[rancid] Re: F5 load balancer support

David Croft david at infotrek.co.uk
Sun Jul 15 12:43:01 UTC 2007 

Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since it's
using SSH and therefore doesn't need a username prompt, solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd  (<- something that won't get sent during login)

Regards,

David

On 14/07/07, Lance <rancid at gheek.net> wrote:
> Sam,
>
> Have you tried using telnet to login, if the f5 has it enabled.
> You may also want to set auto enable in your .cloginrc for this device
> as it looks to clogin as you are already in a cisco equivalent equal to
> enable since your prompt has a # sign in it.
>
> Looking at your next email along with this one it looks like you are
> already in a cisco equivalent of enable after you login. f5login seems
> to be sending your username of root as a command after you get connected
> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> 172.24.100.12" and it matches on the word "Login". See below.
>
> "(Username|Login|login|user name):"? yes
>
> expect: set expect_out(0,string) "login:"
>
> expect: set expect_out(1,string) "login"
>
> expect: set expect_out(spawn_id) "exp4"
>
> expect: set expect_out(buffer) " \r\nLast login:"
>
> send: sending "root\r" to { exp4 }
>
> expect: continuing expect
>
> You are just using a Cisco login/parsing script so it expects prompts
> from a Cisco device and in this case you have a *nix SSH banner that
> gets interrupted. I know you can use RANCID to backup *nix systems. So
> it knows how to understand connecting to a *nix system. You might want
> to try this email thread which asks about backing up Linux conifgs.
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> Or you could modify the existing f5login like so.
>
> I think you have to use the carrot before the () to work. I haven't
> checked this as I am at home and not on a UNIX system right now. Sorry
> to lazy to check it out right now. You might want to uncomment the line
> below 3. and comment out the line below 2. and see if that works. This
> is the only point in the code that I see it look for login in any line.
> If that doesn't work send me back the debug and I will see what I can
> do. I am sure some people that use expect more often then I can probably
> quickly tell you what to use as syntax there.
>
> # Figure out prompts
>    set u_prompt [find userprompt $router
> if { "$u_prompt" == "" } {
>        #1. ORIGINAL
>        #set u_prompt "^(Username|Login|login|user name):"
>        #2. Modified to read for a line beginning with Username,Login,login, or
> user name.
>        set u_prompt "^(Username|Login|login|user name):"
>        #3. Modified to read for a line beginning with Login or login. but I
> may be wrong
>        #set u_prompt "^(Username|^Login|^login|user name):"
>    } else {
>        set u_prompt [join [lindex $u_prompt 0] ""]
>
>
> Let me know if this works for you.
>
> -Lance
>
> > -------- Original Message --------
> > Subject: Re: [rancid]  F5 load balancer support
> > From: Sam Munzani <smunzani at comcast.net>
> > Date: Fri, July 13, 2007 2:30 pm
> > To: Lance <rancid at gheek.net>
> > Cc: rancid-discuss at shrubbery.net
> >
> > Lance,
> >
> > F5 login works fine with a minor error.
> >
> > $ f5login test-f5-01
> > test-f5-01
> > spawn ssh -c 3des -x -l root test-f5-01
> > Password:
> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> > root
> > [root at test-f5-01:Active] config # root
> > -bash: root: command not found
> > [root at test-f5-01:Active] config #
> > [root at test-f5-01:Active] config #
> > [root at test-f5-01:Active] config #
> >
> > I don't know how to debug otherwise I would turn on debug too. If you
> > can provide some hints on debug, I would appreciate it.
> >
> > Thanks,
> > Sam
> > > What error(s) do you get when you try to run your f5rancid?
> > >
> > > Where does it fail if you debug your f5login?
> > >
> > >
> > > -lance
> > >
> > >
> > >> -------- Original Message --------
> > >> Subject: [rancid]  F5 load balancer support
> > >> From: Sam Munzani <smunzani at comcast.net>
> > >> Date: Fri, July 13, 2007 12:45 pm
> > >> To: rancid-discuss at shrubbery.net
> > >>
> > >> Hi,
> > >>
> > >> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> > >> boxes? It should be pretty simple. All I want to do is login and
> > type "b
> > >> list" which is equivalent of "show run" on cisco.
> > >>
> > >> However for some reason things not working. All I did was copied
> > clogin
> > >> to f5login, copied rancid to f5rancid and added following to
> > rancid-fe.
> > >> elsif ($vendor =~ /^f5$/i)              { exec('f5rancid', $router); }
> > >>
> > >> Then modified f5 rancid file and kept only one command in list of
> > >> commands "b list".
> > >>
> > >> For some reason its not working. I can post my configs here if
> > somebody
> > >> like to see them.
> > >>
> > >> Thanks,
> > >> Sam
> > >> _______________________________________________
> > >> Rancid-discuss mailing list
> > >> Rancid-discuss at shrubbery.net
> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>
> > >
> > >
> > >
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>

More information about the Rancid-discuss mailing list