[rancid] Re: F5 load balancer support

Lance rancid at gheek.net
Wed Jul 18 00:03:13 UTC 2007


Mike,

Interesting comment about the logout/exit portion. The f5login I created
from slightly modifying the clogin basically had expect send an
additional \r before it issued exit\r. So it looks like so send
"\rexit\r". That made it get another line and then when it saw the # in
the prompt followed by a space and then exit it worked just fine.
Interesting you got yours to work with logout. Hehe. 

In any regard nicely done and I am sure what we have is nice and all but
I know John has his own copy...I thought I remember him saying. I would
think he has it a lot like the cisco one, catching particulars and
exclaiming them at the top of the file. I may be wrong, but none the
less between the 3 version I think there should be no reason why we
can't have it added to the next alpha release. :-D

John can you pass out your version and let us know if it will make the
next alpha release?


-Lance
> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Tue, July 17, 2007 3:55 pm
> To: "Lance" <rancid at gheek.net>
> Cc: <rancid-discuss at shrubbery.net>,  <sam at munzani.com>
> 
> Lance,
> 
> I welcome a separate f5login, but when I asked about it back in
> February, Andrew Partan recommended using clogin if I could get it to
> work.  Since I already had it working with clogin at that point, I
> didn't want to tackle re-writing clogin for the f5 if I didn't need to.
> The f5login you put together works with minimal changes to f5rancid.  It
> also fixes some emulation problems when using clogin to obtain a shell
> on the f5.  While these did not impact f5rancid, it does improve the
> overall functionality.  Thanks!  
> 
> The check for prompt, the end of file and clean run is all there.  This
> also answers Sam's question about how I was able to use clogin.  When I
> was trying to figure out why I was not getting a clean run, I found that
> the standard rancid looks for a regex match to /[>#]\s?exit$/ to detect
> a clean run.  Looking at the data coming back from clogin, I was not
> seeing anything to match this from the f5 so I replaced it with
> /\s?logout$/ to match what I was seeing from the F5 at the end of a
> clean run.  
> 
> Mike
> 
> 
> -----Original Message-----
> From: Lance [mailto:rancid at gheek.net] 
> Sent: Tuesday, July 17, 2007 3:35 PM
> To: Mike Ashcraft
> Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> Subject: RE: [rancid] Re: F5 load balancer support
> 
> Mike,
> 
> I would also like to bring up a few other things.
> 
> 1.) If you are using the default clogin file you are going to have term
> length and term width commands executed. They will not do anything but
> they will show up as commands that would be attempted to run. So it
> would be best to have a separate f5login script/modified clogin so it
> has a clean login.
> 
> 2.) You don't seem to check if you have reached end of file and have run
> clean. You seem to just blindly set these values, which removes the
> whole purpose they are there. It would be better to read the whole
> output similar to how the cssrancid script is done or the f5rancid
> script done.
> 
> Other than thsoe I think your script is nice. I am sure it can be
> expanded on like a lot of the stuff but lets get some product that has
> all the checking, and prompt detection between each command and then
> lets look at adding it to the distribution. Obviously John H. and
> company has the final say on that one.
> 
> -lance
> 
> > -------- Original Message --------
> > Subject: RE: [rancid] Re: F5 load balancer support
> > From: "Mike Ashcraft" <mashcraft at omniture.com>
> > Date: Tue, July 17, 2007 12:35 pm
> > To: "Lance" <rancid at gheek.net>
> > Cc: <rancid-discuss at shrubbery.net>,  <sam at munzani.com>
> > 
> > Lance,
> > 
> > Thanks for the feedback.
> > 
> > "b list" and "cat bigip.conf" are equivalent with the exception that b
> > list may reflect changes made in the cli that are not saved and will
> be
> > lost on reboot.  Changes made using the web configuration tool are
> > automatically saved.  "b list" may also limit what the rancid user can
> > see to a partial view if the user is not given sufficient rights.
> This
> > file has the software configuration.  
> > 
> > The other file, bigip_base.conf contains interface configuration,
> > management IP addresses, routing, VLANs etc.  
> > 
> > One could debate whether the f5rancid script should get the saved
> > configuration files or the running config or both.  For cisco devices,
> > rancid obtains both.  I'll look at adding both.
