From olli.janatuinen at gmail.com Fri Aug 1 15:43:40 2008 From: olli.janatuinen at gmail.com (Olli Janatuinen) Date: Fri, 01 Aug 2008 18:43:40 +0300 Subject: [rancid] Rancid with Ethernet Blade Switch for HP Message-ID: <48932F2C.4000404@gmail.com> Hi We have many "GbE2c Ethernet Blade Switch for HP" switches in our company and we want get its configs for Rancid. In HP Blade switches haven't same software than in HP Procurve switches. I can login to switches with hlogin but I can't get configurations. I'm not very good coder but I you can tell me what I need change I think I can get it working. My hlogin and manual config getting log below. Best regards, Olli Janatuinen bash-3.1$ hlogin 10.10.10.2 10.10.10.2 spawn hpuifilter -- telnet 10.10.10.2 Trying 10.10.10.2... Connected to 10.10.10.2 (10.10.10.2). Escape character is '^]'. GbE2c Ethernet Blade Switch for HP c-Class BladeSystem. Copyright(C)2003 Hewlett-Packard Development Company, L.P. Enter password: ------------------------------------------------------------ [Main Menu] Aug 1 11:22:33 NOTICE mgmt: (admin) login from host 10.10.10.3 info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available] >> Main# >> Main# cfg ------------------------------------------------------------ [Configuration Menu] sys - System-wide Parameter Menu port - Port Menu l2 - Layer 2 Menu l3 - Layer 3 Menu rmon - RMON Menu pmirr - Port Mirroring Menu ufd - Uplink Failure Detection Menu dump - Dump current configuration to script file ptcfg - Backup current configuration to TFTP server gtcfg - Restore current configuration from TFTP server cur - Display current configuration >> Configuration# >> Configuration#dump script start "HP c-Class GbE2c Switch" 4 /**** DO NOT EDIT THIS LINE! /* Configuration dump taken 11:22:33 Fri Aug 1, 2008 /* Version 1.1.0, Base MAC address 00:aa:bb:cc:ee:ff /* RackId: Default RUID, RackName: G2 /* Enclosure: AA99883XX1, EnclosureName: test-host /* Slot: 1 /c/sys/ntp on prisrv 10.10.10.4 tzone +2:00 /c/port 1 pvid 3001 <<<<<<<<<<<<< config cutted >>>>>>>>>>>>>>><<<<><<< /c/l3/gw 1 ena addr 10.10.10.1 / script end /**** DO NOT EDIT THIS LINE! >> Configuration# exit Session terminated at 11:22:33 Fri Aug 1, 2008. Connection closed by foreign host. bash-3.1$ From jethro.binks at strath.ac.uk Fri Aug 1 19:15:23 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri, 1 Aug 2008 20:15:23 +0100 (BST) Subject: [rancid] Re: Rancid with Ethernet Blade Switch for HP In-Reply-To: <48932F2C.4000404@gmail.com> References: <48932F2C.4000404@gmail.com> Message-ID: <20080801201051.G50713@defjam.cc.strath.ac.uk> On Fri, 1 Aug 2008, Olli Janatuinen wrote: > We have many "GbE2c Ethernet Blade Switch for HP" switches in our > company and we want get its configs for Rancid. > > In HP Blade switches haven't same software than in HP Procurve switches. > I can login to switches with hlogin but I can't get configurations. > > I'm not very good coder but I you can tell me what I need change I think > I can get it working. > > My hlogin and manual config getting log below. I have some of these, although I haven't got around to getting rancid to work with them yet. If you are using the default AOS CLI, then you may have more success using alogin and arancid rather than hlogin, which are for Alteon's WebOS. If you see the commands in arancid, they are much the same. However, I suspect some refinement will be required, which would be useful to feed back into the alogin/arancid modules. The reason why I haven't done this is because for familiarity reasons, I changed the command mode to be the IOS-like interface rather than the AOS one. Unfortunately it isn't near enough IOS-like for plain cisco rancid/clogin to work well enough just yet, from what I recall. Hope that helps a bit, Jethro. > > Best regards, Olli Janatuinen > > > > > bash-3.1$ hlogin 10.10.10.2 > 10.10.10.2 > spawn hpuifilter -- telnet 10.10.10.2 > Trying 10.10.10.2... > Connected to 10.10.10.2 (10.10.10.2). > Escape character is '^]'. > > GbE2c Ethernet Blade Switch for HP c-Class BladeSystem. > > Copyright(C)2003 Hewlett-Packard Development Company, L.P. > > > Enter password: > ------------------------------------------------------------ > [Main Menu] > > Aug 1 11:22:33 NOTICE mgmt: (admin) login from host 10.10.10.3 > info - Information Menu > stats - Statistics Menu > cfg - Configuration Menu > oper - Operations Command Menu > boot - Boot Options Menu > maint - Maintenance Menu > diff - Show pending config changes [global command] > apply - Apply pending config changes [global command] > save - Save updated config to FLASH [global command] > revert - Revert pending or applied changes [global command] > exit - Exit [global command, always available] > > >> Main# > > > >> Main# cfg > ------------------------------------------------------------ > [Configuration Menu] > sys - System-wide Parameter Menu > port - Port Menu > l2 - Layer 2 Menu > l3 - Layer 3 Menu > rmon - RMON Menu > pmirr - Port Mirroring Menu > ufd - Uplink Failure Detection Menu > dump - Dump current configuration to script file > ptcfg - Backup current configuration to TFTP server > gtcfg - Restore current configuration from TFTP server > cur - Display current configuration > > > >> Configuration# > > >> Configuration#dump > script start "HP c-Class GbE2c Switch" 4 /**** DO NOT EDIT THIS LINE! > /* Configuration dump taken 11:22:33 Fri Aug 1, 2008 > /* Version 1.1.0, Base MAC address 00:aa:bb:cc:ee:ff > /* RackId: Default RUID, RackName: G2 > /* Enclosure: AA99883XX1, EnclosureName: test-host > /* Slot: 1 > /c/sys/ntp > on > prisrv 10.10.10.4 > tzone +2:00 > /c/port 1 > pvid 3001 > > <<<<<<<<<<<<< config cutted >>>>>>>>>>>>>>><<<<><<< > > /c/l3/gw 1 > ena > addr 10.10.10.1 > / > script end /**** DO NOT EDIT THIS LINE! > > >> Configuration# exit > Session terminated at 11:22:33 Fri Aug 1, 2008. > Connection closed by foreign host. > bash-3.1$ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From steve at host-it.co.uk Mon Aug 4 16:14:54 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Mon, 4 Aug 2008 17:14:54 +0100 Subject: [rancid] hlogin script to ProCurve 2650 Message-ID: <073801c8f64d$3b035d10$b10a1730$@co.uk> Hi We are just trying to add some ProCurve switches to RANCID. I have got various PIX and ASA's on rancid, but this is my first attempt at a HP device. I have setup the method for this as {telnet} above the add method * line so it tries to use telnet rather than ssh for this device. When I run hlogin I see the following: nagios-1:/usr/local/rancid/var/mkone# hlogin spawn hpuifilter -- telnet Trying ... Connected to Escape character is '^]'. ProCurve J4899B Switch 2650 Software revision H.10.50 Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 procurve Press any key to continuePassword: ProCurve Switch 2650# To me, this looks to be all ok (after testing with telnet straight away), however, when I get to this point, the session seems to die, and I cannot do anything on the switch, then the connection times out after a short while and disconnects. I have tried manually telnetting to the device, and can run commands on the switch no problems (sh run etc), and get output. Also, is there any way to use rancid to connect to a device on multiple ports? For instance I would like to get rancid to get configurations from 2 switches, where the gateway forwards the relevant port to the relevant switch. Eg telnet 1.2.3.4 on port 23 telnet 1.2.3.4 on port 45. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080804/7c1bef59/attachment.html From olli.janatuinen at gmail.com Mon Aug 4 16:42:30 2008 From: olli.janatuinen at gmail.com (Olli Janatuinen) Date: Mon, 04 Aug 2008 19:42:30 +0300 Subject: [rancid] Re: Rancid with Ethernet Blade Switch for HP In-Reply-To: <20080801201051.G50713@defjam.cc.strath.ac.uk> References: <48932F2C.4000404@gmail.com> <20080801201051.G50713@defjam.cc.strath.ac.uk> Message-ID: <48973176.4040407@gmail.com> Hi Peter Serwe tell me that Blade Switch for HP are actually Nortel (formerly Alteon products) OEM'd to HP. They works with alteon mode doesn't need any changes to code or devices. So problem is solved and I'm happy. I think that is good idea add description to alteon mode that they works with HP Blade Switches too. Best regards, Olli Janatuinen Jethro R Binks wrote: > On Fri, 1 Aug 2008, Olli Janatuinen wrote: > >> We have many "GbE2c Ethernet Blade Switch for HP" switches in our >> company and we want get its configs for Rancid. >> >> In HP Blade switches haven't same software than in HP Procurve switches. >> I can login to switches with hlogin but I can't get configurations. >> >> I'm not very good coder but I you can tell me what I need change I think >> I can get it working. >> >> My hlogin and manual config getting log below. > > I have some of these, although I haven't got around to getting rancid to > work with them yet. > > If you are using the default AOS CLI, then you may have more success using > alogin and arancid rather than hlogin, which are for Alteon's WebOS. If > you see the commands in arancid, they are much the same. However, I > suspect some refinement will be required, which would be useful to feed > back into the alogin/arancid modules. > > The reason why I haven't done this is because for familiarity reasons, I > changed the command mode to be the IOS-like interface rather than the AOS > one. Unfortunately it isn't near enough IOS-like for plain cisco > rancid/clogin to work well enough just yet, from what I recall. > > Hope that helps a bit, > > Jethro. From babydr at baby-dragons.com Mon Aug 4 19:09:08 2008 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Mon, 4 Aug 2008 11:09:08 -0800 (AKDT) Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <073801c8f64d$3b035d10$b10a1730$@co.uk> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> Message-ID: Hello Steve , On Mon, 4 Aug 2008, Steve Ousley wrote: > Hi > We are just trying to add some ProCurve switches to RANCID. I have got > various PIX and ASA's on rancid, but this is my first attempt at a HP > device. > > I have setup the method for this as {telnet} above the add method * line so > it tries to use telnet rather than ssh for this device. > > When I run hlogin I see the following: > > nagios-1:/usr/local/rancid/var/mkone# hlogin > > spawn hpuifilter -- telnet > Trying ... > Connected to > Escape character is '^]'. > ProCurve J4899B Switch 2650 > Software revision H.10.50 > > Copyright (C) 1991-2007 Hewlett-Packard Co. All Rights Reserved. > > RESTRICTED RIGHTS LEGEND > > Use, duplication, or disclosure by the Government is subject to > restrictions > as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data > and > Computer Software clause at 52.227-7013. > > HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 > > procurve > > Press any key to continuePassword: > ProCurve Switch 2650# > > To me, this looks to be all ok (after testing with telnet straight away), > however, when I get to this point, the session seems to die, and I cannot do > anything on the switch, then the connection times out after a short while > and