------------------------------------------------------------- ,-~~-.___. ._. / | ' \ | |"""""""""| Shlomo Dubrowin ( ) 0 | | | (Sheldon) \_/-, ,----' | | | ==== !_!--v---v--" / \-'~; |""""""""| shlomo at dubrowin.org / __/~| ._-""|| | http://www.dubrowin.org =( _____|_|____||________| ----------------------------------------------------------------------- From afort at choqolat.org Thu Sep 14 16:44:11 2006 From: afort at choqolat.org (Andrew Fort) Date: Thu, 14 Sep 2006 09:44:11 -0700 Subject: [rancid] Re: Documentation on adding an unsupported device. In-Reply-To: <38468.69.25.140.12.1157043610.squirrel@trumpy.devnull.org.nz> References: <38468.69.25.140.12.1157043610.squirrel@trumpy.devnull.org.nz> Message-ID: <7654d9d0609140944q268e66bexf3cad21fb3e399b2@mail.gmail.com> On 8/31/06, liz wrote: > I can get logged into > the switch with clogin but the commands that rancid is running dont all > quite work as it expects. so, if 'clogin -c "" ' logs in, executes the command, and logs out cleanly, the clogin itself is 'working' (for some usable definition of work). so you'd only need to write a separate *rancid tool to parse the output of your switch commands (and to execute the necessary commands, see towards the end of the rancid script for how all that fits together). rancid-fe as you've found calls a *rancid tool based on the contents of a : pair, and the *rancid script calls one of the *login scripts (look towards the end of the *rancid script). there's more than one vendor's equipment that uses the "cisco" clogin tool; for example, force 10 switches. -andrew From chen_daniel at emc.com Thu Sep 14 17:05:56 2006 From: chen_daniel at emc.com (chen_daniel at emc.com) Date: Thu, 14 Sep 2006 13:05:56 -0400 Subject: [rancid] Re: Missing FAQ In-Reply-To: <20060831185622.GB28108@shrubbery.net> Message-ID: I found a cookbook reference for Rancid. Maybe that can be a reference to another cookbook of installation Rancid. It was from Sys Admin magazine. http://www.samag.com/documents/s=10093/sam0609a/0609a.htm regards, Daniel Chen EMC Corporation > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of john heasley > Sent: Thursday, August 31, 2006 2:56 PM > To: Justin Sherrill > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Missing FAQ > > Thu, Aug 31, 2006 at 02:25:31PM -0400, Justin Sherrill: > > > > I see this: > > > > http://threebit.net/mail-archive/cisco-nsp/msg00053.html > > > > mentioning a way to automatically collect data when a config is updated, > > but I don't see this question in the FAQ. > > > > http://www.shrubbery.net/rancid/FAQ > > > > What happened to it? > > Andrew's a bad dawg. He apparently added it but did not commit and it was > overwritten. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From llc at dansketelecom.com Thu Sep 14 19:14:02 2006 From: llc at dansketelecom.com (Lars Lystrup Christensen) Date: Thu, 14 Sep 2006 21:14:02 +0200 Subject: [rancid] Problem with rancid-script Message-ID: <5DCC4AA34F470741B0CAE586CC8C8BB3EE7595@exchange.office.dansketelecom.com> Hi list I have a problem with a rancid parsing script I've created. The script is for the Motorola Expedience system. The problem is that it seems that rancid is not collecting my configs. When I run the script manually (./expedrancid -d hostIP) I get an output in the form of hostIP.new, but when I run the script from within rancid, I don't get any output at all. Anyone got any ideas on what to look for? ______________________________________ Med venlig hilsen / Kind regards Lars Lystrup Christensen Network Engineer Danske Telecom A/S - Clearwire Denmark Sundkrogsgade 13, 4 2100 K?benhavn ? llc at dansketelecom.com +45 35 27 50 00 (Office) +45 35 27 50 50 (Fax) +45 35 27 50 23 (Direct) +45 40 60 55 23 (Mobile) www.dansketelecom.com www.clearwire.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060914/66bf98cc/attachment.html From heas at shrubbery.net Thu Sep 14 19:50:30 2006 From: heas at shrubbery.net (john heasley) Date: Thu, 14 Sep 2006 19:50:30 +0000 Subject: [rancid] Re: Problem with rancid-script In-Reply-To: <5DCC4AA34F470741B0CAE586CC8C8BB3EE7595@exchange.office.dansketelecom.com> References: <5DCC4AA34F470741B0CAE586CC8C8BB3EE7595@exchange.office.dansketelecom.com> Message-ID: <20060914195030.GB5749@shrubbery.net> Thu, Sep 14, 2006 at 09:14:02PM +0200, Lars Lystrup Christensen: > I have a problem with a rancid parsing script I've created. The script is for the Motorola Expedience system. what is that? > The problem is that it seems that rancid is not collecting my configs. When I run the script manually (./expedrancid -d hostIP) I get an output in the form of hostIP.new, but when I run the script from within rancid, I don't get any output at all. > > Anyone got any ideas on what to look for? Errors :) specicially look at the log file in logs/ for the group the device is a member of. From llc at dansketelecom.com Fri Sep 15 05:50:26 2006 From: llc at dansketelecom.com (Lars Lystrup Christensen) Date: Fri, 15 Sep 2006 07:50:26 +0200 Subject: [rancid] Re: Problem with rancid-script In-Reply-To: <20060914195030.GB5749@shrubbery.net> Message-ID: <5DCC4AA34F470741B0CAE586CC8C8BB3EE75A0@exchange.office.dansketelecom.com> Hi John > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: 14. september 2006 21:51 > To: Lars Lystrup Christensen > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Problem with rancid-script > > Thu, Sep 14, 2006 at 09:14:02PM +0200, Lars Lystrup Christensen: > > I have a problem with a rancid parsing script I've created. The script > is for the Motorola Expedience system. > > what is that? > Motorola Expedience system, formerly known as Nextnet Wireless Expedience system, is a WiMAX like system for wireless access. > > The problem is that it seems that rancid is not collecting my configs. > When I run the script manually (./expedrancid -d hostIP) I get an output > in the form of hostIP.new, but when I run the script from within rancid, I > don't get any output at all. > > > > Anyone got any ideas on what to look for? > > Errors :) specicially look at the log file in logs/ for the group the > device > is a member of. Actually when I look into the log files the only thing I find beside successful collections is: Trying to get all of the configs. ===================================== Getting missed routers: round 1. ===================================== Getting missed routers: round 2. ===================================== Getting missed routers: round 3. ===================================== Getting missed routers: round 4. Best regards Lars Lystrup Christensen From heas at shrubbery.net Fri Sep 15 18:28:37 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 15 Sep 2006 11:28:37 -0700 Subject: [rancid] Re: Problem with rancid-script In-Reply-To: <5DCC4AA34F470741B0CAE586CC8C8BB3EE75A0@exchange.office.dansketelecom.com> References: <20060914195030.GB5749@shrubbery.net> <5DCC4AA34F470741B0CAE586CC8C8BB3EE75A0@exchange.office.dansketelecom.com> Message-ID: <20060915182837.GK161@shrubbery.net> Fri, Sep 15, 2006 at 07:50:26AM +0200, Lars Lystrup Christensen: > > Thu, Sep 14, 2006 at 09:14:02PM +0200, Lars Lystrup Christensen: > > > I have a problem with a rancid parsing script I've created. The > script > > is for the Motorola Expedience system. > > > > what is that? > > > Motorola Expedience system, formerly known as Nextnet Wireless > Expedience system, is a WiMAX like system for wireless access. UI similar to the BSR? > > > The problem is that it seems that rancid is not collecting my > configs. > > When I run the script manually (./expedrancid -d hostIP) I get an > output > > in the form of hostIP.new, but when I run the script from within > rancid, I > > don't get any output at all. > > > > > > Anyone got any ideas on what to look for? > > > > Errors :) specicially look at the log file in logs/ for the group the > > device > > is a member of. > > Actually when I look into the log files the only thing I find beside > successful collections is: > > > Trying to get all of the configs. > ===================================== > Getting missed routers: round 1. > ===================================== > Getting missed routers: round 2. > ===================================== > Getting missed routers: round 3. > ===================================== > Getting missed routers: round 4. In what case(s) would your script remove the .new file? From llc at dansketelecom.com Fri Sep 15 19:35:21 2006 From: llc at dansketelecom.com (Lars Lystrup Christensen) Date: Fri, 15 Sep 2006 21:35:21 +0200 Subject: [rancid] Re: Problem with rancid-script In-Reply-To: <20060915182837.GK161@shrubbery.net> Message-ID: <5DCC4AA34F470741B0CAE586CC8C8BB3EE7667@exchange.office.dansketelecom.com> > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: 15. september 2006 20:29 > To: Lars Lystrup Christensen > Cc: john heasley; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Problem with rancid-script > > Fri, Sep 15, 2006 at 07:50:26AM +0200, Lars Lystrup Christensen: > > > Thu, Sep 14, 2006 at 09:14:02PM +0200, Lars Lystrup Christensen: > > > > I have a problem with a rancid parsing script I've created. The > > script > > > is for the Motorola Expedience system. > > > > > > what is that? > > > > > Motorola Expedience system, formerly known as Nextnet Wireless > > Expedience system, is a WiMAX like system for wireless access. > > UI similar to the BSR? BSR? I'm not quite sure what you mean... > > > > > The problem is that it seems that rancid is not collecting my > > configs. > > > When I run the script manually (./expedrancid -d hostIP) I get an > > output > > > in the form of hostIP.new, but when I run the script from within > > rancid, I > > > don't get any output at all. > > > > > > > > Anyone got any ideas on what to look for? > > > > > > Errors :) specicially look at the log file in logs/ for the group the > > > device > > > is a member of. > > > > Actually when I look into the log files the only thing I find beside > > successful collections is: > > > > > > Trying to get all of the configs. > > ===================================== > > Getting missed routers: round 1. > > ===================================== > > Getting missed routers: round 2. > > ===================================== > > Getting missed routers: round 3. > > ===================================== > > Getting missed routers: round 4. > > In what case(s) would your script remove the .new file? I don't know... I'll include the rancid-script below. ------------- script ----------------- #! /usr/bin/perl ## ## $Id: prancid.in,v 1.29 2004/01/11 03:49:13 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # This version of rancid tries to deal with Motorola Expedience System. # Done by Lars L. Christensen # # RANCID - Really Awesome New Cisco confIg Differ # # usage: expedrancid [-d] [-l] [-f filename | $host] # use Getopt::Std; getopts('dfl'); $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $timeo = 90; # clogin timeout in seconds my($platform); # platform/cpu type my(%filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string, at string)=(@_); if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routing that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routing (ascending). sub numsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show version" sub ShowDevice { print STDERR " In ShowDevice: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); /^device ethernet address \=>(\s+.*)$/ && ProcessHistory("COMMENTS","keysort","C1","\#\n# Ethernet Address: $1\n") && next; /^device nextnet address \=>(\s+.*)$/ && ProcessHistory("COMMENTS","keysort","C2","\# Airlink Address: $1\n") && next; /^device unit number \=>(\s+.*)$/ && ProcessHistory("COMMENTS","keysort","C3","\# Unit number: $1\n\#\n") && next; } return(0); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); /^ / && next; ProcessHistory("COMMENTS","keysort","B1", "# $_") && next; } return(0); } # This routine processes a "show -fn" sub ShowFN { print STDERR " In ShowFN: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; /^$/ && next; # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. } $found_end = 1; return(1); } # dummy function sub DoNothing {print STDOUT;} # Main %commands=( 'show version' => "ShowVersion", 'show device' => "ShowDevice", 'show -fn' => "ShowFN" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @commands=( "show version", "show device", "show -fn" ); $cisco_cmds=join(";", at commands); $cmds_regexp=join("|", at commands); open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing clogin -t $timeo -c \"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing clogin -t $timeo -c \"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; } else { open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if ($prompt) { $clean_run=1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run=0; last; } while (/[>#]\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^>]+>)/)[0]; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { $clean_run = 1; if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } -------------- end script ------------------ A sample of the output from the Motorola Expedience equipment would eventually look like the following: -------------- start output ---------------- #RANCID-CONTENT-TYPE: motorolaexpedience # # version Version 4.3.28 Expedience AMOD Base Station # ATI Aggregation Library Version 1.1.24 # ASIC: Ver 42, Rev B # # Ethernet Address: 00:03:D7:F0:0A:B3 # Airlink Address: 00:F0:0A:B3 # Unit number: 15731379 # # # Actual configuration # aaa authority = remote aaa port = 12541 (bunch of more lines like the above one) ------------- end output ------------------- Hope somebody might get an idea... BR Lars From heas at shrubbery.net Fri Sep 15 19:59:39 2006 From: heas