> > 
> > Mike
> > 
> > -----Original Message-----
> > From: Lance [mailto:rancid at gheek.net] 
> > Sent: Tuesday, July 17, 2007 12:00 PM
> > To: Mike Ashcraft
> > Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> > Subject: RE: [rancid] Re: F5 load balancer support
> > 
> > Mike,
> > 
> > Looks really nice. I am guessing the bigip.conf or the other file is
> > what is displayed with "b list".
> > 
> > -Lance
> > 
> > > -------- Original Message --------
> > > Subject: RE: [rancid] Re: F5 load balancer support
> > > From: "Mike Ashcraft" <mashcraft at omniture.com>
> > > Date: Tue, July 17, 2007 10:49 am
> > > To: <sam at munzani.com>,  "Lance" <rancid at gheek.net>
> > > Cc: <rancid-discuss at shrubbery.net>
> > > 
> > > I have been on vacation for the last couple of weeks or I would have
> > > posted this sooner and possibly saved some of you a bit of effort. 
> > >  
> > > It sounds like Lance and Sam have put together a working f5rancid
> with
> > > basic functionality which Sam posted last night.  I have attached my
> > > f5rancid which I have been running for a few months.  Installation
> > > instructions are included as comments in the file.  This version
> uses
> > > clogin so that a separate f5login script is not required.
> > >  
> > > This version formats and processes the output to make it more
> usable.
> > > As far as what is captured, I based this on the F5 equivalent of a
> > tech
> > > out.  It grabs a copy of all the configuration files, hardware
> > > configuration and software version as well as the timestamps and
> file
> > > sizes for SSL certs hosted on the device.  This facilitates
> rebuilding
> > > from scratch as quickly as possible if this is ever needed.  
> > >  
> > > I was able to resolve the bug I mentioned yesterday by increasing
> the
> > > clogin timeout.  On a small number of devices it failed to process
> the
> > > last few commands when running from cron but always worked properly
> > from
> > > the command line on all devices [making it difficult to track down].
> > I
> > > mention this because it may be an appropriate fix for other
> > intermittent
> > > problems sometimes discussed on this list.
> > >  
> > > Any feedback is appreciated.  I hope to get f5 support added to
> future
> > > releases of rancid.  
> > >  
> > > Thanks,
> > >  
> > > Mike
> > >  
> > >  
> > > 
> > > ________________________________
> > > 
> > > From: Sam Munzani [mailto:sam at munzani.com] 
> > > Sent: Monday, July 16, 2007 7:49 PM
> > > To: Lance
> > > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> > > Subject: Re: [rancid] Re: F5 load balancer support
> > > 
> > > 
> > > Lance,
> > > 
> > > Thanks a lot for all your help. Pretty much you did all the work
> while
> > I
> > > watched what you are doing :-)..
> > > 
> > > Attached are cleaned up files. In f5rancid file, I have left some
> > basic
> > > functions(non platform specific) just in case we expand this script
> to
> > > do a lot more than just "b list" output. In rancid-fe, we defined a
> > new
> > > device type "f5", f5login was copied from clogin and remarked some
> > "term
> > > length" statements we don't need on F5.
> > > 
> > > All 3 files are attached and working great. Please be aware, we are
> > not
> > > parsing anything at all. All its doing is basic function of running
> "b
> > > list" command and capturing its output. As I expand more on this, I
> > will
> > > be sure to share with the audience here.
> > > 
> > > Again, thanks a lot for all your help today.
> > > 
> > > Regards,
> > > Sam
> > > 
> > > 
> > > 	I have helped Sam get a working f5rancid which requires a
> > > f5login (only
> > > 	because it doesn't recognize the prompt with a space and exit,
> > > unless
> > > 	you enter a return before the exit). He is cleaning up all the
> > > unused
> > > 	functions and will post it.
> > > 	
> > > 	Once John H. sends out his script I will look at it and see how
> > > it
> > > 	differs from the one I did with Sam. I will even help Sam get it
> > > working
> > > 	for his setup. We will let you know when it is all working.
> > > 	
> > > 	-lance
> > > 	
> > > 	  
> > > 
> > > 		-------- Original Message --------
> > > 		Subject: [rancid] Re: F5 load balancer support
> > > 		From: "Mike Ashcraft" <mashcraft at omniture.com>
> > > <mailto:mashcraft at omniture.com> 
> > > 		Date: Mon, July 16, 2007 11:48 am
> > > 		To: <sam at munzani.com> <mailto:sam at munzani.com> 
> > > 		Cc: rancid-discuss at shrubbery.net
> > > 		
> > > 		Sam,
> > > 		 
> > > 		I have a working f5rancid that I have been using for a
> > > number of months
> > > 		now.   I have one minor bug related to tracking
> > > installed SSL certs
> > > 		which you probably don't care about.  Other than that,
> > > it works great.
