From lists at quux.de Tue Nov 1 12:40:51 2011 From: lists at quux.de (Jens Link) Date: Tue, 01 Nov 2011 13:40:51 +0100 Subject: [rancid] RANCID and CRS-1 SDRs Message-ID: <87boswt3qk.fsf@pc8.berlin.quux.de> Hi all, anybody using RANCID in combination with Cisco CRS and SDR (Secure Domain Router)? I can't login to the SDR directly but have to use something like this: ssh rancid at admin@192.0.2.1 where 192.0.2.1 is the IP address of the SDR Any idea to configure something like this in RANCID? regrads, Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From daniel.schmidt at wyo.gov Tue Nov 1 14:14:59 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 1 Nov 2011 08:14:59 -0600 Subject: [rancid] RANCID and CRS-1 SDRs In-Reply-To: <87boswt3qk.fsf@pc8.berlin.quux.de> References: <87boswt3qk.fsf@pc8.berlin.quux.de> Message-ID: <3726d9de699b259da81125e74ca7b53c@mail.gmail.com> I used to use Rancid with the CRS - it worked quite well -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jens Link Sent: Tuesday, November 01, 2011 6:41 AM To: 'rancid-discuss at shrubbery.net' Subject: [rancid] RANCID and CRS-1 SDRs Hi all, anybody using RANCID in combination with Cisco CRS and SDR (Secure Domain Router)? I can't login to the SDR directly but have to use something like this: ssh rancid at admin@192.0.2.1 where 192.0.2.1 is the IP address of the SDR Any idea to configure something like this in RANCID? regrads, Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. From lists at quux.de Tue Nov 1 15:13:21 2011 From: lists at quux.de (Jens Link) Date: Tue, 01 Nov 2011 16:13:21 +0100 Subject: [rancid] RANCID and CRS-1 SDRs In-Reply-To: <3726d9de699b259da81125e74ca7b53c@mail.gmail.com> (Daniel Schmidt's message of "Tue, 1 Nov 2011 08:14:59 -0600") References: <87boswt3qk.fsf@pc8.berlin.quux.de> <3726d9de699b259da81125e74ca7b53c@mail.gmail.com> Message-ID: <871utrub8u.fsf@pc8.berlin.quux.de> Daniel Schmidt writes: > I used to use Rancid with the CRS - it worked quite well Using RANCID with CRS is no problem at all. Using RANCID with an SDR configured on a CRS is (or I currently not seeing the right solution. An SDR is like a dedicated hardware and the way it is configured here you have to to some kind of proxy auth. To log into a SDR you have to use something like username at admin@ip. Regrads Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From heas at shrubbery.net Tue Nov 1 23:15:30 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 1 Nov 2011 23:15:30 +0000 Subject: [rancid] RANCID and CRS-1 SDRs In-Reply-To: <871utrub8u.fsf@pc8.berlin.quux.de> References: <87boswt3qk.fsf@pc8.berlin.quux.de> <3726d9de699b259da81125e74ca7b53c@mail.gmail.com> <871utrub8u.fsf@pc8.berlin.quux.de> Message-ID: <20111101231529.GI14029@shrubbery.net> Tue, Nov 01, 2011 at 04:13:21PM +0100, Jens Link: > Daniel Schmidt writes: > > > I used to use Rancid with the CRS - it worked quite well > > Using RANCID with CRS is no problem at all. Using RANCID with an SDR > configured on a CRS is (or I currently not seeing the right solution. > > An SDR is like a dedicated hardware and the way it is configured here > you have to to some kind of proxy auth. To log into a SDR you have to > use something like username at admin@ip. do you mean that the username is essentially "username at admin", ie: ssh -l username at admin ip i'd expect that you can use: user add {username at admin} or user add {username\@admin} > Regrads > > Jens > -- > ------------------------------------------------------------------------- > | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | > | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | > ------------------------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From lists at quux.de Wed Nov 2 08:40:46 2011 From: lists at quux.de (Jens Link) Date: Wed, 02 Nov 2011 09:40:46 +0100 Subject: [rancid] RANCID and CRS-1 SDRs In-Reply-To: <20111101231529.GI14029@shrubbery.net> (john heasley's message of "Tue, 1 Nov 2011 23:15:30 +0000") References: <87boswt3qk.fsf@pc8.berlin.quux.de> <3726d9de699b259da81125e74ca7b53c@mail.gmail.com> <871utrub8u.fsf@pc8.berlin.quux.de> <20111101231529.GI14029@shrubbery.net> Message-ID: <87zkgenchd.fsf@pc8.berlin.quux.de> john heasley writes: >> An SDR is like a dedicated hardware and the way it is configured here >> you have to to some kind of proxy auth. To log into a SDR you have to >> use something like username at admin@ip. > > do you mean that the username is essentially "username at admin", ie: > ssh -l username at admin ip > > i'd expect that you can use: > user add {username at admin} Thanks. Didn't thought of that. It working now. regards Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From FMALAPEL at bouyguestelecom.fr Wed Nov 2 10:13:05 2011 From: FMALAPEL at bouyguestelecom.fr (MALAPELLE, FRANCK) Date: Wed, 2 Nov 2011 11:13:05 +0100 Subject: [rancid] rancid not keeping the newly created .new file In-Reply-To: <20111028201257.GG29419@shrubbery.net> References: <20111028201257.GG29419@shrubbery.net> Message-ID: Hi John, Alurancid is fine, it can log in and create a file of the configuration : rancid at bt1shs08:~/bin$ alurancid -d routerA executing alulogin -t 90 -c"show chassis environment;show chassis power-supply;admin display-config;show system information;show redundancy synchronization" routerA PROMPT MATCH: "A:routerA#" HIT COMMAND:A:routerA# show chassis environment In ShowHw: A:routerA# show chassis environment HIT COMMAND:A:routerA# show chassis power-supply In ShowPwr: A:routerA# show chassis power-supply HIT COMMAND:A:routerA# admin display-config In ShowConfig: A:routerA# admin display-config HIT COMMAND:A:routerA# show system information In ShowSysinfo: A:routerA# show system information HIT COMMAND:A:routerA# show redundancy synchronization In ShowRedSync: A:routerA# show redundancy synchronization The file is there with all the conf. However, when I run rancid-run I can see the .new file during the process but it then disappears... I just can't explain it. Franck Fri, Oct 28, 2011 at 07:54:08PM +0200, MALAPELLE, FRANCK: > Hi, > > I'm facing a really strange problem. > I have routers A and B; both are 7750 Alcatel routers. Except that router A was a Cisco before, we kept the same name. > I can run the alurancid / alulogin perfectly on both of these. > > However when I ran rancid-run only router B has a file with its configuration. Router A still has the cisco config file. > I then created a new group within