at shrubbery.net (john heasley) Date: Fri, 15 Sep 2006 12:59:39 -0700 Subject: [rancid] Re: Problem with rancid-script In-Reply-To: <5DCC4AA34F470741B0CAE586CC8C8BB3EE7667@exchange.office.dansketelecom.com> References: <20060915182837.GK161@shrubbery.net> <5DCC4AA34F470741B0CAE586CC8C8BB3EE7667@exchange.office.dansketelecom.com> Message-ID: <20060915195939.GH27771@shrubbery.net> Fri, Sep 15, 2006 at 09:35:21PM +0200, Lars Lystrup Christensen: > > > > > I have a problem with a rancid parsing script I've created. The > > > script > > > > is for the Motorola Expedience system. > > > > > > > > what is that? > > > > > > > Motorola Expedience system, formerly known as Nextnet Wireless > > > Expedience system, is a WiMAX like system for wireless access. > > > > UI similar to the BSR? > > BSR? I'm not quite sure what you mean... Is the UI similar to the mototola BSR "series". > > > Actually when I look into the log files the only thing I find beside > > > successful collections is: > > > > > > > > > Trying to get all of the configs. > > > ====================================> > Getting missed routers: round 1. > > > ====================================> > Getting missed routers: round 2. > > > ====================================> > Getting missed routers: round 3. > > > ====================================> > Getting missed routers: round 4. > > > > In what case(s) would your script remove the .new file? > > I don't know... Looks ok. check permissions on the configs directory. or, make a copy of rancid-fe with your script "truss -f -o /tmp/trace SCRIPT"ed, or whatever your o/s uses to ptrace a process. From llc at dansketelecom.com Fri Sep 15 21:30:27 2006 From: llc at dansketelecom.com (Lars Lystrup Christensen) Date: Fri, 15 Sep 2006 23:30:27 +0200 Subject: [rancid] Re: Problem with rancid-script In-Reply-To: <20060915195939.GH27771@shrubbery.net> Message-ID: <5DCC4AA34F470741B0CAE586CC8C8BB3EE766A@exchange.office.dansketelecom.com> > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: 15. september 2006 22:00 > To: Lars Lystrup Christensen > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Problem with rancid-script > > Fri, Sep 15, 2006 at 09:35:21PM +0200, Lars Lystrup Christensen: > > > > > > I have a problem with a rancid parsing script I've created. The > > > > script > > > > > is for the Motorola Expedience system. > > > > > > > > > > what is that? > > > > > > > > > Motorola Expedience system, formerly known as Nextnet Wireless > > > > Expedience system, is a WiMAX like system for wireless access. > > > > > > UI similar to the BSR? > > > > BSR? I'm not quite sure what you mean... > > Is the UI similar to the mototola BSR "series". I don't know, since I've never used motorola BSR. Motorola just resently bought Nextnet Wireless who originally made the Expedience system. > > > > > Actually when I look into the log files the only thing I find beside > > > > successful collections is: > > > > > > > > > > > > Trying to get all of the configs. > > > > ====================================> > Getting missed routers: > round 1. > > > > ====================================> > Getting missed routers: > round 2. > > > > ====================================> > Getting missed routers: > round 3. > > > > ====================================> > Getting missed routers: > round 4. > > > > > > In what case(s) would your script remove the .new file? > > > > I don't know... > > Looks ok. check permissions on the configs directory. or, make a copy of > rancid-fe with your script "truss -f -o /tmp/trace SCRIPT"ed, or whatever > your o/s uses to ptrace a process. Permissions should be correct, because I'm collecting cisco and hp configs without problems. I'll see if I can find out how to use such tools. I running debian on the box. Regards Lars From ahamino at gmail.com Sat Sep 16 08:53:58 2006 From: ahamino at gmail.com (Abdelrahman) Date: Sat, 16 Sep 2006 11:53:58 +0300 (Egypt Standard Time) Subject: [rancid] problems with diffs! Message-ID: <450BBBA6.000004.00544@COMPAQ-NOTEBOOK> Hello All, I am using rancid for a couple of days now, I think that it is so powerful but I have noticed that sometimes diffs are fake?! For example: Index: configs/192.168.0.1 =================================================================== Retrieving revision 1.2 Diff -u -4 -r1.2 192.168.0.1 @@ -177,9 +177,9 @@ !VTP: VTP Traps Generation : Disabled !VTP: MD5 digest : 0xBE 0x8F 0x7E 0x1A 0x3E 0xFF 0x6A 0x94 !VTP: Local updater ID is 172.16.200.104 on interface Vl1 (lowest numbered VLAN interface found) ! - !VLAN: ^ + !VLAN: ^ ! Config-register 0xF Version 12.2 No service pad I understand that rancid assumed that there is a difference in the line because the number of spaces has changed? But this didn't indicate a difference in the configuration? It also happens with "show vlan". I always receive a mail indicating that there is a difference in the configuration where in fact I find that it is just that the lines has changed somehow? Is there a way I could fix this issue? Regards, Abdelrahman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060916/ac3f8a7f/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 20554 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060916/ac3f8a7f/attachment.gif From heas at shrubbery.net Sun Sep 17 04:15:44 2006 From: heas at shrubbery.net (john heasley) Date: Sat, 16 Sep 2006 21:15:44 -0700 Subject: [rancid] Re: problems with diffs! In-Reply-To: <450BBBA6.000004.00544@COMPAQ-NOTEBOOK> References: <450BBBA6.000004.00544@COMPAQ-NOTEBOOK> Message-ID: <20060917041544.GC12485@shrubbery.net> Please try 2.3.2a5. Sat, Sep 16, 2006 at 11:53:58AM +0300, Abdelrahman: > - !VLAN: ^ > + !VLAN: ^ > ! > Config-register 0xF > Version 12.2 > No service pad > > I understand that rancid assumed that there is a difference in the line > because the number of spaces has changed? But this didn't indicate a > difference in the configuration? > > It also happens with "show vlan". I always receive a mail indicating that > there is a difference in the configuration where in fact I find that it is > just that the lines has changed somehow? > > Is there a way I could fix this issue? From ahamino at gmail.com Sun Sep 17 19:58:56 2006 From: ahamino at gmail.com (Abdelrahman) Date: Sun, 17 Sep 2006 22:58:56 +0300 Subject: [rancid] Re: problems with diffs! In-Reply-To: <20060917041544.GC12485@shrubbery.net> References: <450BBBA6.000004.00544@COMPAQ-NOTEBOOK> <20060917041544.GC12485@shrubbery.net> Message-ID: Dear john, I am using this version?! regards, Abdekrahman On 9/17/06, john heasley wrote: > > Please try 2.3.2a5. > > Sat, Sep 16, 2006 at 11:53:58AM +0300, Abdelrahman: > > - !VLAN: ^ > > > + !VLAN: ^ > > > ! > > > Config-register 0xF > > > Version 12.2 > > > No service pad > > > > > > I understand that rancid assumed that there is a difference in the line > > because the number of spaces has changed? But this didn't indicate a > > difference in the configuration? > > > > > > It also happens with "show vlan". I always receive a mail indicating > that > > there is a difference in the configuration where in fact I find that it > is > > just that the lines has changed somehow? > > > > > > Is there a way I could fix this issue? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060917/e2f62e7d/attachment.html From ehumphri at gmail.com Sun Sep 17 20:49:17 2006 From: ehumphri at gmail.com (Eric Humphries) Date: Sun, 17 Sep 2006 15:49:17 -0500 Subject: [rancid] fnrancid and Fortinet equipment Message-ID: <9b09889b0609171349j27f1aaacm47efd1a132d42e70@mail.gmail.com> Hey guys, I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into some fortinet equipment (more specifically a Fortigate 60M) using the fnrancid module. I'm able to manually use clogin to log into the firewall and it brings me to the prompt but immediately after the session freezes and I'm unable to type/run commands. Using rancid-run fails to run the commands as well so it appears to be something with how the script expects the login prompt to appear, possibly. The hostname I have on the device is "testdevice $" when I log in as a user and "testdevice #" when I log in with admin. There is not enable password required. I'm quite new to rancid (a few days) and I've searched around for help regarding this specific issue but I've yet to find anything that matches my problem well. I can provide information as necessary, just tell me what you need to see. Is there something I'm doing wrong that would cause the shell to hang? I've tried running rancid with tcsh, and sh - both with the same result. Thanks in advance for your suggestions. -- efk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060917/b9fb6f72/attachment.html From jsherrill at currentcomm.net Mon Sep 18 14:01:40 2006 From: jsherrill at currentcomm.net (Justin Sherrill) Date: Mon, 18 Sep 2006 10:01:40 -0400 Subject: [rancid] Re: fnrancid and Fortinet equipment Message-ID: <7D3405B5488C0648B39948C26AE91A9B028AC9D0@rocexch01.currentcomm.com> This seems similar to a problem I had: http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001685.htm l Basically: is there any other # characters in your login banner? Failing that: have you tried a "noenable" command in your /.cloginrc? ----------------------------------------- Justin C. Sherrill - CURRENT Communications 220 Kenneth Drive Rochester, New York 14623 P: 585.486.0549 F: 585.486.0030 ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Eric Humphries Sent: Sunday, September 17, 2006 4:49 PM To: Rancid-discuss at shrubbery.net Subject: [rancid] fnrancid and Fortinet equipment Hey guys, I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into some fortinet equipment (more specifically a Fortigate 60M) using the fnrancid module. I'm able to manually use clogin to log into the firewall and it brings me to the prompt but immediately after the session freezes and I'm unable to type/run commands. Using rancid-run fails to run the commands as well so it appears to be something with how the script expects the login prompt to appear, possibly. The hostname I have on the device is "testdevice $" when I log in as a user and "testdevice #" when I log in with admin. There is not enable password required. I'm quite new to rancid (a few days) and I've searched around for help regarding this specific issue but I've yet to find anything that matches my problem well. I can provide information as necessary, just tell me what you need to see. Is there something I'm doing wrong that would cause the shell to hang? I've tried running rancid with tcsh, and sh - both with the same result. Thanks in advance for your suggestions. -- efk ***CONFIDENTIALITY NOTICE*** The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this message from your system. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060918/6d2f59a1/attachment.html From ehumphri at gmail.com Mon Sep 18 19:13:17 2006 From: ehumphri at gmail.com (Eric Humphries) Date: Mon, 18 Sep 2006 14:13:17 -0500 Subject: [rancid] Re: fnrancid and Fortinet equipment In-Reply-To: <7D3405B5488C0648B39948C26AE91A9B028AC9D0@rocexch01.currentcomm.com> References: <7D3405B5488C0648B39948C26AE91A9B028AC9D0@rocexch01.currentcomm.com> Message-ID: <9b09889b0609181213w476d48fm8fc854b87e74e7f2@mail.gmail.com> I have tried using the admin and a nonadmin account (bassically the difference between the # and $ at the end of the prompt and it didn't seem to matter. One thing that did bother me about the loginprompt was the space between the hostname (prompt) and the # or $. I don't think there is a way for me to eliminate that space - and I'm not sure how fnrancid handles it. I haven't tried the noenable option in .cloginrc yet. I will try that and get back to the list in the morning as I'm firewalled from my work laptop from home. I appreciate your responses. ;) -- efk On 9/18/06, Justin Sherrill wrote: > > This seems similar to a problem I had: > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001685.html > > > > Basically: is there any other # characters in your login banner? > > > > Failing that: have you tried a "noenable" command in your /.cloginrc? > > > > ----------------------------------------- > Justin C. Sherrill - CURRENT Communications > 220 Kenneth Drive > Rochester, New York 14623 > P: 585.486.0549 F: 585.486.0030 > ------------------------------ > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Eric Humphries > *Sent:* Sunday, September 17, 2006 4:49 PM > *To:* Rancid-discuss at shrubbery.net > *Subject:* [rancid] fnrancid and Fortinet equipment > > > > Hey guys, > > I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into > some fortinet equipment (more specifically a Fortigate 60M) using the > fnrancid module. > > I'm able to manually use clogin to log into the firewall and it brings me > to the prompt but immediately after the session freezes and I'm unable to > type/run commands. Using rancid-run fails to run the commands as well so it > appears to be something with how the script expects the login prompt to > appear, possibly. The hostname I have on the device is "testdevice $" when I > log in as a user and "testdevice #" when I log in with admin. There is not > enable password required. > > I'm quite new to rancid (a few days) and I've searched around for help > regarding this specific issue but I've yet to find anything that matches my > problem well. I can provide information as necessary, just tell me what you > need to see. > > Is there something I'm doing wrong that would cause the shell to hang? > I've tried running rancid with tcsh, and sh - both with the same result. > > Thanks in advance for your suggestions. > -- > efk > > ***CONFIDENTIALITY NOTICE*** > The information in this email may be confidential and/or privileged. This > email is intended to be reviewed by only the individual or organization > named above. If you are not the intended recipient or an authorized > representative of the intended recipient, you are hereby notified that any > review, dissemination or copying of this email and its attachments, if any, > or the information contained herein is prohibited. If you have received this > email in error, please immediately notify the sender by return email and > delete this message from your system. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060918/e64e879c/attachment.html From heas at shrubbery.net Mon Sep 18 19:28:31 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 18 Sep 2006 12:28:31 -0700 Subject: [rancid] Re: problems with diffs! In-Reply-To: <20060918192124.B1E5A11CE2F@ni.shrubbery.net> References: <20060918192124.B1E5A11CE2F@ni.shrubbery.net> <450BBBA6.000004.00544@COMPAQ-NOTEBOOK> <20060917041544.GC12485@shrubbery.net> Message-ID: <20060918192831.GG4430@shrubbery.net> Sun, Sep 17, 2006 at 10:58:56PM +0300, Abdelrahman: > Dear john, > > I am using this version?! My mistake, the change I expect to fix your problem is not in 2.3.2a5. See the patch below. > regards, > Abdekrahman > > On 9/17/06, john heasley wrote: > > > >Please try 2.3.2a5. > > > >Sat, Sep 16, 2006 at 11:53:58AM +0300, Abdelrahman: > >> - !VLAN: ^ > > > >> + !VLAN: ^ > > > >> ! > > > >> Config-register 0xF > > > >> Version 12.2 > > > >> No service pad > > > >> > > > >> I understand that rancid assumed that there is a difference in the line > >> because the number of spaces has changed? But this didn't indicate a > >> difference in the configuration? > > > >> > > > >> It also happens with "show vlan". I always receive a mail indicating > >that > >> there is a difference in the configuration where in fact I find that it > >is > >> just that the lines has changed somehow? > > > >> > > > >> Is there a way I could fix this issue? > > > > Index: rancid.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v retrieving revision 1.214 retrieving revision 1.215 diff -d -u -r1.214 -r1.215 --- rancid.in 17 Aug 2006 01:08:26 -0000 1.214 +++ rancid.in 18 Aug 2006 22:54:08 -0000 1.215 @@ -1,6 +1,6 @@ #! @PERLV_PATH@ ## -## $Id: rancid.in,v 1.214 2006/08/17 01:08:26 heas Exp $ +## $Id: rancid.in,v 1.215 2006/08/18 22:54:08 heas Exp $ ## ## Copyright (C) 1997-2006 by Terrapin Communications, Inc. ## All rights reserved. @@ -1369,6 +1369,7 @@ tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if /Ambiguous command/i; From heas at shrubbery.net Mon Sep 18 19:59:18 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 18 Sep 2006 12:59:18 -0700 Subject: [rancid] Re: fnrancid and Fortinet equipment In-Reply-To: <9b09889b0609171349j27f1aaacm47efd1a132d42e70@mail.gmail.com> References: <9b09889b0609171349j27f1aaacm47efd1a132d42e70@mail.gmail.com> Message-ID: <20060918195918.GJ4430@shrubbery.net> Sun, Sep 17, 2006 at 03:49:17PM -0500, Eric Humphries: > Hey guys, > > I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into > some fortinet equipment (more specifically a Fortigate 60M) using the > fnrancid module. > > I'm able to manually use clogin to log into the firewall and it brings me to > the prompt but immediately after the session freezes and I'm unable to > type/run commands. Using rancid-run fails to run the commands as well so it > appears to be something with how the script expects the login prompt to > appear, possibly. The hostname I have on the device is "testdevice $" when I > log in as a user and "testdevice #" when I log in with admin. There is not > enable password required. I'm not familiar with the fortinet (or the netscreen), but there seems to have been a change in the UI. 1) nlogin expects the prompt to end with "-> " 2) nlogin does not know about an "enable" mode. So, this is not going to work. nlogin will need to be changed. Or, try clogin to see if it works: clogin -c 'some command; some other command' > I'm quite new to rancid (a few days) and I've searched around for help > regarding this specific issue but I've yet to find anything that matches my > problem well. I can provide information as necessary, just tell me what you > need to see. > > Is there something I'm doing wrong that would cause the shell to hang? I've > tried running rancid with tcsh, and sh - both with the same result. It should not hang forever. If it is expecting output and not receiving it, the timeout should trip and the login script should close the connection. If it is hanging forever, then I suspect you're using solaris/linux and you need to apply the expect patch from the rancid web page. From ehumphri at gmail.com Mon Sep 18 20:19:34 2006 From: ehumphri at gmail.com (Eric Humphries) Date: Mon, 18 Sep 2006 15:19:34 -0500 Subject: [rancid] Re: fnrancid and Fortinet equipment In-Reply-To: <20060918195918.GJ4430@shrubbery.net> References: <9b09889b0609171349j27f1aaacm47efd1a132d42e70@mail.gmail.com> <20060918195918.GJ4430@shrubbery.net> Message-ID: <9b09889b0609181319q73642caevb2ffd64f8ad54a8f@mail.gmail.com> On 9/18/06, john heasley wrote: > > Sun, Sep 17, 2006 at 03:49:17PM -0500, Eric Humphries: > > Hey guys, > > > > I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into > > some fortinet equipment (more specifically a Fortigate 60M) using the > > fnrancid module. > > > > I'm able to manually use clogin to log into the firewall and it brings > me to > > the prompt but immediately after the session freezes and I'm unable to > > type/run commands. Using rancid-run fails to run the commands as well so > it > > appears to be something with how the script expects the login prompt to > > appear, possibly. The hostname I have on the device is "testdevice $" > when I > > log in as a user and "testdevice #" when I log in with admin. There is > not > > enable password required. > > I'm not familiar with the fortinet (or the netscreen), but there seems to > have > been a change in the UI. > 1) nlogin expects the prompt to end with "-> " > 2) nlogin does not know about an "enable" mode. 1) Well I've yet to see any fortinet equipment have a prompt that ends in ->, default or otherwise. 2) Well, I guess the noenable business isn't going to do the trick then. So, this is not going to work. nlogin will need to be changed. Or, try > clogin to see if it works: clogin -c 'some command; some other command' > > > I'm quite new to rancid (a few days) and I've searched around for help > > regarding this specific issue but I've yet to find anything that matches > my > > problem well. I can provide information as necessary, just tell me what > you > > need to see. > > > > Is there something I'm doing wrong that would cause the shell to hang? > I've > > tried running rancid with tcsh, and sh - both with the same result. > > It should not hang forever. If it is expecting output and not receiving > it, > the timeout should trip and the login script should close the connection. > If it is hanging forever, then I suspect you're using solaris/linux and > you > need to apply the expect patch from the rancid web page. > It does trip the TIMEOUT. So I guess my main question is is the fnrancid module setup to expect a prompt that ends in "-> "? I haven't had time to dig into fnrancid or nlogin to lear the innerworkings as I've only been messing with it in my freetime. Eventually, I would like to deploy this for close to 1,000 firewalls or so. I guess my next step is to dig into fnrancid and try to figure out what its doing. I know the modules are fancy front-ends for expect that are used to describe device behavior but thats as far as I've gone. -- efk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060918/ff3a55cf/attachment.html From sbarnard at govolution.com Tue Sep 19 14:27:45 2006 From: sbarnard at govolution.com (Sam Barnard) Date: Tue, 19 Sep 2006 10:27:45 -0400 Subject: [rancid] trying to make sense of a log Message-ID: <07664A0F5A117444952626897EDA77235E7025@hardrock.govolution.com> Does this mean that my rancid user does not have the correct permissions? Can someone sugguest good permissions for the rancid user? This is on a Cisco 2948G running IOS 12.0. I assume it goes in and runs all of these commands, but for some reason cannot run them. Getting missed routers: round 4. clogin error: Error: TIMEOUT reached : missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,dir /all slavedisk1:,show env all,show module,show controllers,show diagbus,dir /all slavedisk0:,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show redundancy secondary,show running-config,show c7200,dir /all slot1: : End of run not found Sam Barnard Systems Administrator/Engineer Govolution LLC (703) 894-5000 x 5703 sbarnard at govolution.com This electronic mail message and any attachments contain information intended for the exclusive use of the party to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060919/459c128b/attachment.html From kevinw at telnetww.com Tue Sep 19 17:15:56 2006 From: kevinw at telnetww.com (Kevin Warwashana) Date: Tue, 19 Sep 2006 13:15:56 -0400 Subject: [rancid] Minor diff changes Message-ID: <001c01c6dc0f$45ccd5f0$0b00a8c0@kwlaptopnew> Can anyone help me figure out why I get the following diff when using Rancid on a Cisco AS5400? Rancid runs every hour, but get the below at least a couple times a day. ! ! ! ! - ! !Modem: IOS-Bundled Default Firmware-Filename Version Firmware-Type !Modem: ===================================== ============ ============= !Modem: system:/ucode/spe_firmware-1 0.10.3.1 SPE firmware !Modem: On-Flash Firmware-Filename Version Firmware-Type ! ! ! ! + ! !Modem: IOS-Bundled Default Firmware-Filename Version Firmware-Type !Modem: ===================================== ============ ============= !Modem: system:/ucode/spe_firmware-1 0.10.3.1 SPE firmware !Modem: On-Flash Firmware-Filename Version Firmware-Type I am running V2.3.1 and I believe the extra lines issue was fixed awhile back since my other devices no longer do the same. Thanks, Kevin From heas at shrubbery.net Tue Sep 19 17:20:17 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Sep 2006 17:20:17 +0000 Subject: [rancid] Re: trying to make sense of a log In-Reply-To: <07664A0F5A117444952626897EDA77235E7025@hardrock.govolution.com> References: <07664A0F5A117444952626897EDA77235E7025@hardrock.govolution.com> Message-ID: <20060919172017.GE7654@shrubbery.net> Tue, Sep 19, 2006 at 10:27:45AM -0400, Sam Barnard: > Does this mean that my rancid user does not have the correct > permissions? Can someone sugguest good permissions for the rancid user? > > > > This is on a Cisco 2948G running IOS 12.0. I assume it goes in and runs > all of these commands, but for some reason cannot run them. > > > > Getting missed routers: round 4. > > clogin error: Error: TIMEOUT reached > > : missed cmd(s): dir /all slavedisk2:,show rsp > chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr > chassis,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show > spe version,dir /all slaveslot2:,dir /all disk0:,show install > active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all > harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all > slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show > variables boot,show boot,dir /all slavedisk1:,show env all,show > module,show controllers,show diagbus,dir /all slavedisk0:,show idprom > backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all > sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all > slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show > vlan,dir /all slavebootflash:,show controllers cbus,dir /all > slaveslot1:,dir /all nvram:,show version,show redundancy secondary,show > running-config,show c7200,dir /all slot1: > > : End of run not found > clogin apparently hung (waiting for data) while collecting rancid's command output. Try it manually; take the commands from the bottom part of the rancid script and run clogin: clogin -c 'cmd1;cmd2;...' hostname From heas at shrubbery.net Tue Sep 19 17:27:38 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Sep 2006 17:27:38 +0000 Subject: [rancid] Re: Minor diff changes In-Reply-To: <001c01c6dc0f$45ccd5f0$0b00a8c0@kwlaptopnew> References: <001c01c6dc0f$45ccd5f0$0b00a8c0@kwlaptopnew> Message-ID: <20060919172738.GF7654@shrubbery.net> It is most likely the device producing the extra line. Test it; $ NOPIPE=YES;export NOPIPE $ rancid -d host Now you should be able to run rancid -df host.raw repeatedly, keeping the host.new file each time for diffing against that of the next run. The diff should be empty. We'd need to identify where the extra line appears in the command output to eliminate it. Tue, Sep 19, 2006 at 01:15:56PM -0400, Kevin Warwashana: > Can anyone help me figure out why I get the following diff when using Rancid > on a Cisco AS5400? Rancid runs every hour, but get the below at least a > couple times a day. > > ! > ! > ! > ! > - ! > !Modem: IOS-Bundled Default Firmware-Filename Version > Firmware-Type > !Modem: ===================================== ============ > ============= > !Modem: system:/ucode/spe_firmware-1 0.10.3.1 SPE > firmware > !Modem: On-Flash Firmware-Filename Version > Firmware-Type > > ! > ! > ! > ! > + ! > !Modem: IOS-Bundled Default Firmware-Filename Version > Firmware-Type > !Modem: ===================================== ============ > ============= > !Modem: system:/ucode/spe_firmware-1 0.10.3.1 SPE > firmware > !Modem: On-Flash Firmware-Filename Version > Firmware-Type > > I am running V2.3.1 and I believe the extra lines issue was fixed awhile > back since my other devices no longer do the same. > > Thanks, > Kevin > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From sbarnard at govolution.com Tue Sep 19 20:25:44 2006 From: sbarnard at govolution.com (Sam Barnard) Date: Tue, 19 Sep 2006 16:25:44 -0400 Subject: [rancid] Two RANCID servers Message-ID: <07664A0F5A117444952626897EDA77235E7051@hardrock.govolution.com> Due to the way our environment is configured, we have two network device points of access. Has anyone ever set up two rancid servers using the same CVS repositories? Any tips, tricks? Is it as easy as changing $CVSROOT? Thanks in advance. Sam Barnard Systems Administrator/Engineer Govolution LLC (703) 894-5000 x 5703 sbarnard at govolution.com This electronic mail message and any attachments contain information intended for the exclusive use of the party to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060919/8388caed/attachment.html From heas at shrubbery.net Tue Sep 19 20:34:03 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Sep 2006 13:34:03 -0700 Subject: [rancid] Re: Two RANCID servers In-Reply-To: <07664A0F5A117444952626897EDA77235E7051@hardrock.govolution.com> References: <07664A0F5A117444952626897EDA77235E7051@hardrock.govolution.com> Message-ID: <20060919203403.GE25989@shrubbery.net> Tue, Sep 19, 2006 at 04:25:44PM -0400, Sam Barnard: > Due to the way our environment is configured, we have two network device > points of access. Has anyone ever set up two rancid servers using the > same CVS repositories? > > > > Any tips, tricks? Is it as easy as changing $CVSROOT? nearly. also see the cvs man pages, specifically CVS_RSH. I do not know how well CVS might work with a NFS repository, but would caution about locking. From heas at shrubbery.net Tue Sep 19 20:38:32 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Sep 2006 13:38:32 -0700 Subject: [rancid] Re: fnrancid and Fortinet equipment In-Reply-To: <9b09889b0609181319q73642caevb2ffd64f8ad54a8f@mail.gmail.com> References: <9b09889b0609171349j27f1aaacm47efd1a132d42e70@mail.gmail.com> <20060918195918.GJ4430@shrubbery.net> <9b09889b0609181319q73642caevb2ffd64f8ad54a8f@mail.gmail.com> Message-ID: <20060919203832.GF25989@shrubbery.net> Mon, Sep 18, 2006 at 03:19:34PM -0500, Eric Humphries: > On 9/18/06, john heasley wrote: > > > >Sun, Sep 17, 2006 at 03:49:17PM -0500, Eric Humphries: > >> Hey guys, > >> > >> I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into > >> some fortinet equipment (more specifically a Fortigate 60M) using the > >> fnrancid module. > >> > >> I'm able to manually use clogin to log into the firewall and it brings > >me to > >> the prompt but immediately after the session freezes and I'm unable to > >> type/run commands. Using rancid-run fails to run the commands as well so > >it > >> appears to be something with how the script expects the login prompt to > >> appear, possibly. The hostname I have on the device is "testdevice $" > >when I > >> log in as a user and "testdevice #" when I log in with admin. There is > >not > >> enable password required. > > > >I'm not familiar with the fortinet (or the netscreen), but there seems to > >have > >been a change in the UI. > >1) nlogin expects the prompt to end with "-> " > >2) nlogin does not know about an "enable" mode. > > > > 1) Well I've yet to see any fortinet equipment have a prompt that ends in > ->, default or otherwise. > 2) Well, I guess the noenable business isn't going to do the trick then. That may be; fnrancid was contributed. It could be that it never worked for fortinet, but more likely that it worked with some really old version, since I trust Dan Pfleger would not have advertised support that did not work. > So, this is not going to work. nlogin will need to be changed. Or, try > >clogin to see if it works: clogin -c 'some command; some other command' > > > >> I'm quite new to rancid (a few days) and I've searched around for help > >> regarding this specific issue but I've yet to find anything that matches > >my > >> problem well. I can provide information as necessary, just tell me what > >you > >> need to see. > >> > >> Is there something I'm doing wrong that would cause the shell to hang? > >I've > >> tried running rancid with tcsh, and sh - both with the same result. > > > >It should not hang forever. If it is expecting output and not receiving > >it, > >the timeout should trip and the login script should close the connection. > >If it is hanging forever, then I suspect you're using solaris/linux and > >you > >need to apply the expect patch from the rancid web page. > > > > > It does trip the TIMEOUT. > > So I guess my main question is is the fnrancid module setup to expect a > prompt that ends in "-> "? I haven't had time to dig into fnrancid or nlogin > to lear the innerworkings as I've only been messing with it in my freetime. > Eventually, I would like to deploy this for close to 1,000 firewalls or so. > > I guess my next step is to dig into fnrancid and try to figure out what its > doing. I know the modules are fancy front-ends for expect that are used to > describe device behavior but thats as far as I've gone. Since it seems to more closely resemble the cisco, than what the nlogin offers, I suggest trying clogin first. It may be sufficient for fnrancid. From Saliel.Figueira at tivit.com.br Tue Sep 19 21:01:28 2006 From: Saliel.Figueira at tivit.com.br (Saliel Figueira) Date: Tue, 19 Sep 2006 18:01:28 -0300 Subject: [rancid] Re: Two RANCID servers Message-ID: <2B7816381516CF4B852D245900B79BA620C06F@RCTR010.tivit.corp> Once upon a time I set up RANCID in diferente locations, each one with its own CVS rep. An rsync cron job kept the NOC tools machine cvsweb.cgi up-to-date. Perhaps not the best, but it was quick. Saliel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060919/45885aec/attachment.html From tex at off.org Tue Sep 19 21:07:36 2006 From: tex at off.org (Austin Schutz) Date: Tue, 19 Sep 2006 14:07:36 -0700 Subject: [rancid] Re: Two RANCID servers In-Reply-To: <07664A0F5A117444952626897EDA77235E7051@hardrock.govolution.com> References: <07664A0F5A117444952626897EDA77235E7051@hardrock.govolution.com> Message-ID: <20060919210736.GY5980@gblx.net> On Tue, Sep 19, 2006 at 04:25:44PM -0400, Sam Barnard wrote: > Due to the way our environment is configured, we have two network device > points of access. Has anyone ever set up two rancid servers using the > same CVS repositories? > > > > Any tips, tricks? Is it as easy as changing $CVSROOT? > Just about. You will also need to: set CVS_RSH=ssh in rancid.conf on the remote host set up automated login via ssh (2 seconds of googling provided http://www.uberdose.com/kbase/ssh-automatic-login/) for instructions. Be careful, as (obviously) you are poking a hole in the security of the cvs server. We have found this handy so the engineers doing auditing and whatnot with the configs have them all in one place. rsync works for this as well, and can be handy to keep the repository copied to a place engineers can access without giving them a login on the repository server. Austin From ahamino at gmail.com Wed Sep 20 23:13:32 2006 From: ahamino at gmail.com (Abdelrahman) Date: Thu, 21 Sep 2006 02:13:32 +0300 (Egypt Standard Time) Subject: [rancid] A couple of questions! Message-ID: <4511CB1B.000001.03936@COMPAQ-NOTEBOOK> Hello All, Anybody have idea what that means? I mean what have changed and if it is a change in the configuration what didn't appear in the same mail?! ----------------------------------------------------------------------------- -- Index: configs/192.168.0.1 =================================================================== Retrieving revision 1.3 Diff -u -4 -r1.3 192.168.0.1 @@ -23,11 +23,11 @@ !BootFlash: NVRAM/Config file !BootFlash: buffer size: 32768 ! !Flash: Directory of flash:/ + !Flash: 2 -rwx 150 Mar 01 1993 00:10:07 env_vars !Flash: 3 -rwx 1465 Mar 04 1993 18:14:28 config.txt !Flash: 4 drwx 320 Jan 01 1970 00:05:02 c1100-k9w7-mx 122-13.JA3 - !Flash: 150 -rwx 150 Mar 01 1993 00:10:07 env_vars !Flash: 151 -rwx 27 Mar 04 1993 18:14:28 private-config !Flash: 7741440 bytes total (4179456 bytes free) ! !Flash: nvram: Directory of nvram:/ ----------------------------------------------------------------------------- - The 2nd question, can I hide the following lines from mail sent from rancid ---------------------------------- Retrieving revision 1.3 Diff -u -4 -r1.3 192.168.0.1 @@ -23,11 +23,11 @@ ----------------------------------- Also, can I change the following line -------------------------------------------------- Index: configs/192.168.0.1 -------------------------------------------------- "Changes in the configuration of ROUTERSYSTEMNAME : 192.168.0.2" And finally what about sending mail with colours? I mean for the removed lines, a red colour and for the added a blue or a green one?! Sending HTML containing images, or links to link to my other network management tools, mrtg for example?! Regards, Abdelrahman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060921/8ceee411/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 29343 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060921/8ceee411/attachment.gif From shlomo at dubrowin.org Thu Sep 21 05:59:50 2006 From: shlomo at dubrowin.org (Shlomo Dubrowin) Date: Thu, 21 Sep 2006 08:59:50 +0300 Subject: [rancid] problem with Cat OS Devices Message-ID: I seem to be having a problem with some Cat OS devices being backed up in rancid. While going through the troubleshooting steps in the FAQ, I noticed that my router.raw file seems to have the command output requested, but the router.new only has the rancid header, and that header states rancid thinks the device is a cisco device (not cisco-cat). However, I verified that the router.db file for this device specifically states it as cat5. Any ideas on how I can fix this problem? Shlomo -- ----------------------------------------------------------------------- ,-~~-.___. ._. / | ' \ | |"""""""""| Shlomo Dubrowin ( ) 0 | | | (Sheldon) \_/-, ,----' | | | ==== !_!--v---v--" / \-'~; |""""""""| shlomo at dubrowin.org / __/~| ._-""|| | http://www.dubrowin.org =( _____|_|____||________| ----------------------------------------------------------------------- From mstefani at redhat.com Thu Sep 21 08:29:51 2006 From: mstefani at redhat.com (Michael Stefaniuc) Date: Thu, 21 Sep 2006 10:29:51 +0200 Subject: [rancid] Re: problem with Cat OS Devices In-Reply-To: References: Message-ID: <45124D7F.5020109@redhat.com> Shlomo Dubrowin wrote: > I seem to be having a problem with some Cat OS devices being backed up > in rancid. While going through the troubleshooting steps in the FAQ, > I noticed that my router.raw file seems to have the command output > requested, but the router.new only has the rancid header, and that > header states rancid thinks the device is a cisco device (not > cisco-cat). However, I verified that the router.db file for this > device specifically states it as cat5. Any ideas on how I can fix > this problem? Yeah, i run into that problem too. The rancid command dosn't parse the router.db file and it works only on "cisco" type devices. You need to run cat5rancid on the command line to get the config of a CatOS device. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From shlomo at dubrowin.org Thu Sep 21 10:21:27 2006 From: shlomo at dubrowin.org (Shlomo Dubrowin) Date: Thu, 21 Sep 2006 13:21:27 +0300 Subject: [rancid] Re: problem with Cat OS Devices In-Reply-To: <45124D7F.5020109@redhat.com> References: <45124D7F.5020109@redhat.com> Message-ID: Michael, Thank you for that tip, I realized that some of my CatOS devices need their prompts "fixed." However, after several hours of tinkering and searching, it appears that several of my CatOS devices are being backed up. Meaning, I have files for them in ~/rancid/var/GROUP/configs/router but I don't see the configs in CVS. Any idea why cvs isn't being updated with the config files? and more importantly, how to fix it? Thank you Shlomo On 9/21/06, Michael Stefaniuc wrote: > Shlomo Dubrowin wrote: > > I seem to be having a problem with some Cat OS devices being backed up > > in rancid. While going through the troubleshooting steps in the FAQ, > > I noticed that my router.raw file seems to have the command output > > requested, but the router.new only has the rancid header, and that > > header states rancid thinks the device is a cisco device (not > > cisco-cat). However, I verified that the router.db file for this > > device specifically states it as cat5. Any ideas on how I can fix > > this problem? > Yeah, i run into that problem too. The rancid command dosn't parse the > router.db file and it works only on "cisco" type devices. You need to > run cat5rancid on the command line to get the config of a CatOS device. > > bye > michael > -- > Michael Stefaniuc Tel.: +49-711-96437-199 > Sr. Network Engineer Fax.: +49-711-96437-111 > Red Hat GmbH Email: mstefani at redhat.com > Hauptstaetterstr. 58 http://www.redhat.de/ > D-70178 Stuttgart > -- ----------------------------------------------------------------------- ,-~~-.___. ._. / | ' \ | |"""""""""| Shlomo Dubrowin ( ) 0 | | | (Sheldon) \_/-, ,----' | | | ==== !_!--v---v--" / \-'~; |""""""""| shlomo at dubrowin.org / __/~| ._-""|| | http://www.dubrowin.org =( _____|_|____||________| ----------------------------------------------------------------------- From mstefani at redhat.com Thu Sep 21 13:06:50 2006 From: mstefani at redhat.com (Michael Stefaniuc) Date: Thu, 21 Sep 2006 15:06:50 +0200 Subject: [rancid] 2.3.2.a5: Make ACL sorting configurable Message-ID: <45128E6A.1000500@redhat.com> Hello, the attached patch makes the ACL sorting configurable. Default is to still sort the ACLs but this rancid "feature" can now be disabled easily. The patch implements this only for "cisco" type devices as this is what i cared most for now. Copyright and license is whatever it is needed to make this patch go in into the main rancid package. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rancid-aclsort.diff Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060921/e168d2b2/attachment.ksh From teun at moonblade.net Sun Sep 24 13:10:11 2006 From: teun at moonblade.net (Teun Vink) Date: Sun, 24 Sep 2006 15:10:11 +0200 Subject: [rancid] F5 BigIP support Message-ID: <1159103412.7585.53.camel@localhost.localdomain> Hello, I'm new to rancid and I'm trying to create backups for my entire network setup. Rancid is working just fine for this, thank you for creating this tool. The only thing I've been missing so far, is F5 BigIP support. I've searched the mailinglist archives and the only thing I found was a request for access to a live box. Has any progress been made since then? I can't provide actual access to an F5 box due to firewalling and security policies, but I can test and debug scripts myself on one of our boxes if that's any help. Regards, Teun From jashton at progresstelecom.com Mon Sep 25 14:42:32 2006 From: jashton at progresstelecom.com (Ashton, James P.) Date: Mon, 25 Sep 2006 10:42:32 -0400 Subject: [rancid] flogin issue Message-ID: Flogin -t 90 -c"write term" xx.xx.xx.xx This command seams to be working. It will go through about 50 lines of the devices config, and then stops here: Interface Ethernet 4/2 port-name spbgflse1c2-fa0/0 ! After the "!" the command stops running. I can execute this by hand on the switch with no problems. Anyone run into this before? James Ashton Level(3) Communications 727-471-5374 Office 727-254-2009 Cell From heas at shrubbery.net Mon Sep 25 17:38:11 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 10:38:11 -0700 Subject: [rancid] Re: flogin issue In-Reply-To: References: Message-ID: <20060925173811.GE6224@shrubbery.net> My guess would be Linux/Solaris without the expect patch from the rancid web site. Mon, Sep 25, 2006 at 10:42:32AM -0400, Ashton, James P.: > Flogin -t 90 -c"write term" xx.xx.xx.xx > > This command seams to be working. It will go through about 50 lines of > the devices config, and then stops here: > > Interface Ethernet 4/2 > port-name spbgflse1c2-fa0/0 > ! > > After the "!" the command stops running. I can execute this by hand on > the switch with no problems. > > Anyone run into this before? > > James Ashton > Level(3) Communications > 727-471-5374 Office > 727-254-2009 Cell > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Sep 25 18:26:47 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 11:26:47 -0700 Subject: [rancid] Adding version tags into CVS/config files Message-ID: <20060925182647.GA99566@viol8tr.com> Hey all, I have seen the question "What version of (rancid/clogin/etc) am I running?" come up a few different times. I know that each script has its own version etc. It would be nice to have something like what is below add at the top of each config. This would make it extremely clear what was used to collect the configs and what versions are being used. !RANCID-CONTENT-TYPE: cisco-cat !RANCID-SCRIPT-TYPE: [rancid-fe (v 1.37)] !RANCID-SCRIPT-TYPE: [rancid-run (v 1.32)] !RANCID-SCRIPT-TYPE: [par (v 1.11)] !RANCID-SCRIPT-TYPE: [clogin (v 1.94)] !RANCID-SCRIPT-TYPE: [cat5rancid (v 1.45)] ! !Chassis type: WS-C6509 - a WS-C6509 switch ! !Memory: dram 262144K !Memory: nvram 512K !Memory: flash 32768K ... ... ... What does everyone thing about this? -- -Lance From bwindle at fint.org Mon Sep 25 21:00:28 2006 From: bwindle at fint.org (Burton Windle) Date: Mon, 25 Sep 2006 17:00:28 -0400 (EDT) Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: <20060925182647.GA99566@viol8tr.com> References: <20060925182647.GA99566@viol8tr.com> Message-ID: On Mon, 25 Sep 2006, Lance Vermilion wrote: > Hey all, > > I have seen the question "What version of (rancid/clogin/etc) am I > running?" come up a few different times. I know that each script has its > own version etc. It would be nice to have something like what is below > add at the top of each config. This would make it extremely clear what > was used to collect the configs and what versions are being used. > Speaking from experience as one of those people who has recently asked that same question... I checked the rancid script for a -v, -V, or --version argument first, then went searching the text of the script for a (non-CVS) version. I never thought of checking the CVS repo for the RANCID version; having an argument to the program (or in this case, the script) and have it spit out the version would be, IMHO, very handy (and more in-line with other Unixy apps, so more likey to be stumbled upon by the typical admin). Having to dig in the CVS repo is, I would think, unlikey to get found without some handholding, be it FAQ or list. -- Burton Windle bwindle at fint.org From rancid at gheek.net Mon Sep 25 21:04:07 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 14:04:07 -0700 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: References: <20060925182647.GA99566@viol8tr.com> Message-ID: <20060925210407.GA6692@viol8tr.com> Burton, I decided instead waiting to see if people wanted it I will create the few lines of code to insert exactly what I suggested into the files. I am writing them now. There will be an option to enable it if you want. The code won't be the most elegant but hopefully it will get the job done for many people. -- -Lance On Mon, Sep 25, 2006 at 05:00:28PM -0400, Burton Windle wrote: > > > On Mon, 25 Sep 2006, Lance Vermilion wrote: > > > Hey all, > > > > I have seen the question "What version of (rancid/clogin/etc) am I > > running?" come up a few different times. I know that each script has its > > own version etc. It would be nice to have something like what is below > > add at the top of each config. This would make it extremely clear what > > was used to collect the configs and what versions are being used. > > > > Speaking from experience as one of those people who has recently asked > that same question... > > I checked the rancid script for a -v, -V, or --version argument first, > then went searching the text of the script for a (non-CVS) version. I > never thought of checking the CVS repo for the RANCID version; having an > argument to the program (or in this case, the script) and have it spit out > the version would be, IMHO, very handy (and more in-line with other Unixy > apps, so more likey to be stumbled upon by the typical admin). > > Having to dig in the CVS repo is, I would think, unlikey to get found > without some handholding, be it FAQ or list. > > > -- > Burton Windle bwindle at fint.org > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Mon Sep 25 21:27:13 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 14:27:13 -0700 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: References: <20060925182647.GA99566@viol8tr.com> Message-ID: <20060925212713.GA28916@shrubbery.net> To me, the more interesting bit is just the release, not the CVS revision. That is simple as replacing @VERSION at . Also, hpuifilter -v will report the version. Mon, Sep 25, 2006 at 05:00:28PM -0400, Burton Windle: > > > On Mon, 25 Sep 2006, Lance Vermilion wrote: > > > Hey all, > > > > I have seen the question "What version of (rancid/clogin/etc) am I > > running?" come up a few different times. I know that each script has its > > own version etc. It would be nice to have something like what is below > > add at the top of each config. This would make it extremely clear what > > was used to collect the configs and what versions are being used. > > > > Speaking from experience as one of those people who has recently asked > that same question... > > I checked the rancid script for a -v, -V, or --version argument first, > then went searching the text of the script for a (non-CVS) version. I > never thought of checking the CVS repo for the RANCID version; having an > argument to the program (or in this case, the script) and have it spit out > the version would be, IMHO, very handy (and more in-line with other Unixy > apps, so more likey to be stumbled upon by the typical admin). > > Having to dig in the CVS repo is, I would think, unlikey to get found > without some handholding, be it FAQ or list. > > > -- > Burton Windle bwindle at fint.org > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Sep 25 21:39:00 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 14:39:00 -0700 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: <20060925212713.GA28916@shrubbery.net> References: <20060925182647.GA99566@viol8tr.com> <20060925212713.GA28916@shrubbery.net> Message-ID: <20060925213900.GA8007@viol8tr.com> John, Are you saying that @VERSION@ will return the version of rancid? I am interested in knowing what the other core script versions are as well. Where is the @VERSION@ variable stored? Are the values in VERSION $Id: scriptname,v version? -- -Lance On Mon, Sep 25, 2006 at 02:27:13PM -0700, john heasley wrote: > To me, the more interesting bit is just the release, not the CVS revision. > That is simple as replacing @VERSION at . Also, hpuifilter -v will report > the version. > > Mon, Sep 25, 2006 at 05:00:28PM -0400, Burton Windle: > > > > > > On Mon, 25 Sep 2006, Lance Vermilion wrote: > > > > > Hey all, > > > > > > I have seen the question "What version of (rancid/clogin/etc) am I > > > running?" come up a few different times. I know that each script has its > > > own version etc. It would be nice to have something like what is below > > > add at the top of each config. This would make it extremely clear what > > > was used to collect the configs and what versions are being used. > > > > > > > Speaking from experience as one of those people who has recently asked > > that same question... > > > > I checked the rancid script for a -v, -V, or --version argument first, > > then went searching the text of the script for a (non-CVS) version. I > > never thought of checking the CVS repo for the RANCID version; having an > > argument to the program (or in this case, the script) and have it spit out > > the version would be, IMHO, very handy (and more in-line with other Unixy > > apps, so more likey to be stumbled upon by the typical admin). > > > > Having to dig in the CVS repo is, I would think, unlikey to get found > > without some handholding, be it FAQ or list. > > > > > > -- > > Burton Windle bwindle at fint.org > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Sep 25 23:41:00 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 16:41:00 -0700 Subject: [rancid] Why doesn't rancid use perl modules? Message-ID: <20060925234100.GA12838@viol8tr.com> Hey All, I was just looking at some things and doing some changes. I noticed there are no perl modules used for things that are used in all the perl scripts. Is there a reason for this? If there is no reason for this I would like to propose moving to perl modules so that the code used in each perl script is less and changes can be made to one module and it would apply to all scripts that reference that module. -- -Lance From heas at shrubbery.net Tue Sep 26 00:31:09 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 17:31:09 -0700 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: <20060925213900.GA8007@viol8tr.com> References: <20060925182647.GA99566@viol8tr.com> <20060925212713.GA28916@shrubbery.net> <20060925213900.GA8007@viol8tr.com> Message-ID: <20060926003109.GM28916@shrubbery.net> Mon, Sep 25, 2006 at 02:39:00PM -0700, Lance Vermilion: > John, > > Are you saying that @VERSION@ will return the version of rancid? It should be replaced by autoconf with the release version, coming from include/version.h.in. > I am interested in knowing what the other core script versions are as well. > Where is the @VERSION@ variable stored? > Are the values in VERSION $Id: scriptname,v version? > > -- > > -Lance > > > On Mon, Sep 25, 2006 at 02:27:13PM -0700, john heasley wrote: > > To me, the more interesting bit is just the release, not the CVS revision. > > That is simple as replacing @VERSION at . Also, hpuifilter -v will report > > the version. > > > > Mon, Sep 25, 2006 at 05:00:28PM -0400, Burton Windle: > > > > > > > > > On Mon, 25 Sep 2006, Lance Vermilion wrote: > > > > > > > Hey all, > > > > > > > > I have seen the question "What version of (rancid/clogin/etc) am I > > > > running?" come up a few different times. I know that each script has its > > > > own version etc. It would be nice to have something like what is below > > > > add at the top of each config. This would make it extremely clear what > > > > was used to collect the configs and what versions are being used. > > > > > > > > > > Speaking from experience as one of those people who has recently asked > > > that same question... > > > > > > I checked the rancid script for a -v, -V, or --version argument first, > > > then went searching the text of the script for a (non-CVS) version. I > > > never thought of checking the CVS repo for the RANCID version; having an > > > argument to the program (or in this case, the script) and have it spit out > > > the version would be, IMHO, very handy (and more in-line with other Unixy > > > apps, so more likey to be stumbled upon by the typical admin). > > > > > > Having to dig in the CVS repo is, I would think, unlikey to get found > > > without some handholding, be it FAQ or list. > > > > > > > > > -- > > > Burton Windle bwindle at fint.org > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From heas at shrubbery.net Tue Sep 26 00:39:41 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 17:39:41 -0700 Subject: [rancid] Re: Why doesn't rancid use perl modules? In-Reply-To: <20060925234100.GA12838@viol8tr.com> References: <20060925234100.GA12838@viol8tr.com> Message-ID: <20060926003941.GN28916@shrubbery.net> Why bother? There are just a few functions that are ubiquitous and they've not changed in a long time. Seems easier to be self-contained lest be pestered by those of certain a religion as to