> > > 		 
> > > 		I did encounter and solve all the problems you have been
> > > discussing on
> > > 		the list.
> > > 		 
> > > 		Let me know if you are interested in trying what I have.
> > > I have tested
> > > 		it with Big-IP 9.1.2.  
> > > 		 
> > > 		Mike
> > > 		
> > > 		________________________________
> > > 		
> > > 		From: rancid-discuss-bounces at shrubbery.net
> > > 		[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> > > Of Sam Munzani
> > > 		Sent: Monday, July 16, 2007 10:58 AM
> > > 		To: smunzani at comcast.net
> > > 		Cc: rancid-discuss at shrubbery.net
> > > 		Subject: [rancid] Re: F5 load balancer support
> > > 		
> > > 		
> > > 		BTW, this is what I see in the log when I do rancid-run
> > > now. That means
> > > 		the f5rancid file(hacked copy of rancid) is still
> > > missing something.
> > > 		
> > > 		more nfl.20070716.114842
> > > 		starting: Mon Jul 16 11:48:42 CDT 2007
> > > 		
> > > 		
> > > 		
> > > 		Trying to get all of the configs.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 1.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 2.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 3.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 4.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		
> > > 		cvs diff: Diffing .
> > > 		cvs diff: Diffing configs
> > > 		nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> > > 2007
> > > 		
> > > 		
> > > 		
> > > 		Trying to get all of the configs.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 1.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 2.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 3.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		=====================================
> > > 		Getting missed routers: round 4.
> > > 		test-f5-01: End of run not found
> > > 		-bash: write: command not found
> > > 		
> > > 		cvs diff: Diffing .
> > > 		cvs diff: Diffing configs
> > > 		cvs diff: cannot find configs/test-f5-01
> > > 		cvs commit: Examining .
> > > 		cvs commit: Examining configs
> > > 		cvs commit: Up-to-date check failed for
> > > `configs/test-f5-01'
> > > 		cvs [commit aborted]: correct above errors first!
> > > 		ls: test-f5-01: No such file or directory
> > > 		
> > > 		ending: Mon Jul 16 11:49:41 CDT 2007
> > > 		
> > > 		Thanks,
> > > 		Sam
> > > 		
> > > 		
> > > 			David,
> > > 			
> > > 			Thanks a lot for the tip. This worked well. Now
> > > f5login goes
> > > 		much more 
> > > 			cleaner and the "root" doesn't set sent again. I
> > > still have
> > > 		other issues 
> > > 			where rancid-run is backing up config properly
> > > but I am still 
> > > 			troubleshooting it.
> > > 			
> > > 			Now here is a question. What does "bldshgalsjd"
> > > mean and how
> > > 		does it do 
> > > 			this miracle?
> > > 			
> > > 			Thanks,
> > > 			Sam
> > > 			  
> > > 		
> > > 				Thanks for this tip, turns out that this
> > > is also the
> > > 		reason the
> > > 				username gets entered at a prompt on the
> > > cisco IPS
> > > 		devices. Since it's
> > > 				using SSH and therefore doesn't need a
> > > username prompt,
> > > 		solution was
> > > 				to simply add in .cloginrc:
> > > 				
> > > 				add userprompt ids* bldshgalsjd  (<-
> > > something that
> > > 		won't get sent 
> > > 				during login)
> > > 				
> > > 				Regards,
> > > 				
> > > 				David
> > > 				
> > > 				On 14/07/07, Lance <rancid at gheek.net>
> > > <mailto:rancid at gheek.net> 
> > > 		<mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> > > wrote:
> > > 				    
> > > 		
> > > 					Sam,
> > > 					
> > > 					Have you tried using telnet to
> > > login, if the f5
> > > 		has it enabled.
> > > 					You may also want to set auto
> > > enable in your
> > > 		.cloginrc for this device
> > > 					as it looks to clogin as you are
> > > already in a
> > > 		cisco equivalent equal to
> > > 					enable since your prompt has a #
> > > sign in it.
