[rancid] Need some Help - F5's in RANCID

Mon Jun 27 04:22:08 UTC 2011

Does version 10.x allow you to use sudo?

I didn't know that tmsh knew about sudo. I thought root was granted
automatically if you are given access to tmsh.

On Thursday, June 23, 2011, Krzysztof Zygmunt
<krzysztof.zygmunt at gmail.com> wrote:
> Hi,
>
> I'm asking because I wanted to get bigips configs using rancid but not
> giving him (rancid) privileges to do everything (root account).
>
> There are some ways we can try:
> - login and jump directly to bigpipe shell (we can not dowload certain
> files then)
> - login and jump directly to tmsh (the same as above)
> - login and get root privileges but to limit what rancid script can do
> (use sudo)
>
> and what sudo is,   eg.:
> http://linux.about.com/od/commands/l/blcmdl8_sudo.htm
>
> On Thu, Jun 23, 2011 at 9:12 AM, Krzysztof Zygmunt
> <krzysztof.zygmunt at gmail.com> wrote:
>> Hi,
>>
>> Kind of off topic but ...
>>
>> Is there any way to make rancid work (getting configs from bigips
>> using "sudo") ?
>> That'd be great !
>>
>> 2011/6/22 Eric Jagaeus <eric at rebtel.com>:
>>>> Chris,
>>>
>>>>
>>>
>>>> You're doing anything wrong.  You'll probably find that you can
>>>> 'rancid-run -r <dev name>' and have it backup properly.  I would recommend
>>>> getting a good backup of the keys once and then comment out the lines in the
>>>> command table.
>>>
>>>
>>>
>>> why?  what is special about the keys?
>>>
>>>
>>>
>>>> -ryan
>>>
>>>>
>>>
>>>> -----Original Message-----
>>>
>>>> From: rancid-discuss-bounces at shrubbery.net
>>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Moody
>>>
>>>> Sent: Monday, January 31, 2011 3:29 PM
>>>
>>>> To: rancid-discuss at shrubbery.net
>>>
>>>> Subject: [rancid] Need some Help - F5's in RANCID
>>>
>>>>
>>>
>>>> I need a second set of eyes to help me figure out what I'm missing or
>>>> doing wrong.
>>>
>>>>
>>>
>>>> I have a number of F5 LTM Load-Balancers that I'm trying to back up with
>>>
>>>> RANCID.    The trouble I'm running into is that they were backing up
>>>
>>>> fine for a short while, but have recently stopped backing up and continue
>>>> showing the following in the logs:
>>>
>>>> =====================================
>>>
>>>> Getting missed routers: round 4.
>>>
>>>> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never
>>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>>
>>>> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never
>>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>>
>>>>
>>>
>>>> I've been debugging and have verified the following:
>>>
>>>> - I have valid and functioning credentials in the .cloginrc file
>>>
>>>> - I have the devices listed in a 'load-balancer' group's router.db file
>>>> with the keyword 'f5' and the flag 'up'
>>>
>>>> - I have tested the login via clogin  - works fine
>>>
>>>>     (I have run clogin with the '-c' command list that f5rancid
>>>> issues...and everything works fine)
>>>
>>>> - I have run f5rancid in debug mode - works fine
>>>
>>>>     (when I run this I see that all the commands run and see a "HIT
>>>> COMMAND" next to every command issued)
>>>
>>>>
>>>
>>>> I am running version '2.3.2' (I have plans to upgrade to '2.3.6' soon)
>>>
>>>>
>>>
>>>> Anyone run into this kind of behavior with F5's?
>>>
>>>>
>>>
>>>> Any insights, hints, comments or criticisms welcome.
>>>
>>>> -Chris
>>>
>>>
>>>
>>> Hi Chris,
>>>
>>>
>>>
>>> Got exactly the same issue when we deployed some new F5's running 10.x
>>>
>>>
>>>
>>> What version of Big-IP are you running? Got these errors with BIG-IP 10.2.1
>>> Build 297.0 Final but not in 9.x.
>>>
>>>
>>>
>>> Removing the commands from f5rancid solved it, but I'd like to know why it
>>> fails.
>>>
>>>
>>>
>>> --- /usr/libexec/rancid/f5rancid        2011-06-22 12:11:48.000000000 +0000
>>>
>>> +++ /usr/libexec/rancid/f5rancid.org    2011-06-22 11:58:27.000000000 +0000
>>>
>>