disconnects. Please see both of the attachments . One is a patch to Rancid's hlogin command that will appease the 'Press any key' gods , Tho Mr. john heasley has a better approach that would basically do the same thing . The second is a method to get a ProCurve (of the version specified) back from Menu Mode . Tho it does not look like you need that help . > I have tried manually telnetting to the device, and can run commands on the > switch no problems (sh run etc), and get output. > Also, is there any way to use rancid to connect to a device on multiple > ports? For instance I would like to get rancid to get configurations from 2 > switches, where the gateway forwards the relevant port to the relevant > switch. Eg telnet 1.2.3.4 on port 23 telnet 1.2.3.4 on port 45. I'm no help to you here , Also be patient , wait a good while before getting upset about not geeing responses , Many on this list will respond eventually they are all extremely busy . > Regards > Steve Ousley - SO620-RIPE > Nuco Technologies Ltd > steve at host-it.co.uk > www.nucotechnologies.com > Tel. 0870 165 1300 > Nuco Technologies Ltd is a company registered in England and Wales > with company number 04470751 Hth , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- From babydr at baby-dragons.com Fri May 16 12:25:20 2008 Date: Fri, 16 May 2008 12:25:19 -0800 (AKDT) From: Mr. James W. Laferriere To: rancid Subject: Getting the HP Procurve 2534 J4813A Release #F.05.59 back to CLI , Howto Hello All , As 'manager' account goto menu mode . Goto 'Run Setup' Press Goto 'Edit' , Press Goto 'Logon Default : ' Field , Hit 'Space bar' , <<< this toggles between modes >>> Press Goto 'Save' , Press Should take you back to the 'main menu' . After that it's all upto you . For this device & firmware version 'hlogin' is the program to use . Setup a 'manager' user & then add something like ... To .cloginrc . add autoenable *-sw* {1} add user *-sw* {ManagerUser} add password *-sw* {ManagerPassword} {nosuchpassword} add method *-sw* ssh telnet Hth , JimL ps: DISREGARD any previous patches to flogin as that was a BAD start . -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- --- /usr/local/rancid/bin/hlogin-v1_40-20061208 2008-05-15 17:00:00.000000000 -0800 +++ /usr/local/rancid/bin/hlogin 2008-05-21 15:49:26.000000000 -0800 @@ -473,13 +473,45 @@ return 0 } +# Check (as best we can) if we are on a HP router or switch . +# Actually checking if is a router & saying otherwise it's a switch . +# & Set the pageR off variable . +proc chk_rtr {in_proc prompt timeout} { + set old_Timeout $timeout + set timeout 5 + global pageR + set Buffer "" + log_user 0 + exp_send "show version\r" + expect { + -re "Image stamp|Router" { + set Buffer $expect_out(0,string); + } + } + log_user 1 + if { $Buffer eq "Image stamp" } { + # I'm a SWITCH ... + set pageR "no page" + } + if { $Buffer eq "Router" } { + # I'm a ROUTER ... + set pageR "terminal length 0" + } + if { $Buffer eq "" } { + # Default to (hoping) I'm a ROUTER ... + set pageR "terminal length 0" + } + set timeout $old_Timeout + return +} + # Run commands given on the command line. -proc run_commands { prompt command } { + proc run_commands { prompt command pageR } { global in_proc platform set in_proc 1 - + # Turn off the pager and escape regex meta characters in the $prompt - send "terminal length 0\r" + send "$pageR\r" regsub -all "\[)(]" $prompt {\\&} reprompt expect { -re $reprompt {} @@ -716,14 +748,16 @@ -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set prompt $expect_out(0,string); } } - + # check if we are on a route or not , + # & Set pageR variable accordingly . + chk_rtr $in_proc $prompt $timeout if { $do_command } { - if {[run_commands $prompt $command]} { + if {[run_commands $prompt $command $pageR]} { continue } } elseif { $do_script } { # disable the pager - send "terminal length 0\r" + send "$pageR\r" expect -re $prompt {} source $sfile close From olli.janatuinen at gmail.com Tue Aug 5 07:31:58 2008 From: olli.janatuinen at gmail.com (Olli Janatuinen) Date: Tue, 5 Aug 2008 10:31:58 +0300 Subject: [rancid] telnet/ssh connections through socks proxy? Message-ID: <60b0603e0808050031y6db6b6c6gf2aeb621cb50a796@mail.gmail.com> Hi Is there any possible way add rancid connect to some devices with telnet/ssh through socks proxy? We need backup devices behind firewall but there isn't possible allow direct connections to devices. Best regards, Olli Janatuinen From steve at host-it.co.uk Tue Aug 5 08:16:24 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Tue, 5 Aug 2008 09:16:24 +0100 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: References: <073801c8f64d$3b035d10$b10a1730$@co.uk> Message-ID: <080501c8f6d3$8d0e34f0$a72a9ed0$@co.uk> -----Original Message----- From: Mr. James W. Laferriere [mailto:babydr at baby-dragons.com] Sent: 04 August 2008 20:09 To: Steve Ousley Cc: rancid Subject: Re: [rancid] hlogin script to ProCurve 2650 >Please see both of the attachments . One is a patch to Rancid's hlogin command that will appease the 'Press any key' gods , >Tho Mr. john heasley has a better approach that would basically do the same thing . The second is a method to get a ProCurve >(of the version specified) back from Menu Mode . Tho it does not look like you need that help . Thanks for this James, I will have a look at this, as you say, doesn't look like the switch is in menu mode, so that doesn't look to be what I need to do. I may wait a week or so, to see if anything else appears (It is not critical that this switch gets backed up immediately), if not, maybe apply the patch (is it possible to undo this, or should I backup the rancid directory?). >I'm no help to you here , Also be patient , wait a good while before getting upset about not geeing responses , >Many on this list will respond eventually they are all extremely busy . Yep, I understand this, I usually take no answer as an "I don't know the answer", and as this is probably a bit of a strange request, I can see that it may also be requested by a few others. We shall see what happens with this one I suppose. :) Thanks again. Steve From chrismcc at pricegrabber.com Tue Aug 5 18:25:49 2008 From: chrismcc at pricegrabber.com (Christopher McCrory) Date: Tue, 05 Aug 2008 11:25:49 -0700 Subject: [rancid] rancid and radius auth with restricted perms Message-ID: <1217960749.6827.13.camel@localhost> Hello... I have been using rancid for a while on our core network equipment. I'd like to add a bunch of access layer switches ( 2960s/3560s) to my rancid setup. Very few people have access to my core equipment so I have not had the need to set up tacacs/radius/kerberos auth. Does anyone have a cookie cutter radius ( freeradius) config to restrict a rancid user to the minimum required commands to function? (I can setup the radius part, it is the command restriction that is stumping me) I googled around and looked through my list archives, but could not find much info. The closest I could find was http://wiki.freeradius.org/Cisco#Command_Authorization where the restrict 'show' was broken by cisco. Thanks for any help. -- Christopher McCrory "The guy that keeps the servers running" To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be. From thecomputerking at gmail.com Tue Aug 5 20:42:43 2008 From: thecomputerking at gmail.com (Riley Tompkins) Date: Tue, 5 Aug 2008 16:42:43 -0400 Subject: [rancid] Re: rancid and radius auth with restricted perms In-Reply-To: <1217960749.6827.13.camel@localhost> References: <1217960749.6827.13.camel@localhost> Message-ID: <337a72540808051342h14407639o2fd5568bd219b252@mail.gmail.com> I have used privilege levels in RADIUS with success, see link. -Charles http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml On Tue, Aug 5, 2008 at 2:25 PM, Christopher McCrory wrote: > Hello... > > I have been using rancid for a while on our core network equipment. > I'd like to add a bunch of access layer switches ( 2960s/3560s) to my > rancid setup. Very few people have access to my core equipment so I > have not had the need to set up tacacs/radius/kerberos auth. Does > anyone have a cookie cutter radius ( freeradius) config to restrict a > rancid user to the minimum required commands to function? (I can setup > the radius part, it is the command restriction that is stumping me) > > I googled around and looked through my list archives, but could not find > much info. The closest I could find was > http://wiki.freeradius.org/Cisco#Command_Authorization where the > restrict 'show' was broken by cisco. > > Thanks for any help. > > > -- > Christopher McCrory > "The guy that keeps the servers running" > > To the optimist, the glass is half full. > To the pessimist, the glass is half empty. > To the engineer, the glass is twice as big as it needs to be. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Atif.SIDDIQUI at HydroOne.com Wed Aug 6 15:33:41 2008 From: Atif.SIDDIQUI at HydroOne.com (Atif.SIDDIQUI at HydroOne.com) Date: Wed, 6 Aug 2008 11:33:41 -0400 Subject: [rancid] cvs web support on RedHat Message-ID: <41BBAE5132ABA54BB2BA8716254F03D6DE9724@1104MILPEV.corp.hydroone.com> Hi, Does Redhat support CVS Web option? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080806/1c1f16f6/attachment.html From SMartin at sourceinterlink.com Wed Aug 6 15:52:15 2008 From: SMartin at sourceinterlink.com (Martin, Seth) Date: Wed, 6 Aug 2008 11:52:15 -0400 Subject: [rancid] Re: cvs web support on RedHat In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D6DE9724@1104MILPEV.corp.hydroone.com> References: <41BBAE5132ABA54BB2BA8716254F03D6DE9724@1104MILPEV.corp.hydroone.com> Message-ID: <79B77295FBC9F247A32A6C98B67B1E14017FDFC2@srv-1exch01.sourceinterlink.com> I'm not sure which repository its in but you can install it with Yum: yum install viewvc _____________________________________________________________________ Seth Martin ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Atif.SIDDIQUI at HydroOne.com Sent: Wednesday, August 06, 2008 11:34 AM To: Rancid-discuss at shrubbery.net Subject: [rancid] cvs web support on RedHat Hi, Does Redhat support CVS Web option? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080806/2d221207/attachment.html From Emmanuel.Halbwachs at obspm.fr Wed Aug 6 16:08:34 2008 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Wed, 6 Aug 2008 18:08:34 +0200 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <073801c8f64d$3b035d10$b10a1730$@co.uk> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> Message-ID: <20080806160834.GN20955@siolinf.obspm.fr> Hello, Steve Ousley a ?crit (Mon, Aug 04, 2008 at 05:14:54PM +0100) : > We are just trying to add some ProCurve switches to RANCID. I have > got various PIX and ASA?s on rancid, but this is my first attempt at > a HP device. By the way, as an HP Procurve user, this patch from John Heasley was extremely useful : http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002720.html HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From steve at host-it.co.uk Wed Aug 6 16:58:12 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Wed, 6 Aug 2008 17:58:12 +0100 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <20080806160834.GN20955@siolinf.obspm.fr> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> <20080806160834.GN20955@siolinf.obspm.fr> Message-ID: <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> Hi All I have had a look at this patch, and edited the "hlogin" script as per the patch, however now I get a different problem, when I hlogin I simply see it state "Invalid Password" 3 times, and then the session terminate with "unable to login", followed by the connection closing immediately. Any body else seen this at all? Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: Emmanuel Halbwachs [mailto:Emmanuel.Halbwachs at obspm.fr] Sent: 06 August 2008 17:09 To: Steve Ousley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] hlogin script to ProCurve 2650 Hello, Steve Ousley a ?crit (Mon, Aug 04, 2008 at 05:14:54PM +0100) : > We are just trying to add some ProCurve switches to RANCID. I have > got various PIX and ASA?s on rancid, but this is my first attempt at > a HP device. By the way, as an HP Procurve user, this patch from John Heasley was extremely useful : http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002720.html HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From steve at host-it.co.uk Wed Aug 6 18:41:34 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Wed, 6 Aug 2008 19:41:34 +0100 Subject: [rancid] Moving a device between groups, and keeping the revisions Message-ID: <09c801c8f7f4$0d7d8570$28789050$@co.uk> Hi Guys Is this possible? I have just renamed a device as per the FAQ, and it has successfully kept all the revision history etc. We also have some firewalls that have been removed, but would like to keep the data, is it possible to follow the same procedure for "renaming" a device, and keeping the history as it is for moving between groups? For instance if I did: % su - rancid_user % cd % echo " device_name:device_type:up" >> unused/router.db % cp -p CVS/used/configs/ device_name,v \ CVS/unused/configs/device_name,v % cd used/configs % cvs update % cd unused/configs % cvs update Personally I cannot see anything wrong with this (not sure about the need to run the second command, but thought that since I'm changing both groups, that would be wise), can anyone see any possible pitfalls with doing it this way? Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080806/098fc7cc/attachment.html From heas at shrubbery.net Wed Aug 6 18:54:25 2008 From: heas at shrubbery.net (john heasley) Date: Wed, 6 Aug 2008 11:54:25 -0700 Subject: [rancid] Re: Moving a device between groups, and keeping the revisions In-Reply-To: <09c801c8f7f4$0d7d8570$28789050$@co.uk> References: <09c801c8f7f4$0d7d8570$28789050$@co.uk> Message-ID: <20080806185425.GQ19089@shrubbery.net> Wed, Aug 06, 2008 at 07:41:34PM +0100, Steve Ousley: > Hi Guys > > > > Is this possible? I have just renamed a device as per the FAQ, and it has > successfully kept all the revision history etc. > > > > We also have some firewalls that have been removed, but would like to keep > the data, is it possible to follow the same procedure for "renaming" a > device, and keeping the history as it is for moving between groups? For > instance if I did: > > > > % su - rancid_user > > % cd > > % echo " device_name:device_type:up" >> unused/router.db you mean 'down' > % cp -p CVS/used/configs/ device_name,v \ > > CVS/unused/configs/device_name,v > > % cd used/configs not necessary > % cvs update not necessary > % cd unused/configs > > % cvs update > > > > Personally I cannot see anything wrong with this (not sure about the need to > run the second command, but thought that since I'm changing both groups, > that would be wise), can anyone see any possible pitfalls with doing it this > way? > > > > Steve Ousley - SO620-RIPE > > Nuco Technologies Ltd > > steve at host-it.co.uk > > www.nucotechnologies.com > > Tel. 0870 165 1300 > > > > Nuco Technologies Ltd is a company registered in England and Wales > with company number 04470751 > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From steve at host-it.co.uk Wed Aug 6 18:56:58 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Wed, 6 Aug 2008 19:56:58 +0100 Subject: [rancid] Re: Moving a device between groups, and keeping the revisions In-Reply-To: <20080806185425.GQ19089@shrubbery.net> References: <09c801c8f7f4$0d7d8570$28789050$@co.uk> <20080806185425.GQ19089@shrubbery.net> Message-ID: <09d301c8f7f6$33c2f790$9b48e6b0$@co.uk> >> % echo " device_name:device_type:up" >> unused/router.db >you mean 'down' Hmmm, I can see what you're saying there. That seems to be more sensible since if the firewall is no longer there, then it wont be able to get the updated config in the "unused" group will it!! Lol Thanks John! Why am I soooooo stupid at times!! Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From cgauthier at mapscu.com Wed Aug 6 19:09:11 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Wed, 6 Aug 2008 12:09:11 -0700 Subject: [rancid] Re: Moving a device between groups, and keeping the revisions In-Reply-To: <09d301c8f7f6$33c2f790$9b48e6b0$@co.uk> References: <09c801c8f7f4$0d7d8570$28789050$@co.uk><20080806185425.GQ19089@shrubbery.net> <09d301c8f7f6$33c2f790$9b48e6b0$@co.uk> Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381276BC98@mshin01.mapscu.com> That should be added to the FAQ. That's useful info!!! Chris Gauthier, CCNA Network Administrator Marion and Polks Schools Credit Union cgauthier at mapscu.com (503) 588-0181 x3401 Voice (503) 779-1083 Fax -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Wednesday, August 06, 2008 11:57 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Moving a device between groups,and keeping the revisions >> % echo " device_name:device_type:up" >> unused/router.db >you mean 'down' Hmmm, I can see what you're saying there. That seems to be more sensible since if the firewall is no longer there, then it wont be able to get the updated config in the "unused" group will it!! Lol Thanks John! Why am I soooooo stupid at times!! Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bgmilne at staff.telkomsa.net Thu Aug 7 07:18:28 2008 From: bgmilne at staff.telkomsa.net (Buchan Milne) Date: Thu, 7 Aug 2008 09:18:28 +0200 Subject: [rancid] Re: cvs web support on RedHat In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D6DE9724@1104MILPEV.corp.hydroone.com> References: <41BBAE5132ABA54BB2BA8716254F03D6DE9724@1104MILPEV.corp.hydroone.com> Message-ID: <200808070918.29461.bgmilne@staff.telkomsa.net> On Wednesday 06 August 2008 17:33:41 Atif.SIDDIQUI at hydroone.com wrote: > Does Redhat support CVS Web option? Both viewvc and cvsweb are now available in the EPEL repo for RHEL4 and RHEL5. Regards, Buchan From steve at host-it.co.uk Thu Aug 7 12:01:19 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Thu, 7 Aug 2008 13:01:19 +0100 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> <20080806160834.GN20955@siolinf.obspm.fr> <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> Message-ID: <0ad701c8f885$4da050b0$e8e0f210$@co.uk> OK, a colleague of mine had actually changed the password on the switch, causing this, now with the patch applied, I can log in to the switch, however nothing has changed, when running something like sh run (works when I manually telnet in) it just hangs, then disconnects. It looks like hlogin is not handing over the control of the shell to me with the interact command, however I could be well off with this one. Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: 06 August 2008 17:58 To: rancid-discuss at shrubbery.net Subject: [rancid] Re: hlogin script to ProCurve 2650 Hi All I have had a look at this patch, and edited the "hlogin" script as per the patch, however now I get a different problem, when I hlogin I simply see it state "Invalid Password" 3 times, and then the session terminate with "unable to login", followed by the connection closing immediately. Any body else seen this at all? Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: Emmanuel Halbwachs [mailto:Emmanuel.Halbwachs at obspm.fr] Sent: 06 August 2008 17:09 To: Steve Ousley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] hlogin script to ProCurve 2650 Hello, Steve Ousley a ?crit (Mon, Aug 04, 2008 at 05:14:54PM +0100) : > We are just trying to add some ProCurve switches to RANCID. I have > got various PIX and ASA?s on rancid, but this is my first attempt at > a HP device. By the way, as an HP Procurve user, this patch from John Heasley was extremely useful : http://www.shrubbery.net/pipermail/rancid-discuss/2008-January/002720.html HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Emmanuel.Halbwachs at obspm.fr Thu Aug 7 12:20:53 2008 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Thu, 7 Aug 2008 14:20:53 +0200 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <0ad701c8f885$4da050b0$e8e0f210$@co.uk> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> <20080806160834.GN20955@siolinf.obspm.fr> <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> <0ad701c8f885$4da050b0$e8e0f210$@co.uk> Message-ID: <20080807122053.GB6155@sioling.obspm.fr> Hello, Steve Ousley a ?crit (Thu, Aug 07, 2008 at 01:01:19PM +0100) : > however nothing has changed, when running something like sh run (works when > I manually telnet in) it just hangs, then disconnects. It looks like hlogin > is not handing over the control of the shell to me with the interact > command, however I could be well off with this one. Well, it works straight ahead here. I'm using Debian etch's rancid Paquet?: rancid-core Version?: 2.3.1-1 with John Heasley's patch I cited previously. Example of output : # /usr/lib/rancid/bin/hlogin -v shhhh -e shhhh -c "sh run" sw-m-b15-27-1 sw-m-b15-27-1 spawn hpuifilter -- telnet sw-m-b15-27-1 Trying 145.238.***.***... Connected to sw-m-b15-27-1.obspm.fr. Escape character is '^]'. ProCurve J4899B Switch 2650 Firmware revision H.08.83 Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Password: sw-m-b15-27-1> enable Password: sw-m-b15-27-1# sw-m-b15-27-1# no page sw-m-b15-27-1# sh run Running configuration: ; J4899B Configuration Editor; Created on release #H.08.83 hostname "sw-m-b15-27-1" [etc. the whole configuration] sw-m-b15-27-1#exit sw-m-b15-27-1> exit Do you want to log out [y/n]? y Connection closed by foreign host. # HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From steve at host-it.co.uk Thu Aug 7 12:33:00 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Thu, 7 Aug 2008 13:33:00 +0100 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <20080807122053.GB6155@sioling.obspm.fr> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> <20080806160834.GN20955@siolinf.obspm.fr> <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> <0ad701c8f885$4da050b0$e8e0f210$@co.uk> <20080807122053.GB6155@sioling.obspm.fr> Message-ID: <0ad801c8f889$ba7cd3d0$2f767b70$@co.uk> Hi Emmanuel I am using the source from rancid's site, however this is hosted on Debian Etch (I didn't realise it was in apt). I have tried running hlogin with the command you pasted below (with the passwords changed for the right ones) and I simply get an error: -bash: : event not found I have also tried without the either the -v and -e parts, and also with both of these removed, but with the -c "sh run", and it logs into the switch no problems, however it still fails to do anything once it has logged in. The only difference I can see from your output to mine is that yours gives you the > prompt and then enables where the one I have here simply goes straight to the #prompt (enabled I assume). I have also tried this with -noenable and -autoenable, but with the same result. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: Emmanuel Halbwachs [mailto:Emmanuel.Halbwachs at obspm.fr] Sent: 07 August 2008 13:21 To: Steve Ousley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: hlogin script to ProCurve 2650 Hello, Steve Ousley a ?crit (Thu, Aug 07, 2008 at 01:01:19PM +0100) : > however nothing has changed, when running something like sh run (works when > I manually telnet in) it just hangs, then disconnects. It looks like hlogin > is not handing over the control of the shell to me with the interact > command, however I could be well off with this one. Well, it works straight ahead here. I'm using Debian etch's rancid Paquet?: rancid-core Version?: 2.3.1-1 with John Heasley's patch I cited previously. Example of output : # /usr/lib/rancid/bin/hlogin -v shhhh -e shhhh -c "sh run" sw-m-b15-27-1 sw-m-b15-27-1 spawn hpuifilter -- telnet sw-m-b15-27-1 Trying 145.238.***.***... Connected to sw-m-b15-27-1.obspm.fr. Escape character is '^]'. ProCurve J4899B Switch 2650 Firmware revision H.08.83 Copyright (C) 1991-2005 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Password: sw-m-b15-27-1> enable Password: sw-m-b15-27-1# sw-m-b15-27-1# no page sw-m-b15-27-1# sh run Running configuration: ; J4899B Configuration Editor; Created on release #H.08.83 hostname "sw-m-b15-27-1" [etc. the whole configuration] sw-m-b15-27-1#exit sw-m-b15-27-1> exit Do you want to log out [y/n]? y Connection closed by foreign host. # HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From Emmanuel.Halbwachs at obspm.fr Thu Aug 7 12:47:58 2008 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Thu, 7 Aug 2008 14:47:58 +0200 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <0ad801c8f889$ba7cd3d0$2f767b70$@co.uk> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> <20080806160834.GN20955@siolinf.obspm.fr> <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> <0ad701c8f885$4da050b0$e8e0f210$@co.uk> <20080807122053.GB6155@sioling.obspm.fr> <0ad801c8f889$ba7cd3d0$2f767b70$@co.uk> Message-ID: <20080807124758.GD6155@sioling.obspm.fr> Steve Ousley a ?crit (Thu, Aug 07, 2008 at 01:33:00PM +0100) : > > I'm using Debian etch's rancid > > > > Paquet?: rancid-core > > Version?: 2.3.1-1 > Oops, sorry, on this box it's still sarge (Debian oldstable). The version for etch is : $ aptitude show rancid-core Paquet?: rancid-core [...] Version?: 2.3.1-4 Anyway, you're using shruberry's source. > (I didn't realise it was in apt). Yes, in the non-free section. > The only difference I can see from your output to mine is that yours gives > you the > prompt and then enables where the one I have here simply goes > straight to the #prompt (enabled I assume). My usage of rancid is very limited: I have an empty ~root/.cloginrc, thus no configuration. I only use the command-line options and use {c,h}login in shell loops. My advice would be first to restart from scratch : install Debian's plain rancid on an etch box, apply the patch and then test hlogin with an empty .cloginrc. HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From steve at host-it.co.uk Thu Aug 7 13:34:32 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Thu, 7 Aug 2008 14:34:32 +0100 Subject: [rancid] Re: hlogin script to ProCurve 2650 In-Reply-To: <20080807124758.GD6155@sioling.obspm.fr> References: <073801c8f64d$3b035d10$b10a1730$@co.uk> <20080806160834.GN20955@siolinf.obspm.fr> <09bf01c8f7e5$9c873fe0$d595bfa0$@co.uk> <0ad701c8f885$4da050b0$e8e0f210$@co.uk> <20080807122053.GB6155@sioling.obspm.fr> <0ad801c8f889$ba7cd3d0$2f767b70$@co.uk> <20080807124758.GD6155@sioling.obspm.fr> Message-ID: <0ad901c8f892$5308abd0$f91a0370$@co.uk> Hi Emmanuel I have just tried this with the debian mirror version of rancid, and I have exactly the same issue there, even with the patch applied. I don?t even know how to debug this problem. Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: Emmanuel Halbwachs [mailto:Emmanuel.Halbwachs at obspm.fr] Sent: 07 August 2008 13:48 To: Steve Ousley Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: hlogin script to ProCurve 2650 Steve Ousley a ?crit (Thu, Aug 07, 2008 at 01:33:00PM +0100) : > > I'm using Debian etch's rancid > > > > Paquet?: rancid-core > > Version?: 2.3.1-1 > Oops, sorry, on this box it's still sarge (Debian oldstable). The version for etch is : $ aptitude show rancid-core Paquet?: rancid-core [...] Version?: 2.3.1-4 Anyway, you're using shruberry's source. > (I didn't realise it was in apt). Yes, in the non-free section. > The only difference I can see from your output to mine is that yours gives > you the > prompt and then enables where the one I have here simply goes > straight to the #prompt (enabled I assume). My usage of rancid is very limited: I have an empty ~root/.cloginrc, thus no configuration. I only use the command-line options and use {c,h}login in shell loops. My advice would be first to restart from scratch : install Debian's plain rancid on an etch box, apply the patch and then test hlogin with an empty .cloginrc. HTH, -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX From steve at host-it.co.uk Fri Aug 8 08:33:48 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Fri, 8 Aug 2008 09:33:48 +0100 Subject: [rancid] Re: Moving a device between groups, and keeping the revisions In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381276BC98@mshin01.mapscu.com> References: <09c801c8f7f4$0d7d8570$28789050$@co.uk><20080806185425.GQ19089@shrubbery.net> <09d301c8f7f6$33c2f790$9b48e6b0$@co.uk> <0A9A5A2BC1C0A94C981AF5FCF2D2F3381276BC98@mshin01.mapscu.com> Message-ID: <0b9d01c8f931$7a6c97f0$6f45c7d0$@co.uk> -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Wednesday, August 06, 2008 11:57 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Moving a device between groups,and keeping the revisions >> % echo " device_name:device_type:up" >> unused/router.db >you mean 'down' OK, I have found a better solution than this. Since the device will no longer be actually used, therefore rancid will not be able to get a configuration from it, I have done some testing with deleting devices, which works even better than marking it as "down" because it in fact moves the configs to the Attic of CVS, which basically does what I wanted (get it out of the main area for the configs). This is all working great (other than the ProCurve, but we shall see if I go any further with that one) and even better that I have now got a wrapper script round Rancid that even gets the list of devices to backup from a MySQL database. :) So I can, in fact, add firewalls to be backed up through a web admin panel. :D Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From peter.serwe at gmail.com Mon Aug 18 18:24:43 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Mon, 18 Aug 2008 11:24:43 -0700 Subject: [rancid] Getting rancid to issue a command prior to pulling the config? Message-ID: I have a bunch of Adtran routers that have a rather annoying issue of displaying log messages to STDOUT while rancid is pulling it's configuration. I pull hourly. Unfortunately, it's not possible to turn this logging off without issuing a command for every session: "no events" I currently use clogin because AOS (Adtran, not Alteon) is IOS-like enough for at least the configuration to be pulled accurately, even if the flash and a few other commands fail. Is there a way for me to modify the .cloginrc file to have this command issued for something like.. *.cpe.mydomin.tld? Or, what would I have to modify if not? While I'm fairly decent at using rancid, I'm not so good at understanding the structure of the application and what's where.. Any help would be appreciated. PEter -- ???? From asmirnoff at gldn.net Tue Aug 19 09:42:27 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Tue, 19 Aug 2008 13:42:27 +0400 Subject: [rancid] cisco syslog diff Message-ID: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> Hello! How I can disable alerts on changing like this: Index: configs/172.17.200.64 =================================================================== retrieving revision 1.12 diff -U 4 -r1.12 172.17.200.64 @@ -41,10 +41,10 @@ ? !Flash:???? 7? drwx??????? 4032? Feb 02 2005 05:17:01 +03:00? html ? !Flash:??? 21? -rwx???????? 109? Feb 02 2005 05:09:06 +03:00? info ? !Flash:??? 22? -rwx???????? 109? Feb 02 2005 05:18:09 +03:00? info.ver ? !Flash:?? 362? -rwx??????? 6269? Aug 18 2008 10:50:57 +04:00? config.text - !Flash:?? 363? -rwx????? 662228? Aug 19 2008 10:04:07 +04:00? syslog - !Flash: 7741440 bytes total (2416640 bytes free) + !Flash:?? 363? -rwx????? 662626? Aug 19 2008 11:48:59 +04:00? syslog + !Flash: 7741440 bytes total (2416128 bytes free) ? ! ? !Flash: nvram: Directory of nvram:/ ? !Flash: nvram:??? 26? -rw-??????? 6269??????????????????? ? startup-config ? !Flash: nvram:??? 27? ----????????? 26??????????????????? ? private-config When only syslog file size change? -- Regards, Alexandr Smirnov -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080819/02606b1b/attachment.html From rancid at gheek.net Tue Aug 19 20:11:01 2008 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 19 Aug 2008 13:11:01 -0700 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> Message-ID: <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> remove that command from what is checked in the rancid file under /bin/ 2008/8/19 Smirnoff Alexander > Hello! > > > > How I can disable alerts on changing like this: > > > > > > Index: configs/172.17.200.64 > > =================================================================== > > retrieving revision 1.12 > > diff -U 4 -r1.12 172.17.200.64 > > @@ -41,10 +41,10 @@ > > !Flash: 7 drwx 4032 Feb 02 2005 05:17:01 +03:00 html > > !Flash: 21 -rwx 109 Feb 02 2005 05:09:06 +03:00 info > > !Flash: 22 -rwx 109 Feb 02 2005 05:18:09 +03:00 info.ver > > !Flash: 362 -rwx 6269 Aug 18 2008 10:50:57 +04:00 config.text > > - !Flash: 363 -rwx 662228 Aug 19 2008 10:04:07 +04:00 syslog > > - !Flash: 7741440 bytes total (2416640 bytes free) > > + !Flash: 363 -rwx 662626 Aug 19 2008 11:48:59 +04:00 syslog > > + !Flash: 7741440 bytes total (2416128 bytes free) > > ! > > !Flash: nvram: Directory of nvram:/ > > !Flash: nvram: 26 -rw- 6269 > startup-config > > !Flash: nvram: 27 ---- 26 > private-config > > > > When only syslog file size change? > > > > -- > Regards, > Alexandr Smirnov > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080819/af4b625a/attachment.html From Thomas.Beer at dynabcs.at Wed Aug 20 06:26:32 2008 From: Thomas.Beer at