rancid and started over, this time the conf file of router A is empty! the parsing of the received data is probably failing in alurancid. see the group's logfile and dry alurancid -d hostname. L'int?grit? de ce message n'?tant pas assur?e sur internet, la soci?t? exp?ditrice ne peut ?tre tenue responsable de son contenu ni de ses pi?ces jointes. Toute utilisation ou diffusion non autoris?e est interdite. Si vous n'?tes pas destinataire de ce message, merci de le d?truire et d'avertir l'exp?diteur. The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. From heas at shrubbery.net Wed Nov 2 19:40:17 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 2 Nov 2011 19:40:17 +0000 Subject: [rancid] rancid not keeping the newly created .new file In-Reply-To: References: Message-ID: <20111102194017.GD9291@shrubbery.net> Wed, Nov 02, 2011 at 11:13:05AM +0100, MALAPELLE, FRANCK: > Hi John, > > Alurancid is fine, it can log in and create a file of the configuration : > rancid at bt1shs08:~/bin$ alurancid -d routerA > executing alulogin -t 90 -c"show chassis environment;show chassis power-supply;admin display-config;show system information;show redundancy synchronization" routerA > PROMPT MATCH: "A:routerA#" > HIT COMMAND:A:routerA# show chassis environment > In ShowHw: A:routerA# show chassis environment > HIT COMMAND:A:routerA# show chassis power-supply > In ShowPwr: A:routerA# show chassis power-supply > HIT COMMAND:A:routerA# admin display-config > In ShowConfig: A:routerA# admin display-config > HIT COMMAND:A:routerA# show system information > In ShowSysinfo: A:routerA# show system information > HIT COMMAND:A:routerA# show redundancy synchronization > In ShowRedSync: A:routerA# show redundancy synchronization rancid would end with: Done : prompt#exit i don't know if you maintained this behavior in alurancid. > The file is there with all the conf. > > However, when I run rancid-run I can see the .new file during the process but it then disappears... > I just can't explain it. alurancid is probably removing it because its not convinced that it got the full output. > Franck > > > Fri, Oct 28, 2011 at 07:54:08PM +0200, MALAPELLE, FRANCK: > > Hi, > > > > I'm facing a really strange problem. > > I have routers A and B; both are 7750 Alcatel routers. Except that router A was a Cisco before, we kept the same name. > > I can run the alurancid / alulogin perfectly on both of these. > > > > However when I ran rancid-run only router B has a file with its configuration. Router A still has the cisco config file. > > I then created a new group within rancid and started over, this time the conf file of router A is empty! > > the parsing of the received data is probably failing in alurancid. see the > group's logfile and dry alurancid -d hostname. > > > L'int?grit? de ce message n'?tant pas assur?e sur internet, la soci?t? exp?ditrice ne peut ?tre tenue responsable de son contenu ni de ses pi?ces jointes. Toute utilisation ou diffusion non autoris?e est interdite. Si vous n'?tes pas destinataire de ce message, merci de le d?truire et d'avertir l'exp?diteur. > > The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. From hugo.deprez at gmail.com Thu Nov 3 14:03:53 2011 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Thu, 3 Nov 2011 15:03:53 +0100 Subject: [rancid] missed cmd(s): write term Message-ID: Dear community, I am trying to backup an equipment, but I encounter some trouble : The log file is reporting : Trying to get all of the configs. sw: missed cmd(s): write term ===================================== Getting missed routers: round 1. sw: missed cmd(s): write term ===================================== Getting missed routers: round 2. sw: missed cmd(s): write term ===================================== Getting missed routers: round 3. sw: missed cmd(s): write term ===================================== Getting missed routers: round 4. sw: missed cmd(s): write term So I checked that rancid was able to log on with the following command : /usr/lib/rancid/clogin -c "show clock" sw => It works. So no clogin issue. The equipement is a cisco 2960. I would like to enable debug mode for rancid-run in order to find what is the problem. Any tips ? Regards Hugo From GMourani at prival.ca Thu Nov 3 14:38:26 2011 From: GMourani at prival.ca (Gerhard Mourani) Date: Thu, 3 Nov 2011 10:38:26 -0400 Subject: [rancid] cannot find revision control file for configs Message-ID: Hello list, I've a small problem as show bellow. I've removed a router from the configuration of Rancid but the CVS still continue to look for it and because of that, update the other routers do not complete. How can I make CVS to correct the error and stop to look for the missing router? Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find revision control file for configs/10.1.6.253 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/10.1.6.253' cvs [commit aborted]: correct above errors first! ending: Thu Nov 3 10:04:23 EDT 2011 Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From CAsensio at nexica.com Thu Nov 3 15:16:26 2011 From: CAsensio at nexica.com (Carlos Asensio) Date: Thu, 3 Nov 2011 16:16:26 +0100 Subject: [rancid] cannot find revision control file for configs In-Reply-To: References: Message-ID: Hello list, I've a small problem as show bellow. I've removed a router from the configuration of Rancid but the CVS still continue to look for it and because of that, update the other routers do not complete. How can I make CVS to correct the error and stop to look for the missing router? Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find revision control file for configs/10.1.6.253 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/10.1.6.253' cvs [commit aborted]: correct above errors first! ending: Thu Nov 3 10:04:23 EDT 2011 Regards, With a similar issue, this worked for me: "cvs updated" and "cvs commit" at the affected directoy. -------------- next part -------------- An HTML attachment was scrubbed... URL: From me_gogorza at hotmail.com Thu Nov 3 15:30:16 2011 From: me_gogorza at hotmail.com (Marito ...) Date: Thu, 3 Nov 2011 12:30:16 -0300 Subject: [rancid] missed cmd(s): write term In-Reply-To: References: Message-ID: Hi Hugo, did you get the exit once you run /usr/lib/rancid/clogin -c "show clock" sw ? (It should run show clock, and then exit) For debug, i was looking for information, and ended using (as should be in your case) "expect -d /usr/lib/rancid/clogin -c "show clock" sw " . This should help you to check what is happening when running the commands. Hope this help you. Regards. > Date: Thu, 3 Nov 2011 15:03:53 +0100 > From: hugo.deprez at gmail.com > To: rancid-discuss at shrubbery.net > Subject: [rancid] missed cmd(s): write term > > Dear community, > > I am trying to backup an equipment, but I encounter some trouble : > > The log file is reporting : > > > Trying to get all of the configs. > sw: missed cmd(s): write term > ===================================== > Getting missed routers: round 1. > sw: missed cmd(s): write term > ===================================== > Getting missed routers: round 2. > sw: missed cmd(s): write term > ===================================== > Getting missed routers: round 3. > sw: missed cmd(s): write term > ===================================== > Getting missed routers: round 4. > sw: missed cmd(s): write term > > So I checked that rancid was able to log on with the following command : > > /usr/lib/rancid/clogin -c "show clock" sw > > => It works. So no clogin issue. > > The equipement is a cisco 2960. > > I would like to enable debug mode for rancid-run in order to find what > is the problem. > > Any tips ? > > Regards > > Hugo > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From GMourani at prival.ca Thu Nov 3 15:36:50 2011 From: GMourani at prival.ca (Gerhard Mourani) Date: Thu, 3 Nov 2011 11:36:50 -0400 Subject: [rancid] cannot find revision control file for configs In-Reply-To: References: Message-ID: Yes work fine, thanks. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Carlos Asensio Sent: November-03-11 11:16 AM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] cannot find revision control file for configs Hello list, I've a small problem as show bellow. I've removed a router from the configuration of Rancid but the CVS still continue to look for it and because of that, update the other routers do not complete. How can I make CVS to correct the error and stop to look for the missing router? Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find revision control file for configs/10.1.6.253 cvs commit: Examining . cvs commit: Examining configs cvs commit: Up-to-date check failed for `configs/10.1.6.253' cvs [commit aborted]: correct above errors first! ending: Thu Nov 3 10:04:23 EDT 2011 Regards, With a similar issue, this worked for me: "cvs updated" and "cvs commit" at the affected directoy. -------------- next part -------------- An HTML attachment was scrubbed... URL: From me_gogorza at hotmail.com Thu Nov 3 17:33:13 2011 From: me_gogorza at hotmail.com (Marito ...) Date: Thu, 3 Nov 2011 14:33:13 -0300 Subject: [rancid] missed cmd(s): write term In-Reply-To: References: , , Message-ID: Maybe trying to run write term gives you an error. Run it, and see what happens. Regards Mario > Date: Thu, 3 Nov 2011 18:29:25 +0100 > Subject: Re: [rancid] missed cmd(s): write term > From: hugo.deprez at gmail.com > To: me_gogorza at hotmail.com > CC: rancid-discuss at shrubbery.net > > Hello, > > Yes I get the "show clock" and "exit" command when running the > /usr/lib/rancid/clogin -c "show clock" sw > > I did run the debug command, but as everything is fine I don't know > what I am looking for. > > Maybe the rancid-run command is trying to use an unknown command on my > equipment ? > > Is that possible ? > > Hugo > > On 3 November 2011 16:30, Marito ... wrote: > > Hi Hugo, > > > > did you get the exit once you run /usr/lib/rancid/clogin -c "show clock" sw > > ? (It should run show clock, and then exit) > > For debug, i was looking for information, and ended using (as should be in > > your case) "expect -d /usr/lib/rancid/clogin -c "show clock" sw " . This > > should help you to check what is happening when running the commands. > > > > Hope this help you. > > Regards. > > > > > >> Date: Thu, 3 Nov 2011 15:03:53 +0100 > >> From: hugo.deprez at gmail.com > >> To: rancid-discuss at shrubbery.net > >> Subject: [rancid] missed cmd(s): write term > >> > >> Dear community, > >> > >> I am trying to backup an equipment, but I encounter some trouble : > >> > >> The log file is reporting : > >> > >> > >> Trying to get all of the configs. > >> sw: missed cmd(s): write term > >> ===================================== > >> Getting missed routers: round 1. > >> sw: missed cmd(s): write term > >> ===================================== > >> Getting missed routers: round 2. > >> sw: missed cmd(s): write term > >> ===================================== > >> Getting missed routers: round 3. > >> sw: missed cmd(s): write term > >> ===================================== > >> Getting missed routers: round 4. > >> sw: missed cmd(s): write term > >> > >> So I checked that rancid was able to log on with the following command : > >> > >> /usr/lib/rancid/clogin -c "show clock" sw > >> > >> => It works. So no clogin issue. > >> > >> The equipement is a cisco 2960. > >> > >> I would like to enable debug mode for rancid-run in order to find what > >> is the problem. > >> > >> Any tips ? > >> > >> Regards > >> > >> Hugo > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugo.deprez at gmail.com Thu Nov 3 17:29:25 2011 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Thu, 3 Nov 2011 18:29:25 +0100 Subject: [rancid] missed cmd(s): write term In-Reply-To: References: Message-ID: Hello, Yes I get the "show clock" and "exit" command when running the /usr/lib/rancid/clogin -c "show clock" sw I did run the debug command, but as everything is fine I don't know what I am looking for. Maybe the rancid-run command is trying to use an unknown command on my equipment ? Is that possible ? Hugo On 3 November 2011 16:30, Marito ... wrote: > Hi Hugo, > > did you get the exit once you run /usr/lib/rancid/clogin -c "show clock" sw > ? (It should run show clock, and then exit) > For debug, i was looking for information, and ended using (as should be in > your case)?"expect -d /usr/lib/rancid/clogin -c "show clock" sw "?.?This > should help you to check what is happening when running the commands. > > Hope this help you. > Regards. > > >> Date: Thu, 3 Nov 2011 15:03:53 +0100 >> From: hugo.deprez at gmail.com >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] missed cmd(s): write term >> >> Dear community, >> >> I am trying to backup an equipment, but I encounter some trouble : >> >> The log file is reporting : >> >> >> Trying to get all of the configs. >> sw: missed cmd(s): write term >> ===================================== >> Getting