> > > 					
> > > 					Looking at your next email along
> > > with this one
> > > 		it looks like you are
> > > 					already in a cisco equivalent of
> > > enable after
> > > 		you login. f5login seems
> > > 					to be sending your username of
> > > root as a command
> > > 		after you get connected
> > > 					because it sees this line "Last
> > > login: Fri Jul
> > > 		13 14:38:03 2007 from
> > > 					172.24.100.12" and it matches on
> > > the word
> > > 		"Login". See below.
> > > 					
> > > 					"(Username|Login|login|user
> > > name):"? yes
> > > 					
> > > 					expect: set expect_out(0,string)
> > > "login:"
> > > 					
> > > 					expect: set expect_out(1,string)
> > > "login"
> > > 					
> > > 					expect: set expect_out(spawn_id)
> > > "exp4"
> > > 					
> > > 					expect: set expect_out(buffer) "
> > > \r\nLast
> > > 		login:"
> > > 					
> > > 					send: sending "root\r" to { exp4
> > > }
> > > 					
> > > 					expect: continuing expect
> > > 					
> > > 					You are just using a Cisco
> > > login/parsing script
> > > 		so it expects prompts
> > > 					from a Cisco device and in this
> > > case you have a
> > > 		*nix SSH banner that
> > > 					gets interrupted. I know you can
> > > use RANCID to
> > > 		backup *nix systems. So
> > > 					it knows how to understand
> > > connecting to a *nix
> > > 		system. You might want
> > > 					to try this email thread which
> > > asks about
> > > 		backing up Linux conifgs.
> > > 			
> > > 		
> > >
> >
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > > 		ml"
> > >
> >
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > > ml> 
> > > 		
> > >
> >
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > > 		ml>
> > >
> >
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > > ml>   
> > > 					
> > > 					Or you could modify the existing
> > > f5login like
> > > 		so.
> > > 					
> > > 					I think you have to use the
> > > carrot before the ()
> > > 		to work. I haven't
> > > 					checked this as I am at home and
> > > not on a UNIX
> > > 		system right now. Sorry
> > > 					to lazy to check it out right
> > > now. You might
> > > 		want to uncomment the line
> > > 					below 3. and comment out the
> > > line below 2. and
> > > 		see if that works. This
> > > 					is the only point in the code
> > > that I see it look
> > > 		for login in any line.
> > > 					If that doesn't work send me
> > > back the debug and
> > > 		I will see what I can
> > > 					do. I am sure some people that
> > > use expect more
> > > 		often then I can probably
> > > 					quickly tell you what to use as
> > > syntax there.
> > > 					
> > > 					# Figure out prompts
> > > 					   set u_prompt [find userprompt
> > > $router
> > > 					if { "$u_prompt" == "" } {
> > > 					       #1. ORIGINAL
> > > 					       #set u_prompt
> > > 		"^(Username|Login|login|user name):"
> > > 					       #2. Modified to read for
> > > a line beginning
> > > 		with 
> > > 					Username,Login,login, or
> > > 					user name.
> > > 					       set u_prompt
> > > "^(Username|Login|login|user
> > > 		name):"
> > > 					       #3. Modified to read for
> > > a line beginning
> > > 		with Login or login. 
> > > 					but I
> > > 					may be wrong
> > > 					       #set u_prompt
> > > 		"^(Username|^Login|^login|user name):"
> > > 					   } else {
> > > 					       set u_prompt [join
> > > [lindex $u_prompt 0]
> > > 		""]
> > > 					
> > > 					
> > > 					Let me know if this works for
> > > you.
> > > 					
> > > 					-Lance
> > > 					
> > > 					      
> > > 		
> > > 						-------- Original
> > > Message --------
> > > 						Subject: Re: [rancid]
> > > F5 load balancer
> > > 		support
> > > 						From: Sam Munzani 
> > > <smunzani at comcast.net> <mailto:smunzani at comcast.net> 
> > > 		<mailto:smunzani at comcast.net>
> > > <mailto:smunzani at comcast.net>  
> > > 						Date: Fri, July 13, 2007
> > > 2:30 pm
> > > 						To: Lance 
> > > <rancid at gheek.net> <mailto:rancid at gheek.net> 
> > > 		<mailto:rancid at gheek.net> <mailto:rancid at gheek.net>  
> > > 						Cc: 
> > > rancid-discuss at shrubbery.net
> > > 						
> > > 						Lance,
> > > 						
> > > 						F5 login works fine with
> > > a minor error.