where the module file should be installed. If editing multiple files is the argument, the scripts may as well be built by autoconf into a self-contained file from many. Tex has done the latter on branch, yet to be merged. Mon, Sep 25, 2006 at 04:41:00PM -0700, Lance Vermilion: > Hey All, > > I was just looking at some things and doing some changes. I noticed there are no perl modules used for things that are used in all the perl scripts. Is there a reason for this? If there is no reason for this I would like to propose moving to perl modules so that the code used in each perl script is less and changes can be made to one module and it would apply to all scripts that reference that module. > > -- > > -Lance > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From eravin at panix.com Tue Sep 26 00:45:36 2006 From: eravin at panix.com (Ed Ravin) Date: Mon, 25 Sep 2006 20:45:36 -0400 Subject: [rancid] Re: Why doesn't rancid use perl modules? In-Reply-To: <20060925234100.GA12838@viol8tr.com> References: <20060925234100.GA12838@viol8tr.com> Message-ID: <20060926004536.GA21083@panix.com> On Mon, Sep 25, 2006 at 04:41:00PM -0700, Lance Vermilion wrote: > Hey All, > > I was just looking at some things and doing some changes. I > noticed there are no perl modules used for things that are used in > all the perl scripts. Is there a reason for this? If there is no > reason for this I would like to propose moving to perl modules so > that the code used in each perl script is less and changes can be > made to one module and it would apply to all scripts that reference > that module. Do you have the time to help do the work? I think the biggest problem with RANCID development at the moment is not the lack of ideas, but the lack of developers. I'd also like to work on modularizing clogin - ideally, we would end up with one rancid script, one clogin script, and a bunch of configuration files that defined the differences for 90% of the devices and a few extra code modules for the other 10%. The new clogin and rancid would be totally driven by a config file - a few parameters like prompts, timeouts, autoenable, etc., and pointers to code modules for weird devices that need custom hacking. Then we'd have to test it all and make sure it still works :-). I think the hardest part is coming up with a good "skeleton" that would become the new framework for all the scripts. Ideally, the framework would be optimized for easy customization, and it would be straightforward to convert existing perl and expect scripts into the new framework. Currently, the only part of RANCID that is "easy" to customize is cloginrc. I'm not fond of the format, but it works. I've already written a Perl module that parses cloginrc (by calling expect on it), so a cloginrc-formatted could be used to customize both Perl and Expect scripts. My first instinct is to reach for something broader and start from scratch, but that risks hitting the second-system effect - it's much more important to modularize RANCID, the config file can always be improved later. -- Ed From rancid at gheek.net Tue Sep 26 00:54:35 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 17:54:35 -0700 Subject: [rancid] Re: Why doesn't rancid use perl modules? In-Reply-To: <20060926004536.GA21083@panix.com> References: <20060925234100.GA12838@viol8tr.com> <20060926004536.GA21083@panix.com> Message-ID: <20060926005435.GA16401@viol8tr.com> Ed, I would be willing to help with what I can. I am not by any means an advanced or for that matter probably even considered intermediate programmer. I pretty much hack my way through things to get them to work how I want them. Simple things for regular perl coders may take them 10 mins, takes me like 3-4 hours. As an example. I wanted a slightly different result that is considered part of the RANCID-CONTENT-TYPE, so I wrote it today and a script to convert the files over. What I here took about 4 hours to get it to work and make sure it worked on all my Cisco equipment. :( Have not done any coding with Expect.pm but I did hear it was limited. I am not sure how much truth there is to that. But if the project is willing to move in that direction I will provide what ever coding I can provide. -- -Lance On Mon, Sep 25, 2006 at 08:45:36PM -0400, Ed Ravin wrote: > On Mon, Sep 25, 2006 at 04:41:00PM -0700, Lance Vermilion wrote: > > Hey All, > > > > I was just looking at some things and doing some changes. I > > noticed there are no perl modules used for things that are used in > > all the perl scripts. Is there a reason for this? If there is no > > reason for this I would like to propose moving to perl modules so > > that the code used in each perl script is less and changes can be > > made to one module and it would apply to all scripts that reference > > that module. > > Do you have the time to help do the work? I think the biggest problem > with RANCID development at the moment is not the lack of ideas, but the > lack of developers. > > I'd also like to work on modularizing clogin - ideally, we would end > up with one rancid script, one clogin script, and a bunch of configuration > files that defined the differences for 90% of the devices and a few > extra code modules for the other 10%. The new clogin and rancid would > be totally driven by a config file - a few parameters like prompts, > timeouts, autoenable, etc., and pointers to code modules for weird > devices that need custom hacking. > > Then we'd have to test it all and make sure it still works :-). > > I think the hardest part is coming up with a good "skeleton" that > would become the new framework for all the scripts. Ideally, the > framework would be optimized for easy customization, and it would > be straightforward to convert existing perl and expect scripts > into the new framework. > > Currently, the only part of RANCID that is "easy" to customize is > cloginrc. I'm not fond of the format, but it works. I've already > written a Perl module that parses cloginrc (by calling expect on it), > so a cloginrc-formatted could be used to customize both Perl and > Expect scripts. My first instinct is to reach for something broader > and start from scratch, but that risks hitting the second-system > effect - it's much more important to modularize RANCID, the config > file can always be improved later. > > -- Ed From heas at shrubbery.net Tue Sep 26 04:55:08 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 21:55:08 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <45128E6A.1000500@redhat.com> References: <45128E6A.1000500@redhat.com> Message-ID: <20060926045508.GT28916@shrubbery.net> Thu, Sep 21, 2006 at 03:06:50PM +0200, Michael Stefaniuc: > Hello, > > the attached patch makes the ACL sorting configurable. Default is to > still sort the ACLs but this rancid "feature" can now be disabled > easily. The patch implements this only for "cisco" type devices as this > is what i cared most for now. > > Copyright and license is whatever it is needed to make this patch go in > into the main rancid package. I do not see what is wrong with the sorting? David LaPorte pointed out that if the order of statements on the router changed, he would not receive the diffs, but the order should not matter and the end result be same. The sorting should only affect lines with the same name (ACL name or number) and action (permit/deny/remark). So, is this just distaste or am I being dense and missing the problem? An example of the problem, please. > --- ./bin/rancid.in.aclsort 2006-08-12 04:34:22.000000000 +0200 > +++ ./bin/rancid.in 2006-09-13 20:40:36.000000000 +0200 > @@ -35,6 +35,7 @@ > $found_env = 0; > $found_diag = 0; > $timeo = 90; # clogin timeout in seconds > +$aclsort = "ipsort"; > > my(@commandtable, %commands, @commands);# command lists > my(%filter_pwds); # password filtering mode > @@ -1593,14 +1594,14 @@ > s/\$(Revision|Id):/ $1:/; > # order access-lists > /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && > - ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; > + ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; > # order extended access-lists > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && > - ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; > + ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && > - ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; > + ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && > - ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; > + ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; > # order arp lists > /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && > ProcessHistory("ARP","ipsort","$1","$_") && next; > @@ -1819,6 +1820,11 @@ > $filter_pwds = 1; > } > > +# check ACL sorting mode > +if (defined($ENV{"ACLSORT"}) && $ENV{"ACLSORT"} =~ /no/i) { > + $aclsort = ""; > +} > + > ProcessHistory("","","","!RANCID-CONTENT-TYPE: cisco\n!\n"); > ProcessHistory("COMMENTS","keysort","B0","!\n"); > ProcessHistory("COMMENTS","keysort","D0","!\n"); > --- ./etc/rancid.conf.sample.in.aclsort 2005-08-15 02:42:50.000000000 +0200 > +++ ./etc/rancid.conf.sample.in 2006-09-13 20:47:08.000000000 +0200 > @@ -41,6 +41,9 @@ > # if NOCOMMSTR is set, snmp community strings will be stripped from the configs > #NOCOMMSTR=YES; export NOCOMMSTR > # > +# Set ACLSORT to NO to disable the sorting of the ACLs. > +#ACLSORT=YES > +# > # How many times failed collections are retried (for each run) before > # giving up. Minimum: 1 > #MAX_ROUNDS=4; export MAX_ROUNDS > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Tue Sep 26 05:20:29 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 22:20:29 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <20060926045508.GT28916@shrubbery.net> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> Message-ID: <20060926052029.GA26900@viol8tr.com> John, I don't know how you guys do it at your organization but when you make heavy use of ACLs and they get out of order, that can impact the processor of the router/pix/switch. This is important if you are using these configs to restore from. Maybe I am misunderstanding the original grip, but I recall the issue being with the ACLs being sorted and them differing from the orignal order that the ACLs were on the router/pix/switch. -- -Lance On Mon, Sep 25, 2006 at 09:55:08PM -0700, john heasley wrote: > Thu, Sep 21, 2006 at 03:06:50PM +0200, Michael Stefaniuc: > > Hello, > > > > the attached patch makes the ACL sorting configurable. Default is to > > still sort the ACLs but this rancid "feature" can now be disabled > > easily. The patch implements this only for "cisco" type devices as this > > is what i cared most for now. > > > > Copyright and license is whatever it is needed to make this patch go in > > into the main rancid package. > > I do not see what is wrong with the sorting? David LaPorte pointed out that > if the order of statements on the router changed, he would not receive the > diffs, but the order should not matter and the end result be same. The > sorting should only affect lines with the same name (ACL name or number) and > action (permit/deny/remark). > > So, is this just distaste or am I being dense and missing the problem? An > example of the problem, please. > > > --- ./bin/rancid.in.aclsort 2006-08-12 04:34:22.000000000 +0200 > > +++ ./bin/rancid.in 2006-09-13 20:40:36.000000000 +0200 > > @@ -35,6 +35,7 @@ > > $found_env = 0; > > $found_diag = 0; > > $timeo = 90; # clogin timeout in seconds > > +$aclsort = "ipsort"; > > > > my(@commandtable, %commands, @commands);# command lists > > my(%filter_pwds); # password filtering mode > > @@ -1593,14 +1594,14 @@ > > s/\$(Revision|Id):/ $1:/; > > # order access-lists > > /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && > > - ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; > > + ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; > > # order extended access-lists > > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && > > - ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; > > + ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; > > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && > > - ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; > > + ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; > > /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && > > - ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; > > + ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; > > # order arp lists > > /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && > > ProcessHistory("ARP","ipsort","$1","$_") && next; > > @@ -1819,6 +1820,11 @@ > > $filter_pwds = 1; > > } > > > > +# check ACL sorting mode > > +if (defined($ENV{"ACLSORT"}) && $ENV{"ACLSORT"} =~ /no/i) { > > + $aclsort = ""; > > +} > > + > > ProcessHistory("","","","!RANCID-CONTENT-TYPE: cisco\n!\n"); > > ProcessHistory("COMMENTS","keysort","B0","!\n"); > > ProcessHistory("COMMENTS","keysort","D0","!