missed routers: round 1. >> sw: missed cmd(s): write term >> ===================================== >> Getting missed routers: round 2. >> sw: missed cmd(s): write term >> ===================================== >> Getting missed routers: round 3. >> sw: missed cmd(s): write term >> ===================================== >> Getting missed routers: round 4. >> sw: missed cmd(s): write term >> >> So I checked that rancid was able to log on with the following command : >> >> /usr/lib/rancid/clogin -c "show clock" sw >> >> => It works. So no clogin issue. >> >> The equipement is a cisco 2960. >> >> I would like to enable debug mode for rancid-run in order to find what >> is the problem. >> >> Any tips ? >> >> Regards >> >> Hugo >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Drikus.Brits at vodacom.co.za Mon Nov 7 06:55:30 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Mon, 7 Nov 2011 06:55:30 +0000 Subject: [rancid] Fortigate rancid issues Message-ID: <6581768FDA03C94BB585650903B4F1EB056FDFC0@zamdc02101> Hi all, I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere. Example : set av-failopen pass - set av-failopen-session disable + set av-failopen-session disable set batch-cmdb enable Or config system amc-slot - edit "sw1" + edit + "sw1" next && Then the next hour : end config system amc-slot - edit - "sw1" + edit "sw1" next end Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ? Thanks Drikus. This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugo.deprez at gmail.com Mon Nov 7 11:00:14 2011 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Mon, 7 Nov 2011 12:00:14 +0100 Subject: [rancid] missed cmd(s): write term In-Reply-To: References: Message-ID: Hello, the command works. In fact, I really have a weird behaviour. Hosts regurarly failed to backup quite randomly with : sw : missed cmd(s): write term or sw clogin error: Error: TIMEOUT reached Now the host backup is working for the original equipments. I do have a certain number of equipments to backup (arround 200). Could that be the source of the issue ? Regards, Hugo On 3 November 2011 18:33, Marito ... wrote: > Maybe trying to run write?term gives you an error. > Run it, and see what happens. > > Regards > Mario > >> Date: Thu, 3 Nov 2011 18:29:25 +0100 >> Subject: Re: [rancid] missed cmd(s): write term >> From: hugo.deprez at gmail.com >> To: me_gogorza at hotmail.com >> CC: rancid-discuss at shrubbery.net >> >> Hello, >> >> Yes I get the "show clock" and "exit" command when running the >> /usr/lib/rancid/clogin -c "show clock" sw >> >> I did run the debug command, but as everything is fine I don't know >> what I am looking for. >> >> Maybe the rancid-run command is trying to use an unknown command on my >> equipment ? >> >> Is that possible ? >> >> Hugo >> >> On 3 November 2011 16:30, Marito ... wrote: >> > Hi Hugo, >> > >> > did you get the exit once you run /usr/lib/rancid/clogin -c "show clock" >> > sw >> > ? (It should run show clock, and then exit) >> > For debug, i was looking for information, and ended using (as should be >> > in >> > your case)?"expect -d /usr/lib/rancid/clogin -c "show clock" sw "?.?This >> > should help you to check what is happening when running the commands. >> > >> > Hope this help you. >> > Regards. >> > >> > >> >> Date: Thu, 3 Nov 2011 15:03:53 +0100 >> >> From: hugo.deprez at gmail.com >> >> To: rancid-discuss at shrubbery.net >> >> Subject: [rancid] missed cmd(s): write term >> >> >> >> Dear community, >> >> >> >> I am trying to backup an equipment, but I encounter some trouble : >> >> >> >> The log file is reporting : >> >> >> >> >> >> Trying to get all of the configs. >> >> sw: missed cmd(s): write term >> >> ===================================== >> >> Getting missed routers: round 1. >> >> sw: missed cmd(s): write term >> >> ===================================== >> >> Getting missed routers: round 2. >> >> sw: missed cmd(s): write term >> >> ===================================== >> >> Getting missed routers: round 3. >> >> sw: missed cmd(s): write term >> >> ===================================== >> >> Getting missed routers: round 4. >> >> sw: missed cmd(s): write term >> >> >> >> So I checked that rancid was able to log on with the following command >> >> : >> >> >> >> /usr/lib/rancid/clogin -c "show clock" sw >> >> >> >> => It works. So no clogin issue. >> >> >> >> The equipement is a cisco 2960. >> >> >> >> I would like to enable debug mode for rancid-run in order to find what >> >> is the problem. >> >> >> >> Any tips ? >> >> >> >> Regards >> >> >> >> Hugo >> >> _______________________________________________ >> >> Rancid-discuss mailing list >> >> Rancid-discuss at shrubbery.net >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > From GMourani at prival.ca Mon Nov 7 16:10:22 2011 From: GMourani at prival.ca (Gerhard Mourani) Date: Mon, 7 Nov 2011 11:10:22 -0500 Subject: [rancid] FortiWeb &FortiAnalyzer Message-ID: Hello list, I've a FortiWeb and FortiAnalyzer device where I'm able to successfully logon with fn-rancid & fnlogin scripts, but when I run "rancid-run", log report errors related to command parse error and input not as expected. This look to me like the command to get device configuration is not the same as the one used for FortiGate devices. Does someone has a patch or a way to make them work with fn-rancid & fnlogin used for FortiGate? !RANCID-CONTENT-TYPE: fortigate !International Version:FortiWeb-400B 4.33,build0535,111018 !Serial-Number:xxxxxxxxxxxxxxxx !Bios version:00010016 !Log hard disk:Available !Hostname:FWB-400B !Operation Mode:Reverse Proxy !Current HA mode=Standalone command parse error before 'full-configuration' Input not as expected. - - - - !RANCID-CONTENT-TYPE: fortigate !Version: FortiAnalyzer-100C v4.0,build0552,111006 (MR3 Patch 1) !Branch point: 552 !Release Version Information: MR3 Patch 1 !Serial-Number: xxxxxxxxxxxxxxxxxx !BIOS version: 04000006 !VCM Plugin Version: 1.217 !Admin Domain Status: disabled !Max number of administrative domains: 1 !Registered Devices: 4 !Maximum Supported Devices: 100 !Hostname: FA-100C !FIPS mode: disabled !Disk Usage: Free 896.48GB, Total 916.89GB command parse error before 'full-configuration' Input not as expected. Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From dr at cluenet.de Mon Nov 7 18:58:33 2011 From: dr at cluenet.de (Daniel Roesen) Date: Mon, 7 Nov 2011 19:58:33 +0100 Subject: [rancid] missed cmd(s): write term In-Reply-To: References: Message-ID: <20111107185833.GA3883@srv03.cluenet.de> On Mon, Nov 07, 2011 at 12:00:14PM +0100, Hugo Deprez wrote: > the command works. > > In fact, I really have a weird behaviour. Hosts regurarly failed to > backup quite randomly with : > sw : missed cmd(s): write term I'm seeing the same problem with Cisco uBR10k boxes. They often need multiple attempts until RANCID finally is OK with the "write term" output. Using ssh here. I've once troubleshooted it down to RANCID having difficulty recognizing the end of the config (prompt) due to inflexible blank character recognition (or lack thereof) of the following command prompt. I tried fixing it but it only made things less bad, not finally fixed it. Lost time+nerve troubleshooting further. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 From hugo.deprez at gmail.com Tue Nov 8 10:52:49 2011 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Tue, 8 Nov 2011 11:52:49 +0100 Subject: [rancid] missed cmd(s): write term In-Reply-To: <20111107185833.GA3883@srv03.cluenet.de> References: <20111107185833.GA3883@srv03.cluenet.de> Message-ID: Hello, I am using SSH too. I mainly backup 2960G equipments. Is there a bug tracker for rancid ? regards, Hugo On 7 November 2011 19:58, Daniel Roesen wrote: > On Mon, Nov 07, 2011 at 12:00:14PM +0100, Hugo Deprez wrote: >> the command works. >> >> In fact, I really have a weird behaviour. Hosts regurarly failed to >> backup quite randomly with : >> sw : missed cmd(s): write term > > I'm seeing the same problem with Cisco uBR10k boxes. They often need > multiple attempts until RANCID finally is OK with the "write term" > output. Using ssh here. I've once troubleshooted it down to RANCID > having difficulty recognizing the end of the config (prompt) due to > inflexible blank character recognition (or lack thereof) of the > following command prompt. I tried fixing it but it only made things less > bad, not finally fixed it. Lost time+nerve troubleshooting further. > > Best regards, > Daniel > > -- > CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From ler762 at gmail.com Tue Nov 8 22:33:37 2011 From: ler762 at gmail.com (Lee) Date: Tue, 8 Nov 2011 17:33:37 -0500 Subject: [rancid] supressing login banner etc? Message-ID: clogin -c "cmd" dev1 dev2 ... devN is a really nice way to collect the output from a bunch of devices. My problem with it is that I get all the login and motd banner cruft. Has anyone come up with an elegant way to strip out all the junk so you get just the command and command output? My work-around is something like clogin -c "sh platform summary" sw1 sw2 sw3 sw4 ... swN |\ awk '/sh platform/ , /exit/' | tr -d "\r" > /tmp/output Anyone know of a better method? And am I the only one that would like an option to suppress all the login and banner msgs? (but still see the error msgs) Thanks, Lee From CAsensio at nexica.com Thu Nov 10 08:13:29 2011 From: CAsensio at nexica.com (Carlos Asensio) Date: Thu, 10 Nov 2011 09:13:29 +0100 Subject: [rancid] supressing login banner etc? In-Reply-To: References: Message-ID: -----Mensaje original----- De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] En nombre de Lee Enviado el: martes, 08 de noviembre de 2011 23:34 Para: rancid-discuss at shrubbery.net Asunto: [rancid] supressing login banner etc? clogin -c "cmd" dev1 dev2 ... devN is a really nice way to collect the output from a bunch of devices. My problem with it is that I get all the login and motd banner cruft. Has anyone come up with an elegant way to strip out all the junk so you get just the command and command output? My work-around is something like clogin -c "sh platform summary" sw1 sw2 sw3 sw4 ... swN |\ awk '/sh platform/ , /exit/' | tr -d "\r" > /tmp/output Anyone know of a better method? And am I the only one that would like an option to suppress all the login and banner msgs? (but still see the error msgs) Thanks, Lee *********************** Hi Lee, I adapted the banners to what it's expected. So no '>' nor '#' character. Regards, Carlos. From rancid at ale.cx Thu Nov 10 10:24:13 2011 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 10 Nov 2011 10:24:13 +0000 Subject: [rancid] =?utf-8?q?supressing_login_banner_etc=3F?= In-Reply-To: References: Message-ID: <67832d1752de389141d2ad6c08989012@localhost> On 08.11.2011 22:33, Lee wrote: > clogin -c "cmd" dev1 dev2 ... devN is a really nice way to collect > the output from a bunch of devices. My problem with it is that I get > all the login and motd banner cruft. Has anyone come up with an > elegant way to strip out all the junk so you get just the command and > command output? You could put some unique character/string in the banner and MOTD and grep them out while using clogin interactively. Of course you then wouldn't see that part of the config, as it would need to be a part of the config! alexd From ler762 at gmail.com Thu Nov 10 11:10:49 2011 From: ler762 at gmail.com (Lee) Date: Thu, 10 Nov 2011 06:10:49 -0500 Subject: [rancid] supressing login banner etc? In-Reply-To: <67832d1752de389141d2ad6c08989012@localhost> References: <67832d1752de389141d2ad6c08989012@localhost> Message-ID: On 11/10/11, Alex DEKKER wrote: > On 08.11.2011 22:33, Lee wrote: >> clogin -c "cmd" dev1 dev2 ... devN is a really nice way to collect >> the output from a bunch of devices. My problem with it is that I get >> all the login and motd banner cruft. Has anyone come up with an >> elegant way to strip out all the junk so you get just the command and >> command output? > > You could put some unique character/string in the banner and MOTD and > grep them out while using clogin interactively. Of course you then > wouldn't see that part of the config, as it would need to be a part of > the config! Right. But that still leaves the device name, spawn ssh ..., prompt for the password, prompt for the enable password, etc. What I'm trying to get is the same output as from 'rsh device cmd' except that it also shows the command. Thanks, Lee From ler762 at gmail.com Thu Nov 10 11:33:21 2011 From: ler762 at gmail.com (Lee) Date: Thu, 10 Nov 2011 06:33:21 -0500 Subject: [rancid] supressing login banner etc? In-Reply-To: References: Message-ID: On 11/10/11, Carlos Asensio wrote: > > -----Mensaje original----- > De: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] En nombre de Lee > Enviado el: martes, 08 de noviembre de 2011 23:34 > Para: rancid-discuss at shrubbery.net > Asunto: [rancid] supressing login banner etc? > > clogin -c "cmd" dev1 