dynabcs.at (Beer Thomas) Date: Wed, 20 Aug 2008 08:26:32 +0200 Subject: [rancid] Netscreen ssh login with different port Message-ID: <544E2A6426EA7E4FAE65D11A58CD04955B958FD6CE@DYNAS11.dynadata.at> Hi, i d like to use rancid to make config backups of different netscreen firewalls. I had to change the ssh port on some of them! Here?s the problem. Somehow i can?t set the port in the .cloginrc file. The docu only shows this option with telnet. any idea? thx -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080820/34db67be/attachment.html From hina at hina.fr Wed Aug 20 08:56:13 2008 From: hina at hina.fr (hina) Date: Wed, 20 Aug 2008 10:56:13 +0200 Subject: [rancid] Re: Netscreen ssh login with different port In-Reply-To: <544E2A6426EA7E4FAE65D11A58CD04955B958FD6CE@DYNAS11.dynadata.at> References: <544E2A6426EA7E4FAE65D11A58CD04955B958FD6CE@DYNAS11.dynadata.at> Message-ID: <20080820085613.GA10571@hina.fr> Hi, You can find the documentation you need : http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid .clogin.rc add method * telnet ssh I hope it will help you hina On Wed, Aug 20, 2008 at 08:26:32AM +0200, Beer Thomas wrote: > Hi, i d like to use rancid to make config backups of different netscreen firewalls. I had to change the ssh port on some of them! Here?s the problem. > Somehow i can?t set the port in the .cloginrc file. The docu only shows this option with telnet. > > any idea? > > thx > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Thu Aug 21 18:12:46 2008 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 21 Aug 2008 11:12:46 -0700 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <986544234AB0A44BADE40DF502E2012A019961AB@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> <986544234AB0A44BADE40DF502E2012A019961AB@SPBMAIL.spb.sovintel.net> Message-ID: <8423e7bb0808211112m716d424fsb46a9ea3ad4cbceb@mail.gmail.com> the other option is to write some custom pieces to not include or modify the command for dir to exclude things you don't want to include. dir | e syslog something like that. You may have to escape the |, you will need to mess with it a little. On Wed, Aug 20, 2008 at 11:19 PM, Smirnoff Alexander wrote: > If I remove this command (dir) I lost other important changer , like ios > change. I mean about more intellectual rancid acknowledges behavior , then > minor changes like syslog grow not cause email's. > > > ------------------------------ > > *From:* lavermil at gheek.net [mailto:lavermil at gheek.net] *On Behalf Of *Lance > Vermilion > *Sent:* Wednesday, August 20, 2008 12:11 AM > *To:* Smirnoff Alexander > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] cisco syslog diff > > > > remove that command from what is checked in the rancid file under home>/bin/ > > 2008/8/19 Smirnoff Alexander > > Hello! > > > > How I can disable alerts on changing like this: > > > > > > Index: configs/172.17.200.64 > > =================================================================== > > retrieving revision 1.12 > > diff -U 4 -r1.12 172.17.200.64 > > @@ -41,10 +41,10 @@ > > !Flash: 7 drwx 4032 Feb 02 2005 05:17:01 +03:00 html > > !Flash: 21 -rwx 109 Feb 02 2005 05:09:06 +03:00 info > > !Flash: 22 -rwx 109 Feb 02 2005 05:18:09 +03:00 info.ver > > !Flash: 362 -rwx 6269 Aug 18 2008 10:50:57 +04:00 config.text > > - !Flash: 363 -rwx 662228 Aug 19 2008 10:04:07 +04:00 syslog > > - !Flash: 7741440 bytes total (2416640 bytes free) > > + !Flash: 363 -rwx 662626 Aug 19 2008 11:48:59 +04:00 syslog > > + !Flash: 7741440 bytes total (2416128 bytes free) > > ! > > !Flash: nvram: Directory of nvram:/ > > !Flash: nvram: 26 -rw- 6269 > startup-config > > !Flash: nvram: 27 ---- 26 > private-config > > > > When only syslog file size change? > > > > -- > Regards, > Alexandr Smirnov > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080821/8cf19458/attachment.html From asmirnoff at gldn.net Thu Aug 21 06:19:18 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Thu, 21 Aug 2008 10:19:18 +0400 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> Message-ID: <986544234AB0A44BADE40DF502E2012A019961AB@SPBMAIL.spb.sovintel.net> If I remove this command (dir) I lost other important changer , like ios change. I mean about more intellectual rancid acknowledges behavior , then minor changes like syslog grow not cause email's. ________________________________ From: lavermil at gheek.net [mailto:lavermil at gheek.net] On Behalf Of Lance Vermilion Sent: Wednesday, August 20, 2008 12:11 AM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] cisco syslog diff remove that command from what is checked in the rancid file under /bin/ 2008/8/19 Smirnoff Alexander Hello! How I can disable alerts on changing like this: Index: configs/172.17.200.64 =================================================================== retrieving revision 1.12 diff -U 4 -r1.12 172.17.200.64 @@ -41,10 +41,10 @@ !Flash: 7 drwx 4032 Feb 02 2005 05:17:01 +03:00 html !Flash: 21 -rwx 109 Feb 02 2005 05:09:06 +03:00 info !Flash: 22 -rwx 109 Feb 02 2005 05:18:09 +03:00 info.ver !Flash: 362 -rwx 6269 Aug 18 2008 10:50:57 +04:00 config.text - !Flash: 363 -rwx 662228 Aug 19 2008 10:04:07 +04:00 syslog - !Flash: 7741440 bytes total (2416640 bytes free) + !Flash: 363 -rwx 662626 Aug 19 2008 11:48:59 +04:00 syslog + !Flash: 7741440 bytes total (2416128 bytes free) ! !Flash: nvram: Directory of nvram:/ !Flash: nvram: 26 -rw- 6269 startup-config !Flash: nvram: 27 ---- 26 private-config When only syslog file size change? -- Regards, Alexandr Smirnov _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080821/a9f3a72e/attachment.html From asmirnoff at gldn.net Thu Aug 21 06:20:18 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Thu, 21 Aug 2008 10:20:18 +0400 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <20080820051736.GG564@shrubbery.net> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> <20080820051736.GG564@shrubbery.net> Message-ID: <986544234AB0A44BADE40DF502E2012A019961AC@SPBMAIL.spb.sovintel.net> Where I can filter this file - on cisco router, or in rancid? -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, August 20, 2008 9:18 AM To: Smirnoff Alexander Subject: Re: [rancid] cisco syslog diff should just filter this file. which device is the file on? Tue, Aug 19, 2008 at 01:42:27PM +0400, Smirnoff Alexander: > Hello! > > > > How I can disable alerts on changing like this: > > > > > > Index: configs/172.17.200.64 > > =================================================================== > > retrieving revision 1.12 > > diff -U 4 -r1.12 172.17.200.64 > > @@ -41,10 +41,10 @@ > > ? !Flash:???? 7? drwx??????? 4032? Feb 02 2005 05:17:01 +03:00? html > > ? !Flash:??? 21? -rwx???????? 109? Feb 02 2005 05:09:06 +03:00? info > > ? !Flash:??? 22? -rwx???????? 109? Feb 02 2005 05:18:09 +03:00? info.ver > > ? !Flash:?? 362? -rwx??????? 6269? Aug 18 2008 10:50:57 +04:00? config.text > > - !Flash:?? 363? -rwx????? 662228? Aug 19 2008 10:04:07 +04:00? syslog > > - !Flash: 7741440 bytes total (2416640 bytes free) > > + !Flash:?? 363? -rwx????? 662626? Aug 19 2008 11:48:59 +04:00? syslog > > + !Flash: 7741440 bytes total (2416128 bytes free) > > ? ! > > ? !Flash: nvram: Directory of nvram:/ > > ? !Flash: nvram:??? 26? -rw-??????? 6269??????????????????? ? startup-config > > ? !Flash: nvram:??? 27? ----????????? 26??????????????????? ? private-config > > > > When only syslog file size change? > > > > -- > Regards, > Alexandr Smirnov > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From asmirnoff at gldn.net Thu Aug 21 06:21:46 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Thu, 21 Aug 2008 10:21:46 +0400 Subject: [rancid] Re: cisco syslog diff In-Reply-To: References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> Message-ID: <986544234AB0A44BADE40DF502E2012A019961AD@SPBMAIL.spb.sovintel.net> In this case we lost device logs, when router lost connectivity with remote syslog server. -----Original Message----- From: Peter Serwe [mailto:peter.serwe at gmail.com] Sent: Wednesday, August 20, 2008 12:03 AM To: Smirnoff Alexander Subject: Re: [rancid] cisco syslog diff Well... One way I'd suggest is point the things at a syslog host and don't keep that log locally. Peter 2008/8/19 Smirnoff Alexander : > Hello! > > > > How I can disable alerts on changing like this: > > > > > > Index: configs/172.17.200.64 > > =================================================================== > > retrieving revision 1.12 > > diff -U 4 -r1.12 172.17.200.64 > > @@ -41,10 +41,10 @@ > > !Flash: 7 drwx 4032 Feb 02 2005 05:17:01 +03:00 html > > !Flash: 21 -rwx 109 Feb 02 2005 05:09:06 +03:00 info > > !Flash: 22 -rwx 109 Feb 02 2005 05:18:09 +03:00 info.ver > > !Flash: 362 -rwx 6269 Aug 18 2008 10:50:57 +04:00 config.text > > - !Flash: 363 -rwx 662228 Aug 19 2008 10:04:07 +04:00 syslog > > - !Flash: 7741440 bytes total (2416640 bytes free) > > + !Flash: 363 -rwx 662626 Aug 19 2008 11:48:59 +04:00 syslog > > + !Flash: 7741440 bytes total (2416128 bytes free) > > ! > > !Flash: nvram: Directory of nvram:/ > > !Flash: nvram: 26 -rw- 6269 > startup-config > > !Flash: nvram: 27 ---- 26 > private-config > > > > When only syslog file size change? > > > > -- > Regards, > Alexandr Smirnov > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From asmirnoff at gldn.net Thu Aug 21 06:28:30 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Thu, 21 Aug 2008 10:28:30 +0400 Subject: [rancid] rancid can't load c7200 config Message-ID: <986544234AB0A44BADE40DF502E2012A019961B0@SPBMAIL.spb.sovintel.net> Hello! My Rancid can't load Cisco 7201 configuration with c7200p-adventerprisek9-mz.124-15.T5.bin IOS. Rancid log in attachment. What can cause this behaviour? -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at gldn.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080821/cd299d87/attachment.html -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: c7200p-adventerprisek9-mz.124-15.T5..txt Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080821/cd299d87/attachment.txt From asmirnoff at gldn.net Thu Aug 21 09:14:13 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Thu, 21 Aug 2008 13:14:13 +0400 Subject: [rancid] cisco Last configuration change by Message-ID: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> Hello! Rancid collect cisco configuration using show running-config command, but why he not show config lines about last configuration changes like this : ! Last configuration change at 11:54:34 MSD Thu Aug 21 2008 by asmirnov ! NVRAM config last updated at 11:54:43 MSD Thu Aug 21 2008 by asmirnov ? -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at gldn.