\n"); > > --- ./etc/rancid.conf.sample.in.aclsort 2005-08-15 02:42:50.000000000 +0200 > > +++ ./etc/rancid.conf.sample.in 2006-09-13 20:47:08.000000000 +0200 > > @@ -41,6 +41,9 @@ > > # if NOCOMMSTR is set, snmp community strings will be stripped from the configs > > #NOCOMMSTR=YES; export NOCOMMSTR > > # > > +# Set ACLSORT to NO to disable the sorting of the ACLs. > > +#ACLSORT=YES > > +# > > # How many times failed collections are retried (for each run) before > > # giving up. Minimum: 1 > > #MAX_ROUNDS=4; export MAX_ROUNDS > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Sep 26 05:35:58 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 22:35:58 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <20060926052029.GA26900@viol8tr.com> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> <20060926052029.GA26900@viol8tr.com> Message-ID: <20060926053558.GY28916@shrubbery.net> Mon, Sep 25, 2006 at 10:20:29PM -0700, Lance Vermilion: > John, > > I don't know how you guys do it at your organization but when you make heavy use of ACLs and they get out of order, that can impact the processor of the router/pix/switch. This is important if you are using these configs to restore from. > > Maybe I am misunderstanding the original grip, but I recall the issue being with the ACLs being sorted and them differing from the orignal order that the ACLs were on the router/pix/switch. Cool. Please, show an example to us of one which would be re-ordered in a fashion that would change it's result, or performance. I can't think of one, but admittedly do not heavily packet filter and am probably just being dense. Ultimately, I'd prefer a fix that corrected the problem with sorting [I'm assuming its not a matter of distaste but of function]. From rancid at gheek.net Tue Sep 26 05:49:21 2006 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 25 Sep 2006 22:49:21 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <20060926053558.GY28916@shrubbery.net> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> <20060926052029.GA26900@viol8tr.com> <20060926053558.GY28916@shrubbery.net> Message-ID: <20060926054921.GA27908@viol8tr.com> John, I wish I still had a lab to show you the output of how ordering can affect the ACL. As you probably already know, ACLs work top down and when the line in the ACL that matches first is up front you save x msecs as opposed to the line being the last line in the ACL. I would say though that it doesn't matter for the vast majority of people what order the lines are in the ACL as long as the permit/deny order doesn't change. The biggest impact of ACL ordering is for the PIX in my opinion because of gig interfaces. -- -Lance On Mon, Sep 25, 2006 at 10:35:58PM -0700, john heasley wrote: > Mon, Sep 25, 2006 at 10:20:29PM -0700, Lance Vermilion: > > John, > > > > I don't know how you guys do it at your organization but when you make heavy use of ACLs and they get out of order, that can impact the processor of the router/pix/switch. This is important if you are using these configs to restore from. > > > > Maybe I am misunderstanding the original grip, but I recall the issue being with the ACLs being sorted and them differing from the orignal order that the ACLs were on the router/pix/switch. > > Cool. Please, show an example to us of one which would be re-ordered in a > fashion that would change it's result, or performance. I can't think of > one, but admittedly do not heavily packet filter and am probably just > being dense. Ultimately, I'd prefer a fix that corrected the problem with > sorting [I'm assuming its not a matter of distaste but of function]. From heas at shrubbery.net Tue Sep 26 05:54:58 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Sep 2006 22:54:58 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <20060926054921.GA27908@viol8tr.com> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> <20060926052029.GA26900@viol8tr.com> <20060926053558.GY28916@shrubbery.net> <20060926054921.GA27908@viol8tr.com> Message-ID: <20060926055458.GA28916@shrubbery.net> Mon, Sep 25, 2006 at 10:49:21PM -0700, Lance Vermilion: > John, > > I wish I still had a lab to show you the output of how ordering can affect the ACL. As you probably already know, ACLs work top down and when the line in the ACL that matches first is up front you save x msecs as opposed to the line being the last line in the ACL. > > I would say though that it doesn't matter for the vast majority of people what order the lines are in the ACL as long as the permit/deny order doesn't change. The biggest impact of ACL ordering is for the PIX in my opinion because of gig interfaces. Yes, I understand this. Someone, please share an ACL (private e-mail if you must) that gets buggered by the sorting. Maybe we just need to more fields in the sort key. :) > -- > > -Lance > > On Mon, Sep 25, 2006 at 10:35:58PM -0700, john heasley wrote: > > Mon, Sep 25, 2006 at 10:20:29PM -0700, Lance Vermilion: > > > John, > > > > > > I don't know how you guys do it at your organization but when you make heavy use of ACLs and they get out of order, that can impact the processor of the router/pix/switch. This is important if you are using these configs to restore from. > > > > > > Maybe I am misunderstanding the original grip, but I recall the issue being with the ACLs being sorted and them differing from the orignal order that the ACLs were on the router/pix/switch. > > > > Cool. Please, show an example to us of one which would be re-ordered in a > > fashion that would change it's result, or performance. I can't think of > > one, but admittedly do not heavily packet filter and am probably just > > being dense. Ultimately, I'd prefer a fix that corrected the problem with > > sorting [I'm assuming its not a matter of distaste but of function]. > From rancid at gheek.net Tue Sep 26 08:46:26 2006 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 26 Sep 2006 01:46:26 -0700 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: <20060926003109.GM28916@shrubbery.net> References: <20060925182647.GA99566@viol8tr.com> <20060925212713.GA28916@shrubbery.net> <20060925213900.GA8007@viol8tr.com> <20060926003109.GM28916@shrubbery.net> Message-ID: <20060926084626.GA34749@viol8tr.com> Hey all, Anyone got an idea why this is happening? I have this script that I was talking about working if I run it with rancid-run -r . If I run it with rancid-run and let it spin through the devices in the devicelist I end up with the following errors. Trying to get all of the configs. File: /apps/rancid/var/../bin//apps/rancid/cssrancid not able to be opened:No such file or directory File: /apps/rancid/var/../bin//apps/rancid/rancid not able to be opened:No such file or directory When running it as rancid-run -r the directory to the file is just fine. Below is the code I added. *** home/backup/rancid.orig 2006-09-26 01:44:19.000000000 -0700 --- bin/rancid 2006-09-26 00:49:32.000000000 -0700 *************** if (defined($ENV{"ACLSORT"}) && $ENV{"AC *** 1823,1829 **** --- 1823,1865 ---- $aclsort = ""; } + + # Print Script Versions + # This will print out the versions of the scripts + # that are the core of rancid and the version of + # this script. + sub PrintScriptVersions() + { + if (defined($ENV{"PSV"}) && $ENV{"PSV"} =~ /yes/i) + { + my @files = ('rancid-fe', 'rancid-run', 'control_rancid', 'par', 'clogin', __FILE__); + my $File = ''; + for $File (@files) + { + $File =~ s/bin\///g; + $File = $ENV{"BASEDIR"} . '/../bin/' . $File; + open(FILE, "$File") or warn "File: $File not able to be opened:$!\n"; + while () + { + if ( /^##\s\$Id:\s(.*)\s(\d+){4}\/.*\sExp\s\$$/ ) + { + my ($script, $version) = split(/,/, $1); + chomp ($version, $script); + ProcessHistory("","","","!RANCID-SCRIPT-TYPE: [$script ($version)]\n"); + } + } + close (FILE); + } + ProcessHistory("","","","!\n"); + } + else + { + ProcessHistory("","","","!\n"); + } + } + ProcessHistory("","","","!RANCID-CONTENT-TYPE: cisco\n"); + PrintScriptVersions(); ProcessHistory("COMMENTS","keysort","B0","!\n"); ProcessHistory("COMMENTS","keysort","D0","!\n"); ProcessHistory("COMMENTS","keysort","F0","!\n"); -- -Lance On Mon, Sep 25, 2006 at 05:31:09PM -0700, john heasley wrote: > Mon, Sep 25, 2006 at 02:39:00PM -0700, Lance Vermilion: > > John, > > > > Are you saying that @VERSION@ will return the version of rancid? > > It should be replaced by autoconf with the release version, coming from > include/version.h.in. > > > I am interested in knowing what the other core script versions are as well. > > Where is the @VERSION@ variable stored? > > Are the values in VERSION $Id: scriptname,v version? > > > > -- > > > > -Lance > > > > > > On Mon, Sep 25, 2006 at 02:27:13PM -0700, john heasley wrote: > > > To me, the more interesting bit is just the release, not the CVS revision. > > > That is simple as replacing @VERSION at . Also, hpuifilter -v will report > > > the version. > > > > > > Mon, Sep 25, 2006 at 05:00:28PM -0400, Burton Windle: > > > > > > > > > > > > On Mon, 25 Sep 2006, Lance Vermilion wrote: > > > > > > > > > Hey all, > > > > > > > > > > I have seen the question "What version of (rancid/clogin/etc) am I > > > > > running?" come up a few different times. I know that each script has its > > > > > own version etc. It would be nice to have something like what is below > > > > > add at the top of each config. This would make it extremely clear what > > > > > was used to collect the configs and what versions are being used. > > > > > > > > > > > > > Speaking from experience as one of those people who has recently asked > > > > that same question... > > > > > > > > I checked the rancid script for a -v, -V, or --version argument first, > > > > then went searching the text of the script for a (non-CVS) version. I > > > > never thought of checking the CVS repo for the RANCID version; having an > > > > argument to the program (or in this case, the script) and have it spit out > > > > the version would be, IMHO, very handy (and more in-line with other Unixy > > > > apps, so more likey to be stumbled upon by the typical admin). > > > > > > > > Having to dig in the CVS repo is, I would think, unlikey to get found > > > > without some handholding, be it FAQ or list. > > > > > > > > > > > > -- > > > > Burton Windle bwindle at fint.org > > > > > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From mstefani at redhat.com Tue Sep 26 09:30:24 2006 From: mstefani at redhat.com (Michael Stefaniuc) Date: Tue, 26 Sep 2006 11:30:24 +0200 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <20060926045508.GT28916@shrubbery.net> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> Message-ID: <4518F330.9080609@redhat.com> john heasley wrote: > Thu, Sep 21, 2006 at 03:06:50PM +0200, Michael Stefaniuc: > >>Hello, >> >>the attached patch makes the ACL sorting configurable. Default is to >>still sort the ACLs but this rancid "feature" can now be disabled >>easily. The patch implements this only for "cisco" type devices as this >>is what i cared most for now. >> >>Copyright and license is whatever it is needed to make this patch go in >>into the main rancid package. > > > I do not see what is wrong with the sorting? David LaPorte pointed out that > if the order of statements on the router changed, he would not receive the > diffs, but the order should not matter and the end result be same. The > sorting should only affect lines with the same name (ACL name or number) and > action (permit/deny/remark). As others have pointed out it could be a performance problem on devices with heavy traffic and long permit/deny blocks of ACL rules. I doubt we are affected by this as we have quite a few comments in our ACLs. > So, is this just distaste or am I being dense and missing the problem? An > example of the problem, please. I wouldn't call it distaste, more like following the principle of the least surprise. We use the configs saved by rancid for recovery purpose but also for people (even the Network Group) to quickly check the config of a device. It happened a couple of times that i looked first at the saved config and then at the ACLs directly on the router and I went "WTF, did somebody change the ACL in the mean time?". Validating that the differences are only rancid's ACL sorting takes time and distracts from the work one needed to do. And I _know_ about rancid's ACL sorting but my colleagues have probably forgotten about it. And some people are picky about "their" ACLs and don't like something messing with those. This is the second ACL sorting discussion i have seen on this list and i'm subscribed only for a year now. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From heas at shrubbery.net Tue Sep 26 10:04:55 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 26 Sep 2006 10:04:55 +0000 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: <20060926084626.GA34749@viol8tr.com> References: <20060925182647.GA99566@viol8tr.com> <20060925212713.GA28916@shrubbery.net> <20060925213900.GA8007@viol8tr.com> <20060926003109.GM28916@shrubbery.net> <20060926084626.GA34749@viol8tr.com> Message-ID: <20060926100455.GB17907@shrubbery.net> Tue, Sep 26, 2006 at 01:46:26AM -0700, Lance Vermilion: > Hey all, > > Anyone got an idea why this is happening? > > I have this script that I was talking about working if I run it with rancid-run -r . > > If I run it with rancid-run and let it spin through the devices in the devicelist I end up with the following errors. > > Trying to get all of the configs. > File: /apps/rancid/var/../bin//apps/rancid/cssrancid not able to be opened:No such file or directory > File: /apps/rancid/var/../bin//apps/rancid/rancid not able to be opened:No such file or directory that is not a rancid error. perhaps from your shell or perl? From rancid at gheek.net Tue Sep 26 16:52:54 2006 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 26 Sep 2006 09:52:54 -0700 Subject: [rancid] Re: Adding version tags into CVS/config files In-Reply-To: <20060926100455.GB17907@shrubbery.net> References: <20060925182647.GA99566@viol8tr.com> <20060925212713.GA28916@shrubbery.net> <20060925213900.GA8007@viol8tr.com> <20060926003109.GM28916@shrubbery.net> <20060926084626.GA34749@viol8tr.com> <20060926100455.GB17907@shrubbery.net> Message-ID: <20060926165254.GA50831@viol8tr.com> John, The only thing I can come up with is __FILE__ has the value of "/apps/rancid/bin/rancid" and the s/bin\///g removes the bin/ portion. For some reason the path in __FILE__ (/apps/rancid/bin/) gets carried on as "/apps/rancid/". The fix for this was to just alter the regex to account for that. old: $File =~ s/bin\///g; new: $File =~ s/^.