[rancid] Re: F5 load balancer support

Lance rancid at gheek.net
Tue Jul 17 00:32:01 UTC 2007


I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.

Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.

-lance

> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Mon, July 16, 2007 11:48 am
> To: <sam at munzani.com>
> Cc: rancid-discuss at shrubbery.net
> 
> Sam,
>  
> I have a working f5rancid that I have been using for a number of months
> now.   I have one minor bug related to tracking installed SSL certs
> which you probably don't care about.  Other than that, it works great.
>  
> I did encounter and solve all the problems you have been discussing on
> the list.
>  
> Let me know if you are interested in trying what I have.  I have tested
> it with Big-IP 9.1.2.  
>  
> Mike
> 
> ________________________________
> 
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
> 
> 
> BTW, this is what I see in the log when I do rancid-run now. That means
> the f5rancid file(hacked copy of rancid) is still missing something.
> 
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
> 
> 
> 
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
> 
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
> 
> 
> 
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
> 
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
> 
> ending: Mon Jul 16 11:49:41 CDT 2007
> 
> Thanks,
> Sam
> 
> 
> 	David,
> 	
> 	Thanks a lot for the tip. This worked well. Now f5login goes
> much more 
> 	cleaner and the "root" doesn't set sent again. I still have
> other issues 
> 	where rancid-run is backing up config properly but I am still 
> 	troubleshooting it.
> 	
> 	Now here is a question. What does "bldshgalsjd" mean and how
> does it do 
> 	this miracle?
> 	
> 	Thanks,
> 	Sam
> 	  
> 
> 		Thanks for this tip, turns out that this is also the
> reason the
> 		username gets entered at a prompt on the cisco IPS
> devices. Since it's
> 		using SSH and therefore doesn't need a username prompt,
> solution was
> 		to simply add in .cloginrc:
> 		
> 		add userprompt ids* bldshgalsjd  (<- something that
> won't get sent 
> 		during login)
> 		
> 		Regards,
> 		
> 		David
> 		
> 		On 14/07/07, Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net>  wrote:
> 		    
> 
> 			Sam,
> 			
> 			Have you tried using telnet to login, if the f5
> has it enabled.
> 			You may also want to set auto enable in your
> .cloginrc for this device
> 			as it looks to clogin as you are already in a
> cisco equivalent equal to
> 			enable since your prompt has a # sign in it.
> 			
> 			Looking at your next email along with this one
> it looks like you are
> 			already in a cisco equivalent of enable after
> you login. f5login seems
> 			to be sending your username of root as a command
> after you get connected
> 			because it sees this line "Last login: Fri Jul
> 13 14:38:03 2007 from
> 			172.24.100.12" and it matches on the word
> "Login". See below.
> 			
> 			"(Username|Login|login|user name):"? yes
> 			
> 			expect: set expect_out(0,string) "login:"
> 			
> 			expect: set expect_out(1,string) "login"
> 			
> 			expect: set expect_out(spawn_id) "exp4"
> 			
> 			expect: set expect_out(buffer) " \r\nLast
> login:"
> 			
> 			send: sending "root\r" to { exp4 }
> 			
> 			expect: continuing expect
> 			
> 			You are just using a Cisco login/parsing script
> so it expects prompts
> 			from a Cisco device and in this case you have a
> *nix SSH banner that
> 			gets interrupted. I know you can use RANCID to
> backup *nix systems. So
> 			it knows how to understand connecting to a *nix
> system. You might want
> 			to try this email thread which asks about
> backing up Linux conifgs.
> 	
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>  
> 			
> 			Or you could modify the existing f5login like
> so.
> 			
> 			I think you have to use the carrot before the ()
> to work. I haven't
> 			checked this as I am at home and not on a UNIX
> system right now. Sorry
> 			to lazy to check it out right now. You might
> want to uncomment the line
> 			below 3. and comment out the line below 2. and