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080821/7c3cb04c/attachment.html From rancid at gheek.net Thu Aug 21 20:30:55 2008 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 21 Aug 2008 13:30:55 -0700 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <20080821203123.GA5372@monkey> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> <986544234AB0A44BADE40DF502E2012A019961AB@SPBMAIL.spb.sovintel.net> <8423e7bb0808211112m716d424fsb46a9ea3ad4cbceb@mail.gmail.com> <20080821203123.GA5372@monkey> Message-ID: <8423e7bb0808211330m7a9224b6j5fa4dc1a3c53cd9a@mail.gmail.com> Thx Daniel. I haven't had time to look at the code to provide stuff like that. On Thu, Aug 21, 2008 at 1:31 PM, Daniel Medina wrote: > On Thu, Aug 21, 2008 at 11:12:46AM -0700, Lance Vermilion wrote: > > the other option is to write some custom pieces to not include or modify > the > > command for dir to exclude things you don't want to include. > > > > dir | e syslog > > > > something like that. You may have to escape the |, you will need to mess > > with it a little. > > And you'd have to remember to skip over the "bytes total" / "bytes free" > which > will also be changing. > > ShowFlash() and DirSlotN() in rancid might be the right places to do this, > updating the INPUT loop, ex: > > next if /\s+syslog$/; # syslog file size keeps changing > next if /bytes total/; # ...which makes the total usage change > > or something smarter, if you want to see that the file is present, but > don't > care about the updated filesize and timestamp. > > -- > Dan > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080821/abee3ef5/attachment.html From daniel.medina at gmail.com Thu Aug 21 20:31:23 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Thu, 21 Aug 2008 16:31:23 -0400 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <8423e7bb0808211112m716d424fsb46a9ea3ad4cbceb@mail.gmail.com> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> <986544234AB0A44BADE40DF502E2012A019961AB@SPBMAIL.spb.sovintel.net> <8423e7bb0808211112m716d424fsb46a9ea3ad4cbceb@mail.gmail.com> Message-ID: <20080821203123.GA5372@monkey> On Thu, Aug 21, 2008 at 11:12:46AM -0700, Lance Vermilion wrote: > the other option is to write some custom pieces to not include or modify the > command for dir to exclude things you don't want to include. > > dir | e syslog > > something like that. You may have to escape the |, you will need to mess > with it a little. And you'd have to remember to skip over the "bytes total" / "bytes free" which will also be changing. ShowFlash() and DirSlotN() in rancid might be the right places to do this, updating the INPUT loop, ex: next if /\s+syslog$/; # syslog file size keeps changing next if /bytes total/; # ...which makes the total usage change or something smarter, if you want to see that the file is present, but don't care about the updated filesize and timestamp. -- Dan From daniel.medina at gmail.com Fri Aug 22 15:23:32 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Fri, 22 Aug 2008 11:23:32 -0400 Subject: [rancid] Re: cisco Last configuration change by In-Reply-To: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A019961EB@SPBMAIL.spb.sovintel.net> Message-ID: <20080822152332.GA354@monkey.local> On Thu, Aug 21, 2008 at 01:14:13PM +0400, Smirnoff Alexander wrote: > Rancid collect cisco configuration using show running-config command, > but why he not show config lines about last configuration changes like > this : > > ! Last configuration change at 11:54:34 MSD Thu Aug 21 2008 by asmirnov > ! NVRAM config last updated at 11:54:43 MSD Thu Aug 21 2008 by asmirnov Because those lines may change regardless of whether the config was actually changed. For example, just do a "conf t" and then exit config mode and you'll see the "Last configuration change" value update. -- Dan From Todd at equivoice.com Fri Aug 22 19:45:02 2008 From: Todd at equivoice.com (Todd Heide) Date: Fri, 22 Aug 2008 14:45:02 -0500 Subject: [rancid] CVS problem Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22001053B38@exchange.Equivoice.local> I have a server in production now that did at one time run Rancid, but was put aside while other servers were worked on. Now I have it in production, our main server that ran Rancid is dead, drive failure, and the CVS configs are gone, but the rest of the files are intact. I moved the .cloginrc file to the new server, which did run Rancid 13 months ago on a test basis, and has a list of configs. I ran bin/rancid-run, got a few timeouts, but those are mainly due to firewalls that I have to allow access to from this server. Problem I have encountered is, Rancid is working, but not updating the configs in CVS. Tail of the group files is cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ls: x.x.x.50: No such file or directory I got this with both .cloginrc files. Where can I locate the file to edit this out, or what the heck is is it and where the heck do I fix it? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080822/1725d396/attachment.html From mashcraft at omniture.com Fri Aug 22 22:23:08 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Fri, 22 Aug 2008 16:23:08 -0600 Subject: [rancid] Re: CVS problem In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22001053B38@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E22001053B38@exchange.Equivoice.local> Message-ID: <45EB285310B55542A513F93230F0A533070CDF58@EXCHANGE0.orm.omniture.com> This is caused by the files in the config directories that were created by rancid-run not being originally checked out from the local instance of CVS. run ?cvs update? as the rancid user in the config directory for every group and then run bin/rancid-run again to get the current configurations from the devices. If that doesn?t work, it is hard to guess what other things may be wrong/not working so it would be easiest to roll back to a clean install and then copy your .cloginrc and router.db files back in. The main purpose of this would be to re-install and properly configure your CVS repository. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Friday, August 22, 2008 1:45 PM To: rancid-discuss at shrubbery.net Subject: [rancid] CVS problem I have a server in production now that did at one time run Rancid, but was put aside while other servers were worked on. Now I have it in production, our main server that ran Rancid is dead, drive failure, and the CVS configs are gone, but the rest of the files are intact. I moved the .cloginrc file to the new server, which did run Rancid 13 months ago on a test basis, and has a list of configs. I ran bin/rancid-run, got a few timeouts, but those are mainly due to firewalls that I have to allow access to from this server. Problem I have encountered is, Rancid is working, but not updating the configs in CVS. Tail of the group files is cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ls: x.x.x.50: No such file or directory I got this with both .cloginrc files. Where can I locate the file to edit this out, or what the heck is is it and where the heck do I fix it? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080822/25996b3c/attachment.html From kkadow at gmail.com Fri Aug 22 22:57:34 2008 From: kkadow at gmail.com (K K) Date: Fri, 22 Aug 2008 17:57:34 -0500 Subject: [rancid] ASA and Cryptochecksum? Message-ID: With an ASA5510, every so often there is a "... router config diffs" email where the only diff reported is the Cryptochecksum. Is this normal? Thanks, Kevin Index: configs/employeevpn =================================================================== retrieving revision 1.9 diff -U4 -r1.9 employeevpn @@ -953,6 +953,6 @@ inspect xdmcp ! service-policy global_policy global prompt hostname context - Cryptochecksum:ddc64c508c15f2db0b322eeae8842877 + Cryptochecksum:28a9e4a2481c5008cd6431ff34bb23d6 : end From daniel.medina at gmail.com Sat Aug 23 02:34:22 2008 From: daniel.medina at gmail.com (Daniel Medina) Date: Fri, 22 Aug 2008 22:34:22 -0400 Subject: [rancid] Re: ASA and Cryptochecksum? In-Reply-To: References: Message-ID: <20080823023422.GB354@monkey.local> On Fri, Aug 22, 2008 at 05:57:34PM -0500, K K wrote: > With an ASA5510, every so often there is a "... router config diffs" > email where the only diff reported is the Cryptochecksum. Is this > normal? Since Cryptochecksum is supposed to represent the contents of the config, I'm guessing that something actually is changing, but Rancid is suppressing the change to avoid spurious diffs. Think junk like "ntp clock-period" or "" passwords. Or it could be happening on the device side with "password ****************", but I'm not sure how that masking affects the checksum on that device. Having the raw output (pre-processing) may help to figure out what's going on. > Index: configs/employeevpn > =================================================================== > retrieving revision 1.9 > diff -U4 -r1.9 employeevpn > @@ -953,6 +953,6 @@ > inspect xdmcp > ! > service-policy global_policy global > prompt hostname context > - Cryptochecksum:ddc64c508c15f2db0b322eeae8842877 > + Cryptochecksum:28a9e4a2481c5008cd6431ff34bb23d6 > : end -- Dan From CBell at thig.com Sun Aug 24 03:27:14 2008 From: CBell at thig.com (Chris Bell) Date: Sat, 23 Aug 2008 23:27:14 -0400 Subject: [rancid] Re: ASA and Cryptochecksum? In-Reply-To: Message-ID: I get this alot on my 5505's that are end points for L2L VPN's. I think this happens when the crypto isakmp policy timer expires. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of K K Sent: Friday, August 22, 2008 6:58 PM To: rancid-discuss at shrubbery.net Subject: [rancid] ASA and Cryptochecksum? With an ASA5510, every so often there is a "... router config diffs" email where the only diff reported is the Cryptochecksum. Is this normal? Thanks, Kevin Index: configs/employeevpn =================================================================== retrieving revision 1.9 diff -U4 -r1.9 employeevpn @@ -953,6 +953,6 @@ inspect xdmcp ! service-policy global_policy global prompt hostname context - Cryptochecksum:ddc64c508c15f2db0b322eeae8842877 + Cryptochecksum:28a9e4a2481c5008cd6431ff34bb23d6 : end _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Todd at equivoice.com Mon Aug 25 20:13:13 2008 From: Todd at equivoice.com (Todd Heide) Date: Mon, 25 Aug 2008 15:13:13 -0500 Subject: [rancid] Re: CVS problem In-Reply-To: <45EB285310B55542A513F93230F0A533070CDF58@EXCHANGE0.orm.omniture.com> References: <082FEA82DC985B4F8A6B412D5AC4E22001053B38@exchange.Equivoice.local> <45EB285310B55542A513F93230F0A533070CDF58@EXCHANGE0.orm.omniture.com> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22001053C78@exchange.Equivoice.local> That did it. Took me a while to remember "where" to run the cvs update, and this isn't the first time I had to do it too, but if you don't do it all the time, you forget. The files are updating finally, Thanks for your help. ________________________________ From: Mike Ashcraft [mailto:mashcraft at omniture.com] Sent: Friday, August 22, 2008 5:23 PM To: Todd Heide; rancid-discuss at shrubbery.net Subject: RE: [rancid] CVS problem This is caused by the files in the config directories that were created by rancid-run not being originally checked out from the local instance of CVS. run 'cvs update' as the rancid user in the config directory for every group and then run bin/rancid-run again to get the current configurations from the devices. If that doesn't work, it is hard to guess what other things may be wrong/not working so it would be easiest to roll back to a clean install and then copy your .cloginrc and router.db files back in. The main purpose of this would be to re-install and properly configure your CVS repository. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Friday, August 22, 2008 1:45 PM To: rancid-discuss at shrubbery.net Subject: [rancid] CVS problem I have a server in production now that did at one time run Rancid, but was put aside while other servers were worked on. Now I have it in production, our main server that ran Rancid is dead, drive failure, and the CVS configs are gone, but the rest of the files are intact. I moved the .cloginrc file to the new server, which did run Rancid 13 months ago on a test basis, and has a list of configs. I ran bin/rancid-run, got a few timeouts, but those are mainly due to firewalls that I have to allow access to from this server. Problem I have encountered is, Rancid is working, but not updating the configs in CVS. Tail of the group files is cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ls: x.x.x.50: No such file or directory I got this with both .cloginrc files. Where can I locate the file to edit this out, or what the heck is is it and where the heck do I fix it? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080825/5230fa69/attachment.html From ckdake at ckdake.com Mon Aug 25 22:22:16 2008 From: ckdake at ckdake.com (Chris Kelly) Date: Mon, 25 Aug 2008 18:22:16 -0400 Subject: [rancid] rancid and nslogin on netscaler with ns7 software Message-ID: <48B33098.3020207@ckdake.com> Hello- I'm attempting to get RANCID to pull config from some netscalers. It's already working great for a bunch of cisco devices. My nsrancid file is: ## $Id: nsrancid.in,v 1.7 2004/01/11 03:49:13 heas Exp $ and my nslofing file is: ## $Id: nslogin.in,v 1.11 2004/02/02 17:38:36 heas Exp $ I've changed nsrancid to run a ns7 compatabile command: %commands=( 'shell cat /nsconfig/ns.conf' => "ShowConfig", ); ... @commands=( "shell cat /nsconfig/ns.conf", ); and set noenable and autoenable in ~/.cloginrc. nslogin is able to log into the device [rancid@******** bin]$ ./nslogin -t 10 -c "shell cat /nsconfig/ns.conf" ******** ******** spawn ssh -c 3des -x -l rancid ******** rancid@********'s password: Last login: Mon Aug 25 22:21:54 2008 from ******** Done > but hangs at that point. The > is the shell that needs the "shell cat /nsconfig/ns.conf" sent to it, but instead of running that, I get: ... > Error: TIMEOUT reached I'm not familiar enough with expect to see what needs to be changed in nslogin to make this happen. I tried changing 'set prompt "#"' to > instead, but this didn't help. Any ideas or suggestions of what to do next are appreciated! Thanks, -Chris From GKuchera at mltvacations.com Tue Aug 26 13:43:00 2008 From: GKuchera at mltvacations.com (Geoff Kuchera) Date: Tue, 26 Aug 2008 08:43:00 -0500 Subject: [rancid] New devices... Message-ID: Anyone had any luck pulling configs off: Cisco ACE 4710 load balancers?, or Cisco GSS's? I'm willing to work up a script, just wondering if anyone else has already done one... Thanks, Geoff Kuchera MLT, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080826/6efa9a4d/attachment.html From asmirnoff at gldn.net Mon Aug 25 09:30:28 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Mon, 25 Aug 2008 13:30:28 +0400 Subject: [rancid] Re: cisco syslog diff In-Reply-To: <20080821203123.GA5372@monkey> References: <986544234AB0A44BADE40DF502E2012A0199606A@SPBMAIL.spb.sovintel.net> <8423e7bb0808191311p53b92cf3xd770747146f2bcbe@mail.gmail.com> <986544234AB0A44BADE40DF502E2012A019961AB@SPBMAIL.spb.sovintel.net> <8423e7bb0808211112m716d424fsb46a9ea3ad4cbceb@mail.gmail.com> <20080821203123.GA5372@monkey> Message-ID: <986544234AB0A44BADE40DF502E2012A0199635F@SPBMAIL.spb.sovintel.net> I do following changes in bin/rancid: # This routine parses "show flash" sub ShowFlash { # skip if this is 7000, 7200, 7500, or 12000; else we end up with # redundant data from dir /all slot0: print STDERR " In ShowFlash: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); >> next if /\s+syslog$/; # syslog file size keeps changing >> next if /bytes total/; # ...which makes the total usage change return(1) if ($type =~ /^(12[40]|7)/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /\s+(multiple-fs|nv_hdr|vlan\.dat)$/ && next; ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); return; } # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { # Skip if this is not a 3600, 7000, 7200, 7500, or 12000. print STDERR " In DirSlotN: $_" if ($debug); my($dev) = (/\s([^\s]+):/); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); >> next if /\s+syslog$/; # syslog file size keeps changing >> next if /bytes total/; # ...which makes the total usage change # return(1) if ($type !~ /^(12[40]|7|36)/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if /(No such device|Error Sending Request)/i; return(1) if /\%Error: No such file or directory/; return(1) if /No space information available/; return(-1) if /\%Error calling/; return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("FLASH","","","!Flash: $dev: $_"); } ProcessHistory("","","","!\n"); return(0); } And after Rancid send me messages like this, after every rancid run: Index: configs/10.4.1.2 =================================================================== retrieving revision 1.3 diff -U 4 -r1.3 10.4.1.2 @@ -38,14 +38,12 @@ !Flash: Directory of flash:/ !Flash: 2 -rwx 2774747 Mar 01 1993 00:09:10 c2950-i6q4l2-mz.121-12c.EA1.bin !Flash: 3 -rwx 47 Oct 16 2007 11:26:05 private-?onfig.text !Flash: 5 -rwx 5645 Oct 16 2007 11:26:05 config.text - !Flash: 7741440 bytes total (4957184 bytes free) ! !Flash: nvram: Directory of nvram:/ !Flash: nvram: 1 -rw- 5645 startup-config !Flash: nvram: 2 ---- 47 private-config - !Flash: nvram: 32768 bytes total (27123 bytes free) ! !VTP: VTP Version : 2 !VTP: Configuration Revision : 23 !VTP: Maximum VLANs supported locally : 64 With only "-" of bytes total in Flash. -----Original Message----- From: Daniel Medina [mailto:daniel.medina at gmail.com] Sent: Friday, August 22, 2008 12:31 AM To: Lance Vermilion Cc: Smirnoff Alexander; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: cisco syslog diff On Thu, Aug 21, 2008 at 11:12:46AM -0700, Lance Vermilion wrote: > the other option is to write some custom pieces to not include or modify the > command for dir to exclude things you don't want to include. > > dir | e syslog > > something like that. You may have to escape the |, you will need to mess > with it a little. And you'd have to remember to skip over the "bytes total" / "bytes free" which will also be changing. ShowFlash() and DirSlotN() in rancid might be the right places to do this, updating the INPUT loop, ex: next if /\s+syslog$/; # syslog file size keeps changing next if /bytes total/; # ...which makes the total usage change or something smarter, if you want to see that the file is present, but don't care about the updated filesize and timestamp. -- Dan From kkadow at gmail.com Wed Aug 27 02:20:27 2008 From: kkadow at gmail.com (K K) Date: Tue, 26 Aug 2008 21:20:27 -0500 Subject: [rancid] Going beyond community ? Message-ID: I have a need to not just remove passwords/keys from saved configs, but also to know when they change. Specifically, I was thinking of replacing the actual password or community with a high-collision hash of the password, followed by the number of "bits of entropy", similar to the calculator found here: http://www.certainkey.com/demos/password/ Would there be interest in a patch to add this feature to RANCID? For example if I have a router with this SNMP community: snmp-server community AndBobsYourUncle RW Right now RANCID just shows for the community string, instead I would like to have it show something like: snmp-server community RW In this case, '4' is a generous estimate of the bits of entropy. With a correctly implemented hash, this isn't sufficient information to crack the community string from looking at the saved config, but does give an auditor confidence that communities and keys are being chosen correctly, and changed on schedule. Kevin (P.S. Yes, the "bits of entropy" would only be useful for cleartext keys, not for Cisco "Type 5", ASA radius keys or other encrypted values.) From heas at shrubbery.net Wed Aug 27 04:40:18 2008 From: heas at shrubbery.net (john heasley) Date: Wed, 27 Aug 2008 04:40:18 +0000 Subject: [rancid] Re: Going beyond community ? In-Reply-To: References: Message-ID: <20080827044018.GH7941@shrubbery.net> Tue, Aug 26, 2008 at 09:20:27PM -0500, K K: > I have a need to not just remove passwords/keys from saved configs, > but also to know when they change. > > Specifically, I was thinking of replacing the actual password or community > with a high-collision hash of the password, followed by the number of > "bits of entropy", similar to the calculator found here: > http://www.certainkey.com/demos/password/ > > Would there be interest in a patch to add this feature to RANCID? > > > For example if I have a router with this SNMP community: > snmp-server community AndBobsYourUncle RW > > Right now RANCID just shows for the community string, > instead I would like to have it show something like: > > snmp-server community RW just create your own md5 for whatever you're removing. wouldnt seem necessary to go though anything more extravagant. > In this case, '4' is a generous estimate of the bits of entropy. > With a correctly implemented hash, this isn't sufficient information > to crack the community string from looking at the saved config, > but does give an auditor confidence that communities and keys are > being chosen correctly, and changed on schedule. > > > Kevin > > (P.S. Yes, the "bits of entropy" would only be useful for cleartext keys, > not for Cisco "Type 5", ASA radius keys or other encrypted values.) > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From kkadow at gmail.com Wed Aug 27 14:38:08 2008 From: kkadow at gmail.com (K K) Date: Wed, 27 Aug 2008 09:38:08 -0500 Subject: [rancid] Re: Going beyond community ? In-Reply-To: <20080827044018.GH7941@shrubbery.net> References: <20080827044018.GH7941@shrubbery.net> Message-ID: On 8/26/08, john heasley wrote: > Kevin wrote: > I have a need to not just remove passwords/keys from saved configs, > but also to know when they change. . . . > > snmp-server community RW > > just create your own md5 for whatever you're removing. wouldnt seem > necessary to go though anything more extravagant. Using the full MD5 hash makes the attacker's job easier, as they can use rainbow tables or dictionary crack tool, and the defender's more difficult -- weak or strong, all hashed values look alike. Truncating the MD5 hash to a few bytes addresses that first issue, and RANCID would now detect when the original string changes, with equivalent security as the original behavior. Is there a better way to address my secondary requirement for auditors, enabling them to validate not only that the shared secret is changed regularly, but also that "strong" communities are used? Preferably building on tried-and-true crypto rather than roll-my-own, but without saving huge blobs of PGP-encrypted