> > > 						
> > > 						$ f5login test-f5-01
> > > 						test-f5-01
> > > 						spawn ssh -c 3des -x -l
> > > root test-f5-01
> > > 						Password:
> > > 						Last login: Fri Jul 13
> > > 14:26:28 2007
> > > 		from 172.24.100.12
> > > 						root
> > > 						[root at test-f5-01:Active]
> > > config # root
> > > 						-bash: root: command not
> > > found
> > > 						[root at test-f5-01:Active]
> > > config #
> > > 						[root at test-f5-01:Active]
> > > config #
> > > 						[root at test-f5-01:Active]
> > > config #
> > > 						
> > > 						I don't know how to
> > > debug otherwise I
> > > 		would turn on debug too. If you
> > > 						can provide some hints
> > > on debug, I would
> > > 		appreciate it.
> > > 						
> > > 						Thanks,
> > > 						Sam
> > > 						        
> > > 		
> > > 						What error(s) do you get
> > > when you try to
> > > 		run your f5rancid?
> > > 						
> > > 						Where does it fail if
> > > you debug your
> > > 		f5login?
> > > 						
> > > 						
> > > 						-lance
> > > 						
> > > 						
> > > 						          
> > > 		
> > > 						-------- Original
> > > Message --------
> > > 						Subject: [rancid]  F5
> > > load balancer
> > > 		support
> > > 						From: Sam Munzani 
> > > <smunzani at comcast.net> <mailto:smunzani at comcast.net> 
> > > 		<mailto:smunzani at comcast.net>
> > > <mailto:smunzani at comcast.net>  
> > > 						Date: Fri, July 13, 2007
> > > 12:45 pm
> > > 						To: 
> > > rancid-discuss at shrubbery.net
> > > 						
> > > 						Hi,
> > > 						
> > > 						Did anybody happened to
> > > hack one of
> > > 		Cisco scripts to support 
> > > 						            
> > > 		
> > > 					BigIP F5
> > > 					      
> > > 		
> > > 						boxes? It should be
> > > pretty simple. All I
> > > 		want to do is login and
> > > 						            
> > > 		
> > > 						type "b
> > > 						        
> > > 		
> > > 						list" which is
> > > equivalent of "show run"
> > > 		on cisco.
> > > 						
> > > 						However for some reason
> > > things not
> > > 		working. All I did was copied
> > > 						            
> > > 		
> > > 						clogin
> > > 						        
> > > 		
> > > 						to f5login, copied
> > > rancid to f5rancid
> > > 		and added following to
> > > 						            
> > > 		
> > > 						rancid-fe.
> > > 						        
> > > 		
> > > 						elsif ($vendor =~
> > > /^f5$/i)
> > > 		{ exec('f5rancid', 
> > > 						            
> > > 		
> > > 					$router); }
> > > 					      
> > > 		
> > > 						Then modified f5 rancid
> > > file and kept
> > > 		only one command in list of
> > > 						commands "b list".
> > > 						
> > > 						For some reason its not
> > > working. I can
> > > 		post my configs here if
> > > 						            
> > > 		
> > > 						somebody
> > > 						        
> > > 		
> > > 						like to see them.
> > > 						
> > > 						Thanks,
> > > 						Sam
> > > 			
> > > 		_______________________________________________
> > > 						Rancid-discuss mailing
> > > list
> > > 						
> > > Rancid-discuss at shrubbery.net
> > > 			
> > > 		
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > > 						
> > > 						            
> > > 		
> > > 						
> > > 						          
> > > 		
> > > 	
> > > _______________________________________________
> > > 					Rancid-discuss mailing list
> > > 					Rancid-discuss at shrubbery.net
> > > 			
> > > 		
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > > 					
> > > 					      
> > > 		
> > > 			
> > > 			_______________________________________________
> > > 			Rancid-discuss mailing list
> > > 			Rancid-discuss at shrubbery.net
> > > 			
> > >
> >
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
> > > _______________________________________
> > > 		Rancid-discuss mailing list
> > > 		Rancid-discuss at shrubbery.net
> > > 		
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > > 		    
> > > 
> > > 	
> > > 	_______________________________________________
> > > 	Rancid-discuss mailing list
> > > 	Rancid-discuss at shrubbery.net
> > > 	http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



More information about the Rancid-discuss mailing list