dev2 ... devN is a really nice way to collect > the output from a bunch of devices. My problem with it is that I get > all the login and motd banner cruft. Has anyone come up with an > elegant way to strip out all the junk so you get just the command and > command output? > > My work-around is something like > > clogin -c "sh platform summary" sw1 sw2 sw3 sw4 ... swN |\ > awk '/sh platform/ , /exit/' | tr -d "\r" > /tmp/output > > Anyone know of a better method? > > And am I the only one that would like an option to suppress all the > login and banner msgs? (but still see the error msgs) > > Thanks, > Lee > *********************** > > Hi Lee, > > I adapted the banners to what it's expected. So no '>' nor '#' character. I remember :) You had the rancid [early version] works, current rancid can't login problem. This is a separate issue - I'm looking for an rsh replacement & "clogin -c cmd" is almost there. clogin -c cmd | awk '/cmd/ , /exit/' does what I want but I tend to not get the "awk /cmd/" part right on the first try & was wondering if there's an easier / less error-prone way to get the same effect. Thanks, Lee From CAsensio at nexica.com Thu Nov 10 11:51:41 2011 From: CAsensio at nexica.com (Carlos Asensio) Date: Thu, 10 Nov 2011 12:51:41 +0100 Subject: [rancid] supressing login banner etc? In-Reply-To: References: Message-ID: On 11/10/11, Carlos Asensio wrote: > > -----Mensaje original----- > De: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] En nombre de Lee > Enviado el: martes, 08 de noviembre de 2011 23:34 > Para: rancid-discuss at shrubbery.net > Asunto: [rancid] supressing login banner etc? > > clogin -c "cmd" dev1 dev2 ... devN is a really nice way to collect > the output from a bunch of devices. My problem with it is that I get > all the login and motd banner cruft. Has anyone come up with an > elegant way to strip out all the junk so you get just the command and > command output? > > My work-around is something like > > clogin -c "sh platform summary" sw1 sw2 sw3 sw4 ... swN |\ > awk '/sh platform/ , /exit/' | tr -d "\r" > /tmp/output > > Anyone know of a better method? > > And am I the only one that would like an option to suppress all the > login and banner msgs? (but still see the error msgs) > > Thanks, > Lee > *********************** > > Hi Lee, > > I adapted the banners to what it's expected. So no '>' nor '#' character. I remember :) You had the rancid [early version] works, current rancid can't login problem. This is a separate issue - I'm looking for an rsh replacement & "clogin -c cmd" is almost there. clogin -c cmd | awk '/cmd/ , /exit/' does what I want but I tend to not get the "awk /cmd/" part right on the first try & was wondering if there's an easier / less error-prone way to get the same effect. Thanks, Lee **************** Hi Lee, Sorry but, as you may noticed, I misunderstood the problem. I don't know how to help you with that issue, so best of luck :)! Regards, Carlos. From shouldbeq931 at gmail.com Sat Nov 12 00:12:31 2011 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Sat, 12 Nov 2011 00:12:31 +0000 Subject: [rancid] cisco router logs Message-ID: I wondered if anyone had already written a script to extract the logs from a Cisco router and drop them into CVS Cheers Arne From rancid at ale.cx Sat Nov 12 10:40:16 2011 From: rancid at ale.cx (Alex DEKKER) Date: Sat, 12 Nov 2011 10:40:16 +0000 Subject: [rancid] cisco router logs In-Reply-To: References: Message-ID: <21377a4de8124833002f26cd8b621777@localhost> On 12.11.2011 00:12, shouldbe q931 wrote: > I wondered if anyone had already written a script to extract the logs > from a Cisco router and drop them into CVS I'm going to speculate that the answer to this is "no they haven't", because storing logs in CVS doesn't really make any sense, as far as I can tell. Why would you care about what the logs looked like today vs. last week or last month, as you would with a config? Each log entry is timestamped so you can see when things happened. And there's already a sensible, widely supported mechanism for off-router storage of logs, syslog. alexd From shouldbeq931 at gmail.com Sat Nov 12 13:34:20 2011 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Sat, 12 Nov 2011 13:34:20 +0000 Subject: [rancid] cisco router logs In-Reply-To: <21377a4de8124833002f26cd8b621777@localhost> References: <21377a4de8124833002f26cd8b621777@localhost> Message-ID: On Sat, Nov 12, 2011 at 10:40 AM, Alex DEKKER wrote: > On 12.11.2011 00:12, shouldbe q931 wrote: >> >> I wondered if anyone had already written a script to extract the logs >> from a Cisco router and drop them into CVS > > I'm going to speculate that the answer to this is "no they haven't", because > storing logs in CVS doesn't really make any sense, as far as I can tell. Why > would you care about what the logs looked like today vs. last week or last > month, as you would with a config? Each log entry is timestamped so you can > see when things happened. And there's already a sensible, widely supported > mechanism for off-router storage of logs, syslog. > > alexd > Hi Alex The situation is a small site with an ADSL connection that only has two desktops and no VPN back to the main site. I'd rather not have syslog traffic going over the Internet, hence the idea of "collecting" the log over an SSH connection. Granted its not as tidy as syslog, but for the quantity of logs I thought it might be an idea. I guess setting up a site to site VPN to carry syslog traffic will probably be the simplest solution Cheers Arne From rancid at ale.cx Sat Nov 12 22:37:48 2011 From: rancid at ale.cx (Alex DEKKER) Date: Sat, 12 Nov 2011 22:37:48 +0000 Subject: [rancid] cisco router logs Message-ID: <26def1ddbd7634a8d29fd23faea2425c@localhost> shouldbe q931 wrote: >>> I wondered if anyone had already written a script to extract the >>> logs >>> from a Cisco router and drop them into CVS So in answer to the original question...you could add 'show log' to the commandtable, or even 'show log | exclude IPACCESS' if you're not interested in ACL hits. > The situation is a small site with an ADSL connection that only has > two desktops and no VPN back to the main site. I'd rather not have > syslog traffic going over the Internet, hence the idea of > "collecting" > the log over an SSH connection. You can actually encrypt remote logging: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html#wp1054565 but you might find it more straightforward to set