stuff. Kevin From tex at off.org Wed Aug 27 16:16:09 2008 From: tex at off.org (Austin Schutz) Date: Wed, 27 Aug 2008 09:16:09 -0700 Subject: [rancid] Re: Going beyond community ? In-Reply-To: References: <20080827044018.GH7941@shrubbery.net> Message-ID: <20080827161609.GR12200@gblx.net> On Wed, Aug 27, 2008 at 09:38:08AM -0500, K K wrote: > On 8/26/08, john heasley wrote: > > Kevin wrote: > > I have a need to not just remove passwords/keys from saved configs, > > but also to know when they change. > . . . > > > snmp-server community RW > > > > just create your own md5 for whatever you're removing. wouldnt seem > > necessary to go though anything more extravagant. > > Using the full MD5 hash makes the attacker's job easier, as they > can use rainbow tables or dictionary crack tool, and the defender's > more difficult -- weak or strong, all hashed values look alike. > > Truncating the MD5 hash to a few bytes addresses that first issue, > and RANCID would now detect when the original string changes, > with equivalent security as the original behavior. > > > Is there a better way to address my secondary requirement for auditors, > enabling them to validate not only that the shared secret is changed > regularly, but also that "strong" communities are used? > This seems pretty smart to me, and a useful feature. My only comment would be that this is really more like using a CRC checksum- it's not really a matter of cryptography. You could use Digest::MD5 if you wanted to go the MD5 route, or maybe Digest::CRC if not. Austin From kkadow at gmail.com Wed Aug 27 23:12:09 2008 From: kkadow at gmail.com (K K) Date: Wed, 27 Aug 2008 18:12:09 -0500 Subject: [rancid] Re: Going beyond community ? In-Reply-To: <20080827161609.GR12200@gblx.net> References: <20080827044018.GH7941@shrubbery.net> <20080827161609.GR12200@gblx.net> Message-ID: On Wed, Aug 27, 2008 at 11:16 AM, Austin Schutz wrote: > This seems pretty smart to me, and a useful feature. My only comment > would be that this is really more like using a CRC checksum- it's not really a > matter of cryptography. You could use Digest::MD5 if you wanted to go the > MD5 route, or maybe Digest::CRC if not. Good point. I'm using String::CRC32 and Statistics::Shannon, looks like these together do exactly what I was looking for. I've made the change to "rancid" for SNMP community strings, patch included below. Kevin begin 644 rancid.patch.gz M'XL(")3>M4@``W)A;F-I9"YP871C:`"=4UUOVC`4?89?<6ME$*\)D(\"A1(Q MH4J\L%9DVA,:RH(96<&)8M,53?SW73LI!3%4;7EPG.M[SKD^]\;O1'[7NFE5 M`]@*!J',$_ZCUQM-1Y[;/P0CF0B9Q*+7"U<1YRE71]5;/[KM6DZKBQ]B^QW* MLW$D5O`;8YN=:0 at 6YTS2@3F*M.Q_%BI^-VJG=0299 at -K\)OLELP?)G MEL,J%1+,V>)ZUCA9*#0I6F+;-I+\$\Z2TE7E(_KA#.*GI`S M*B/)T-A2[OU<((W:4?-,P\5+*RG4\WVM5]$,BN"JV"GW?J8)-^M0MP"MSMDF M?6:+@%AO\:%,GQ at 7E-*W:MYC.JU$$]`+E%CB;>1T;GS+Z;35"%?86EQT-U1V M-CY"G&XV6Y[(7>DNQ at J'$0_X*`)CF:PER^O_9H at N]BG]J>,J%HUF65T<-D at KQ/;/J]@=PFT>"C at 0````` ` end From cgauthier at mapscu.com Fri Aug 29 06:07:41 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Thu, 28 Aug 2008 23:07:41 -0700 Subject: [rancid] Problem getting config from a Pix 515e Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F338122EF90B@mshin01.mapscu.com> I have a pix 515e w/FOS 7.2 and I get the following errors when I run rancid (2.3.2a7 on Ubuntu 8.04 Server LTS). Any thoughts out there? I finally got the clogin part working, so it is authenticating just fine. Is clogin the correct type for a Pix? What about a Pix running FOS 6.3? Thanks, Chris rancid at myserver:~/logs$ tail firewalls.20080828.225403 firewall.example.com: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: firewall.example.com: End of run not found ! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080828/270122d5/attachment.html From steve at host-it.co.uk Fri Aug 29 09:48:54 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Fri, 29 Aug 2008 10:48:54 +0100 Subject: [rancid] Setting up new instance of Rancid Message-ID: <055e01c909bc$73503df0$59f0b9d0$@co.uk> Hi We have the requirement to setup a second copy of Rancid. I have done this, however it all seems to work except the CVS part. I have tried running rancid-cvs, however this doesn't create the CVS groups as expected. I have the LIST_OF_GROUPS setup, and can see that the groups have been created in /usr/local/rancid/var but can only see CVSROOT in the CVS folder here, where on the current install we can see the groups as well. Anyone got any ideas where I can look to diagnose what is causing this? I can see the following in the log for a router that Rancid has downloaded the config for: [logfile] starting: Fri Aug 29 11:43:16 BST 2008 cvs status: cannot open CVS/Entries for reading: No such file or directory cvs status: use `cvs add' to create an entry for `' cvs add: in directory `.': cvs [add aborted]: there is no version here; do `cvs checkout' first CVS added missing router Trying to get all of the configs. All routers sucessfully completed. cvs diff: in directory .: cvs [diff aborted]: there is no version here; run 'cvs checkout' first cvs commit: in directory .: cvs [commit aborted]: there is no version here; run 'cvs checkout' first ending: Fri Aug 29 11:43:28 BST 2008 [/logfile] Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080829/bed2cfc4/attachment.html From cgauthier at mapscu.com Fri Aug 29 19:47:38 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 29 Aug 2008 12:47:38 -0700 Subject: [rancid] FW: expect-rancid-ubuntu804lts.patch Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F33812911330@mshin01.mapscu.com> John, I updated the patch file on the website to reflect the proper line numbers, etc for Ubuntu 8.04 LTS (Server) using the expect 5.43.0-14 source package. I am not sure how to contribute this to Ubuntu to get it into their normal build process, but, there's a current patch file for Ubuntu-loving rancid users, though! Btw, rebuilding this expect is a PITA. :-| Happy Friday, Chris Gauthier, CCNA Network Administrator Marion and Polks Schools Credit Union cgauthier at mapscu.com (503) 588-0181 x3401 Voice (503) 779-1083 Fax -----Original Message----- From: root [mailto:root at netmon.mapscu.com] Sent: Friday, August 29, 2008 12:46 PM To: Chris Gauthier Subject: expect-rancid-ubuntu804lts.patch --- exp_chan.c.bak 2008-08-29 11:46:51.000000000 -0700 +++ exp_chan.c 2008-08-29 12:14:28.000000000 -0700 @@ -200,6 +200,11 @@ * nonblocking, the read will never block. */ + /* Added next line as a patch to make rancid work. There is a know bug + * with expect and rancid. + * See http://www.shrubbery.net/rancid/EXPECTBUG for details. + */ + fcntl(esPtr->fdin, F_SETFL, O_NONBLOCK); /* patched line for rancid */ bytesRead = read(esPtr->fdin, buf, (size_t) toRead); /*printf("ExpInputProc: read(%d,,) = %d\r\n",esPtr->fdin,bytesRead);*/ if (bytesRead > -1) { From cgauthier at mapscu.com Fri Aug 29 20:55:04 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 29 Aug 2008 13:55:04 -0700 Subject: [rancid] Ubuntu 8.04 LTS, rancid, and Expect 5.43.0-14 Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F338129113E7@mshin01.mapscu.com> Hi all, In trying to track down what was ultimately a typing problem in front of the keyboard, I've developed a set of steps to include the expect patch in Ubuntu 8.04 LTS (Server Ed)'s expect package. I've also tried to submit this to the maintainer of the package, so we shall see what happens. A handy page I referred to for compiling packages: http://www.cyberciti.biz/faq/rebuilding-ubuntu-debian-linux-binary-packa ge/ Here are the steps: 1) paco at test:~$ sudo apt-get install build-essential fakeroot dpkg-dev 2) paco at test:~$ cd /usr/src/ 3) paco at test:/usr/src$ sudo apt-get source expect 4) paco at test:/usr/src$ cd expect-5.43.0/ 5) paco at test:/usr/src/expect-5.43.0$ sudo patch < ~/expect-rancid-ubuntu804lts.patch a. Patch contents: --- exp_chan.c.bak 2008-08-29 11:46:51.000000000 -0700 +++ exp_chan.c 2008-08-29 12:14:28.000000000 -0700 @@ -200,6 +200,11 @@ * nonblocking, the read will never block. */ + /* Added next line as a patch to make rancid work. There is a know bug + * with expect and rancid. + * See http://www.shrubbery.net/rancid/EXPECTBUG for details. + */ + fcntl(esPtr->fdin, F_SETFL, O_NONBLOCK); /* patched line for rancid */ bytesRead = read(esPtr->fdin, buf, (size_t) toRead); /*printf("ExpInputProc: read(%d,,) = %d\r\n",esPtr->fdin,bytesRead);*/ if (bytesRead > -1) { 6) paco at test:/usr/src/expect-5.43.0$ cd .. 7) paco at test:/usr/src$ sudo apt-get build-dep expect a. Just say "yes" when it wants to install a ton of dependencies. You need this for compiling. 8) paco at test$ sudo dpkg-buildpackage -rfakeroot -b a. This step could take a while, depending on your processor speed and memory for compiling. b. Don't worry about the package signature errors at the end. You're not the maintainer anyway. ;-) 9) paco at test:/usr/src$ sudo /usr/bin/dpkg -i expect_5.43.0-14_amd64.deb a. Your actual filename may differ, depending on architecture. Adapt and move on. (Reading database ... 46139 files and directories currently installed.) Preparing to replace expect 5.43.0-14 (using expect_5.43.0-14_amd64.deb) ... Unpacking replacement expect ... Setting up expect (5.43.0-14) ... Processing triggers for libc6 ... ldconfig deferred processing now taking place 10) That's it! You're package is installed with a patched version of Expect. Chris Gauthier, CCNA Network Administrator Marion and Polks Schools Credit Union -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080829/39661c32/attachment.html From cgauthier at mapscu.com Fri Aug 29 21:01:29 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 29 Aug 2008 14:01:29 -0700 Subject: [rancid] Re: Problem getting config from a Pix 515e In-Reply-To: <0A9A5A2BC1C0A94C981AF5FCF2D2F338122EF90B@mshin01.mapscu.com> References: <0A9A5A2BC1C0A94C981AF5FCF2D2F338122EF90B@mshin01.mapscu.com> Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F338129113FA@mshin01.mapscu.com> So, my problem was more basic than anything I want to admit to... My .cloginrc was referencing my-firewall-inside and the router.db was referencing my-firewall-515e. DOH! Now that is fixed and all works great AND I learned how to patch Ubuntu's expect. Chris Gauthier, CCNA Network Administrator Marion and Polks Schools Credit Union From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Thursday, August 28, 2008 11:08 PM To: rancid-discuss at shrubbery.net Subject: [SPAM] - [rancid] Problem getting config from a Pix 515e - Bayesian Filter detected spam I have a pix 515e w/FOS 7.2 and I get the following errors when I run rancid (2.3.2a7 on Ubuntu 8.04 Server LTS). Any thoughts out there? I finally got the clogin part working, so it is authenticating just fine. Is clogin the correct type for a Pix? What about a Pix running FOS 6.3? Thanks, Chris rancid at myserver:~/logs$ tail firewalls.20080828.225403 firewall.example.com: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: firewall.example.com: End of run not found ! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080829/d1490169/attachment.html