*bin\///g; It now works with rancid-run -r and rancid-run . Thx for validating it wasn't a rancid error. For any of you that would like to have your config files to contain the version of the rancid scripts that collected the device info you can get the file at http://www.gheek.net/scripts/perl/rancid-psvadd_pl.txt The file versions are the files that make up the core of rancid to my knowledge (rancid-run, rancid-fe, control_rancid, par, *rancid, *login). The *login and *rancid files will change based on which file is needed by that script. Let me know if you run into any issue with this. Example of what it adds to the file. !RANCID-CONTENT-TYPE: cisco-cat ! !RANCID-SCRIPT-TYPE: [rancid-fe.in (v 1.37)] !RANCID-SCRIPT-TYPE: [rancid-run.in (v 1.32)] !RANCID-SCRIPT-TYPE: [control_rancid.in (v 1.76)] !RANCID-SCRIPT-TYPE: [par.in (v 1.11)] !RANCID-SCRIPT-TYPE: [clogin.in (v 1.94)] !RANCID-SCRIPT-TYPE: [cat5rancid.in (v 1.45)] I have also added it inline here as well along with the rancid.conf changes that are needed. # Set PSV to NO to disable the print script versions # Default is NO even if commented out. PSV=YES; export PSV #!/usr/bin/perl -w #Author: Lance Vermilion #Purpose: Add PrintScriptVersion to all files #Note: This file must be run with the # environmental vars from rancid.confs # #Instructions: # su - # cd (ex. /usr/local/rancid) # . etc/rancid.conf # PSVadd.pl # New files will be called ".new". Just # move the old file or nename the old # files to something other than the default # names. Then you can remove the .new from # the filename that this script created. # # You can do it simply like this. # for i in `ls -1 | egrep -v ".new|hpuifilter|control_rancid|rancid-fe|rancid-run|rancid-cvs|cgi|par|.*login.*"` # do # mv $i # done # # Make sure to test your new perl files to # sure they have proper syntax. # for i in `ls -1 | egrep -v "hpuifilter|control_rancid|rancid-fe|rancid-run|rancid-cvs|cgi|par|.*login.*"` # do # perl -c $i # done # # Make your ".new" files lose the .new and # set the ownership. # for i in `ls -1 | egrep -v "hpuifilter|control_rancid|rancid-fe|rancid-run|rancid-cvs|cgi|par|.*login.*"` # do # chmod 750 $i # I=`echo $i | sed 's/.new//g'` # mv $i $I # done ################################################## $dir = $ENV{"BASEDIR"} . '/../bin/'; opendir my $dh, $dir or die $!; my @files = grep {$_ !~ /hpuifilter|control_rancid|rancid-fe|rancid-run|rancid-cvs|cgi|par|.*login.*|\.|\.\./} readdir $dh; close $dh; for my $file (@files) { $file = $ENV{"BASEDIR"} . '/../bin/' . $file; open(FILE, "$file") or warn "$file not able to be opened:$!\n"; open(NEWFILE, ">$file.new") or warn "$file not able to be opened:$!\n"; while () { if (/.*system\s\"(.*)-t.*/) { $loginfile = $1; $loginfile =~ s/\s+//g; chomp $loginfile; } if (/RANCID-CONTENT-TYPE/) { print NEWFILE ' # Print Script Versions # This will print out the versions of the scripts # that are the core of rancid and the version of # this script. sub PrintScriptVersions() { if (defined($ENV{"PSV"}) && $ENV{"PSV"} =~ /yes/i) { my @files = (\'rancid-fe\', \'rancid-run\', \'control_rancid\', \'par\', '; print NEWFILE "\'$loginfile\'" ; print NEWFILE ', __ FILE__); for my $file (@files) { $file =~ s/^.*bin\///g; $file = $ENV{"BASEDIR"} . \'/../bin/\' . $file; open(FILE, "$file") or warn "$file not able to be opened:$!\n"; while () { if ( /^##\s\$Id:\s(.*)\s(\d+){4}\/.*\sExp\s\$$/ ) { my ($script, $version) = split(/,/, $1); chomp ($version, $script); ProcessHistory("","","","!RANCID-SCRIPT-TYPE: [$script ($version)]\n"); } } close (FILE); } ProcessHistory("","","","!\n"); } else { ProcessHistory("","","","!\n"); } }' . "\n\n"; print NEWFILE; print NEWFILE 'PrintScriptVersions();' . "\n"; } else { print NEWFILE; } } close(FILE); close(NEWFILE); } -- -Lance On Tue, Sep 26, 2006 at 10:04:55AM +0000, john heasley wrote: > Tue, Sep 26, 2006 at 01:46:26AM -0700, Lance Vermilion: > > Hey all, > > > > Anyone got an idea why this is happening? > > > > I have this script that I was talking about working if I run it with rancid-run -r . > > > > If I run it with rancid-run and let it spin through the devices in the devicelist I end up with the following errors. > > > > Trying to get all of the configs. > > File: /apps/rancid/var/../bin//apps/rancid/cssrancid not able to be opened:No such file or directory > > File: /apps/rancid/var/../bin//apps/rancid/rancid not able to be opened:No such file or directory > > that is not a rancid error. perhaps from your shell or perl? From heas at shrubbery.net Tue Sep 26 22:36:52 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 26 Sep 2006 15:36:52 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <4518F330.9080609@redhat.com> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> <4518F330.9080609@redhat.com> Message-ID: <20060926223652.GS20873@shrubbery.net> Tue, Sep 26, 2006 at 11:30:24AM +0200, Michael Stefaniuc: > john heasley wrote: > > Thu, Sep 21, 2006 at 03:06:50PM +0200, Michael Stefaniuc: > > > >>Hello, > >> > >>the attached patch makes the ACL sorting configurable. Default is to > >>still sort the ACLs but this rancid "feature" can now be disabled > >>easily. The patch implements this only for "cisco" type devices as this > >>is what i cared most for now. > >> > >>Copyright and license is whatever it is needed to make this patch go in > >>into the main rancid package. > > > > > > I do not see what is wrong with the sorting? David LaPorte pointed out that > > if the order of statements on the router changed, he would not receive the > > diffs, but the order should not matter and the end result be same. The > > sorting should only affect lines with the same name (ACL name or number) and > > action (permit/deny/remark). > As others have pointed out it could be a performance problem on devices > with heavy traffic and long permit/deny blocks of ACL rules. I doubt we > are affected by this as we have quite a few comments in our ACLs. ah-ha, so you (as you should) might know that the majority of your traffic originates from 192.168/16 compared to 10/8 and thus arrive at permit ip 192.168/16 permit ip 10/8 which would be more efficient for your traffic, but rancid would swap the two while sorting. There in lies the difference folks have trying to convey to me. Have I nailed that part of the argument? > > So, is this just distaste or am I being dense and missing the problem? An > > example of the problem, please. > I wouldn't call it distaste, more like following the principle of the > least surprise. > > We use the configs saved by rancid for recovery purpose but also for > people (even the Network Group) to quickly check the config of a device. > It happened a couple of times that i looked first at the saved config > and then at the ACLs directly on the router and I went "WTF, did > somebody change the ACL in the mean time?". Validating that the > differences are only rancid's ACL sorting takes time and distracts from > the work one needed to do. And I _know_ about rancid's ACL sorting but > my colleagues have probably forgotten about it. > > And some people are picky about "their" ACLs and don't like something > messing with those. This is the second ACL sorting discussion i have > seen on this list and i'm subscribed only for a year now. Ok, then feature needs to be applied to the other platforms as well. From rancid at gheek.net Tue Sep 26 22:37:07 2006 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 26 Sep 2006 15:37:07 -0700 Subject: [rancid] When SSHing to devices end is not recognized on some devices Message-ID: <20060926223707.GA67409@viol8tr.com> Hey All, I know I have seen some threads on this but can't seem to find them. When I am SSHing to some switches via rancid the end of the config is not found although I see it clearly in the .raw file. The connection eventually times out and thus that device fails. If I use telnet I have no problem exiting properly. What is the fix to this? Patch SSH? Patch Expect? -- -Lance From rancid at gheek.net Tue Sep 26 22:48:03 2006 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 26 Sep 2006 15:48:03 -0700 Subject: [rancid] Re: 2.3.2.a5: Make ACL sorting configurable In-Reply-To: <20060926223652.GS20873@shrubbery.net> References: <45128E6A.1000500@redhat.com> <20060926045508.GT28916@shrubbery.net> <4518F330.9080609@redhat.com> <20060926223652.GS20873@shrubbery.net> Message-ID: <20060926224803.GA67912@viol8tr.com> John, That would be correct if someone has it setup like that. When you are making granular ACLs you might have something like this. How would ipsort sort this? permit host 1.1.1.3 host 2.2.2.2 port 53 permit 1.1.1.1 255.255.255.0 host 2.2.2.2 port 161 deny 1.1.1.1 255.255.255.0 host 2.2.2.2 -- -Lance On Tue, Sep 26, 2006 at 03:36:52PM -0700, john heasley wrote: > Tue, Sep 26, 2006 at 11:30:24AM +0200, Michael Stefaniuc: > > john heasley wrote: > > > Thu, Sep 21, 2006 at 03:06:50PM +0200, Michael Stefaniuc: > > > > > >>Hello, > > >> > > >>the attached patch makes the ACL sorting configurable. Default is to > > >>still sort the ACLs but this rancid "feature" can now be disabled > > >>easily. The patch implements this only for "cisco" type devices as this > > >>is what i cared most for now. > > >> > > >>Copyright and license is whatever it is needed to make this patch go in > > >>into the main rancid package. > > > > > > > > > I do not see what is wrong with the sorting? David LaPorte pointed out that > > > if the order of statements on the router changed, he would not receive the > > > diffs, but the order should not matter and the end result be same. The > > > sorting should only affect lines with the same name (ACL name or number) and > > > action (permit/deny/remark). > > As others have pointed out it could be a performance problem on devices > > with heavy traffic and long permit/deny blocks of ACL rules. I doubt we > > are affected by this as we have quite a few comments in our ACLs. > > ah-ha, so you (as you should) might know that the majority of your traffic > originates from 192.168/16 compared to 10/8 and thus arrive at > > permit ip 192.168/16 > permit ip 10/8 > > which would be more efficient for your traffic, but rancid would swap the > two while sorting. There in lies the difference folks have trying to > convey to me. > > Have I nailed that part of the argument? > > > > So, is this just distaste or am I being dense and missing the problem? An > > > example of the problem, please. > > I wouldn't call it distaste, more like following the principle of the > > least surprise. > > > > We use the configs saved by rancid for recovery purpose but also for > > people (even the Network Group) to quickly check the config of a device. > > It happened a couple of times that i looked first at the saved config > > and then at the ACLs directly on the router and I went "WTF, did > > somebody change the ACL in the mean time?". Validating that the > > differences are only rancid's ACL sorting takes time and distracts from > > the work one needed to do. And I _know_ about rancid's ACL sorting but > > my colleagues have probably forgotten about it. > > > > And some people are picky about "their" ACLs and don't like something > > messing with those. This is the second ACL sorting discussion i have > > seen on this list and i'm subscribed only for a year now. > > Ok, then feature needs to be applied to the other platforms as well. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jadams at eline.com Wed Sep 27 19:46:39 2006 From: jadams at eline.com (John Adams) Date: Wed, 27 Sep 2006 12:46:39 -0700 Subject: [rancid] Patch for francid, against rancid-2.3.2a5 Message-ID: Foundry code 03.0.01bT3e3 is very chatty about fan status which causes rancid to log many changes (even when nothing is really changing) WRT fan speed. Here?s a short patch to fix flogin to ignore the fan speed changes in the show chassis output: *** /usr/local/src/rancid-2.3.2a5/bin/francid 2006-09-27 12:24:07.000000000 -0700 --- /tftpboot/rancid/bin/francid 2006-09-27 12:29:49.000000000 -0700 *************** *** 201,206 **** --- 201,212 ---- if (/temperature:/i) { $skip = 1; } + + # jadams at eline.com: Also ignore fan speed changes + if (/speed/i) { + $skip = 1; + } + next if $skip; ProcessHistory("CHASSIS","","","! $_"); [root at argus rancid-2.3.2a5]# -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060927/827498c6/attachment.html From mpipkin at egisticsinc.com Thu Sep 28 21:23:55 2006 From: mpipkin at egisticsinc.com (Maury Pipkin) Date: Thu, 28 Sep 2006 16:23:55 -0500 Subject: [rancid] CVS Commit Problem Message-ID: <6B42B6A1867A9B449DD7951777CDE35F02694B11@sdi-mail2.sdidallas.com> Not sure why this is happening now as it was working just fine for other devices, but suddenly, my logs show: cvs status: use `cvs add' to create an entry for 172.16.100.17 cvs [add aborted]: cannot open CVS/172.16.100.17,t: Permission denied CVS added missing router 172.16.100.17 cvs status: use `cvs add' to create an entry for 172.16.100.25 cvs [add aborted]: cannot open CVS/172.16.100.25,t: Permission denied CVS added missing router 172.16.100.25 cvs status: use `cvs add' to create an entry for 172.16.100.9 cvs [add aborted]: cannot open CVS/172.16.100.9,t: Permission denied CVS added missing router 172.16.100.9 cvs status: use `cvs add' to create an entry for 172.16.200.17 cvs [add aborted]: cannot open CVS/172.16.200.17,t: Permission denied CVS added missing router 172.16.200.17 cvs status: use `cvs add' to create an entry for 172.16.200.9 cvs [add aborted]: cannot open CVS/172.16.200.9,t: Permission denied CVS added missing router 172.16.200.9 Any help with this is appreciated. ___ Maury Pipkin eGistics, Inc. 3210 Commander Carrollton, TX 75006 Office 972-851-3134 Mobile 214-507-2034 mpipkin at egisticsinc.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060928/e79ab042/attachment.html