> see if that works. This
> 			is the only point in the code that I see it look
> for login in any line.
> 			If that doesn't work send me back the debug and
> I will see what I can
> 			do. I am sure some people that use expect more
> often then I can probably
> 			quickly tell you what to use as syntax there.
> 			
> 			# Figure out prompts
> 			   set u_prompt [find userprompt $router
> 			if { "$u_prompt" == "" } {
> 			       #1. ORIGINAL
> 			       #set u_prompt
> "^(Username|Login|login|user name):"
> 			       #2. Modified to read for a line beginning
> with 
> 			Username,Login,login, or
> 			user name.
> 			       set u_prompt "^(Username|Login|login|user
> name):"
> 			       #3. Modified to read for a line beginning
> with Login or login. 
> 			but I
> 			may be wrong
> 			       #set u_prompt
> "^(Username|^Login|^login|user name):"
> 			   } else {
> 			       set u_prompt [join [lindex $u_prompt 0]
> ""]
> 			
> 			
> 			Let me know if this works for you.
> 			
> 			-Lance
> 			
> 			      
> 
> 				-------- Original Message --------
> 				Subject: Re: [rancid]  F5 load balancer
> support
> 				From: Sam Munzani <smunzani at comcast.net>
> <mailto:smunzani at comcast.net> 
> 				Date: Fri, July 13, 2007 2:30 pm
> 				To: Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net> 
> 				Cc: rancid-discuss at shrubbery.net
> 				
> 				Lance,
> 				
> 				F5 login works fine with a minor error.
> 				
> 				$ f5login test-f5-01
> 				test-f5-01
> 				spawn ssh -c 3des -x -l root test-f5-01
> 				Password:
> 				Last login: Fri Jul 13 14:26:28 2007
> from 172.24.100.12
> 				root
> 				[root at test-f5-01:Active] config # root
> 				-bash: root: command not found
> 				[root at test-f5-01:Active] config #
> 				[root at test-f5-01:Active] config #
> 				[root at test-f5-01:Active] config #
> 				
> 				I don't know how to debug otherwise I
> would turn on debug too. If you
> 				can provide some hints on debug, I would
> appreciate it.
> 				
> 				Thanks,
> 				Sam
> 				        
> 
> 				What error(s) do you get when you try to
> run your f5rancid?
> 				
> 				Where does it fail if you debug your
> f5login?
> 				
> 				
> 				-lance
> 				
> 				
> 				          
> 
> 				-------- Original Message --------
> 				Subject: [rancid]  F5 load balancer
> support
> 				From: Sam Munzani <smunzani at comcast.net>
> <mailto:smunzani at comcast.net> 
> 				Date: Fri, July 13, 2007 12:45 pm
> 				To: rancid-discuss at shrubbery.net
> 				
> 				Hi,
> 				
> 				Did anybody happened to hack one of
> Cisco scripts to support 
> 				            
> 
> 			BigIP F5
> 			      
> 
> 				boxes? It should be pretty simple. All I
> want to do is login and
> 				            
> 
> 				type "b
> 				        
> 
> 				list" which is equivalent of "show run"
> on cisco.
> 				
> 				However for some reason things not
> working. All I did was copied
> 				            
> 
> 				clogin
> 				        
> 
> 				to f5login, copied rancid to f5rancid
> and added following to
> 				            
> 
> 				rancid-fe.
> 				        
> 
> 				elsif ($vendor =~ /^f5$/i)
> { exec('f5rancid', 
> 				            
> 
> 			$router); }
> 			      
> 
> 				Then modified f5 rancid file and kept
> only one command in list of
> 				commands "b list".
> 				
> 				For some reason its not working. I can
> post my configs here if
> 				            
> 
> 				somebody
> 				        
> 
> 				like to see them.
> 				
> 				Thanks,
> 				Sam
> 	
> _______________________________________________
> 				Rancid-discuss mailing list
> 				Rancid-discuss at shrubbery.net
> 	
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 				
> 				            
> 
> 				
> 				          
> 
> 			_______________________________________________
> 			Rancid-discuss mailing list
> 			Rancid-discuss at shrubbery.net
> 	
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 			
> 			      
> 
> 	
> 	_______________________________________________
> 	Rancid-discuss mailing list
> 	Rancid-discuss at shrubbery.net
> 	http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



More information about the Rancid-discuss mailing list