up a VPN anyway as it will have other uses. You will probably want to think about filtering and/or rate-limiting syslog so that it doesn't overwhelm the either the router or the upstream on the link. alexd From me at falz.net Sun Nov 13 17:16:55 2011 From: me at falz.net (Chris Wopat) Date: Sun, 13 Nov 2011 11:16:55 -0600 Subject: [rancid] rancid-run won't get config login, `clogin` works, `rancid -d` does get config Message-ID: I'm attempting to add a device to RANCID that acts a as a Cisco device, but isn't. It's a unix server that responds to the cisco 'show', 'dir' commands and has a prompt that is cisco enough to have RANCID log in. Yes I realize that new device types can be written and that a wrapper sample script exists from 2005 or so. It's my personal preference to get things working this way. Info: All of the debugging that I have indicate that it should be working, but it simply isn't. Here's the gist of what I'm doing * RANCID logs in as unprivileged user. 'enable' is aliased to 'su -' * The user prompts are basic HOSTNAME>, HOSTNAME# * The root user has aliases for 'show', 'dir', etc to spit out info that I want (cat a few config files, ls /etc/) The testing I've done: I can properly log in to the device and become root (enable) using clogin. I can then issue commands, etc. I'm simply logged in as root. su -l rancid -c 'clogin HOSTNAME' If I login using 'rancid -d HOSTNAME' it shows debugginfg info. The history file of the root user on the server shows that it has issued the appropriate commands. Additionally I can use the debugging info found elsewhere in the thread to get a .new and .raw file. The commands to get these debug files: su -l rancid -c 'env NOPIPE=y PATH=${PATH}:/usr/local/libexec/rancid rancid -d HOSTNAME' I can view the .new and .raw files in the rancid home users's dir. Everything looks good. The only thing that does NOT work is: su -l rancid -c 'rancid-run -r HOSTNAME' The logs it creates in /usr/local/var/rancid/logs/ show: + date + echo starting: Sun Nov 13 10:34:21 CST 2011 starting: Sun Nov 13 10:34:21 CST 2011 + echo + [ -f /tmp/.group.run.lock ] + trap rm -fr $LOCKFILE;exit 1 1 2 3 6 10 15 + touch /tmp/.group.run.lock + [ 0 -eq 0 ] + control_rancid -r HOSTNAME group Trying to get all of the configs. HOSTNAME clogin error: Error: TIMEOUT reached HOSTNAME: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: HOSTNAME: End of run not found ===================================== ..repeat for 4 rounds. Debugging on the server shows that the unprivileged user did successfully log in but root's history file doesn't indicate that any commands were issued, unlike when 'rancid -d' was run. What am I missing that would make this all work fine with `rancid` and `clogin` but not `rancid-run`? From bobthebaritone at gmail.com Mon Nov 14 10:10:57 2011 From: bobthebaritone at gmail.com (bob watson) Date: Mon, 14 Nov 2011 21:10:57 +1100 Subject: [rancid] rancid-run won't get config login, `clogin` works, `rancid -d` does get config In-Reply-To: References: Message-ID: Chris, Not sure what aliases you are on, but a cron'd environment may not have the aliases that you think you get. Check you environment...print @ENV. Cheers, Bob On 14 November 2011 04:16, Chris Wopat wrote: > I'm attempting to add a device to RANCID that acts a as a Cisco > device, but isn't. It's a unix server that responds to the cisco > 'show', 'dir' commands and has a prompt that is cisco enough to have > RANCID log in. Yes I realize that new device types can be written and > that a wrapper sample script exists from 2005 or so. It's my personal > preference to get things working this way. Info: > > All of the debugging that I have indicate that it should be working, > but it simply isn't. Here's the gist of what I'm doing > > * RANCID logs in as unprivileged user. 'enable' is aliased to 'su -' > * The user prompts are basic HOSTNAME>, HOSTNAME# > * The root user has aliases for 'show', 'dir', etc to spit out info > that I want (cat a few config files, ls /etc/) > > The testing I've done: > > I can properly log in to the device and become root (enable) using > clogin. I can then issue commands, etc. I'm simply logged in as root. > > su -l rancid -c 'clogin HOSTNAME' > > > If I login using 'rancid -d HOSTNAME' it shows debugginfg info. The > history file of the root user on the server shows that it has issued > the appropriate commands. Additionally I can use the debugging info > found elsewhere in the thread to get a .new and .raw file. The > commands to get these debug files: > > su -l rancid -c 'env NOPIPE=y > PATH=${PATH}:/usr/local/libexec/rancid rancid -d HOSTNAME' > > > I can view the .new and .raw files in the rancid home users's dir. > Everything looks good. > > The only thing that does NOT work is: > > su -l rancid -c 'rancid-run -r HOSTNAME' > > The logs it creates in /usr/local/var/rancid/logs/ show: > > + date > + echo starting: Sun Nov 13 10:34:21 CST 2011 > starting: Sun Nov 13 10:34:21 CST 2011 > + echo > + [ -f /tmp/.group.run.lock ] > + trap rm -fr $LOCKFILE;exit 1 1 2 3 6 10 15 > + touch /tmp/.group.run.lock > + [ 0 -eq 0 ] > + control_rancid -r HOSTNAME group > Trying to get all of the configs. > HOSTNAME clogin error: Error: TIMEOUT reached > HOSTNAME: missed cmd(s): dir /all slavedisk2:,show rsp > chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr > chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all > sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir > /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir > /all harddiskb:,show variables boot,show boot,show inventory raw,dir > /all slavedisk1:,show env all,show module,show controllers,show > diagbus,more system:running-config,dir /all slavedisk0:,show > debug,show idprom backplane,dir /all bootflash:,dir /all > sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all > sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir > /all sup-microcode:,show vlan,dir /all slavebootflash:,show > controllers cbus,dir /all slaveslot1:,dir /all nvram:,show > version,show vlan-switch,show redundancy secondary,show > running-config,show c7200,dir /all slot1: > HOSTNAME: End of run not found > ===================================== > > ..repeat for 4 rounds. > > Debugging on the server shows that the unprivileged user did > successfully log in but root's history file doesn't indicate that any > commands were issued, unlike when 'rancid -d' was run. What am I > missing that would make this all work fine with `rancid` and `clogin` > but not `rancid-run`? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at falz.net Mon Nov 14 14:00:06 2011 From: me at falz.net (Chris Wopat) Date: Mon, 14 Nov 2011 08:00:06 -0600 Subject: [rancid] rancid-run won't get config login, `clogin` works, `rancid -d` does get config In-Reply-To: References: Message-ID: On Mon, Nov 14, 2011 at 4:10 AM, bob watson wrote: > Chris, > Not sure what aliases you are on, but a cron'd environment may not have the > aliases that you think you get. > Check you environment...print @ENV. The device that RANCID is connecting to does not have anything RANCID related in cron. RANCID logs in to it as a standard user, that user's environment should be obeyed just like it is when a 'real' user logs in. The RANCID server has no modifications to it at all, just a device added to .clogin and router.db. So to reiterate in case my original post was too long- why does 'rancid' and 'clogin' work but 'rancid-run' doesn't? From daniel.schmidt at wyo.gov Mon Nov 14 15:52:08 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Mon, 14 Nov 2011 08:52:08 -0700 Subject: [rancid] Checkpoint Message-ID: <844c839acce0d8d0f66a73121b2253dd@mail.gmail.com> Anybody ever have any success with Checkpoint? Thkx E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From misch at schwartzkopff.org Mon Nov 14 19:13:50 2011 From: misch at schwartzkopff.org (Michael Schwartzkopff) Date: Mon, 14 Nov 2011 20:13:50 +0100 Subject: [rancid] Checkpoint In-Reply-To: <844c839acce0d8d0f66a73121b2253dd@mail.gmail.com> References: <844c839acce0d8d0f66a73121b2253dd@mail.gmail.com> Message-ID: <201111142013.50775.misch@schwartzkopff.org> > Anybody ever have any success with Checkpoint? Thkx Check Point stores its config not in a text based format. So rancid will not be able to backup. You have to use Check Points own backup tools. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 M?nchen Tel: (0163) 172 50 98 Fax: (089) 620 304 13 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From daniel.schmidt at wyo.gov Mon Nov 14 19:18:21 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Mon, 14 Nov 2011 12:18:21 -0700 Subject: [rancid] Checkpoint In-Reply-To: <201111142013.50775.misch@schwartzkopff.org> References: <844c839acce0d8d0f66a73121b2253dd@mail.gmail.com> <201111142013.50775.misch@schwartzkopff.org> Message-ID: <7c59e7a452ba9e8e8ef0846640d08396@mail.gmail.com> I've never actually used a checkpoint - Thanks for the information -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Michael Schwartzkopff Sent: Monday, November 14, 2011 12:14 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Checkpoint > Anybody ever have any success with Checkpoint? Thkx Check Point stores its config not in a text based format. So rancid will not be able to backup. You have to use Check Points own backup tools. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 M?nchen Tel: (0163) 172 50 98 Fax: (089) 620 304 13 E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. From me at ale.cx Sat Nov 12 22:25:27 2011 From: me at ale.cx (Alex DEKKER) Date: Sat, 12 Nov 2011 22:25:27 +0000 Subject: [rancid] cisco router logs In-Reply-To: References: <21377a4de8124833002f26cd8b621777@localhost> Message-ID: <4f726fc5e840711f40ae624bc8e050b3@localhost> shouldbe q931 wrote: >>> I wondered if anyone had already written a script to extract the >>> logs >>> from a Cisco router and drop them into CVS So in answer to the original question...you could add 'show log' to the commandtable, or even 'show log | exclude IPACCESS' if you're not interested in ACL hits. > The situation is a small site with an ADSL connection that only has > two desktops and no VPN back to the main site. I'd rather not have > syslog traffic going over the Internet, hence the idea of > "collecting" > the log over an SSH connection. You can actually encrypt remote logging: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html#wp1054565 but you might find it more straightforward to set up a VPN anyway as it will have other uses. You will probably want to think about filtering and/or rate-limiting syslog so that it doesn't overwhelm the either the router or the upstream on the link. alexd From michael6at at yahoo.de Tue Nov 15 10:18:30 2011 From: michael6at at yahoo.de (michael schnatterer) Date: Tue, 15 Nov 2011 10:18:30 +0000 (GMT) Subject: [rancid] Rancid and Postfix Message-ID: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> Hey every body, I have a maybe simple problem. I have installed an configured Rancid 1 year ago, everything runs fine and Rancid backups every config change. Now i would configure Rancid to send E-Mails with postfix. I installed postfix and configure it. With telnet localhost 25 i could send E-Mails maually. But now i have to configure aliases but i don't understand it. I have installed and configured Rancid like in this Tutorial. http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases i hav tried it with: rancid-Grp Name: MY EMAIL ADDRESS rancid-admin-GrpName: MY EMAIL ADDRESS But nothing happens. I hope somebody could help me THANKS ! Best Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From misch at schwartzkopff.org Tue Nov 15 12:28:39 2011 From: misch at schwartzkopff.org (Michael Schwartzkopff) Date: Tue, 15 Nov 2011 13:28:39 +0100 Subject: [rancid] Rancid and Postfix In-Reply-To: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> Message-ID: <201111151328.40036.misch@schwartzkopff.org> > Hey every body, > > I have a maybe simple problem. > I have installed an configured Rancid 1 year ago, everything runs fine and > Rancid backups every config change. Now i would configure Rancid to send > E-Mails with postfix. > I installed postfix and configure it. With telnet localhost 25 i could send > E-Mails maually. > > But now i have to configure aliases but i don't understand it. I have > installed and configured Rancid like in this Tutorial. > http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases > i hav tried it with: > rancid-Grp Name: MY EMAIL ADDRESS > rancid-admin-GrpName: MY EMAIL ADDRESS > But nothing happens. > > I hope somebody could help me > > THANKS ! > Best Regards Did you install the mailutils with the "mail" program? -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 M?nchen Tel: (0163) 172 50 98 Fax: (089) 620 304 13 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From michael6at at yahoo.de Tue Nov 15 12:43:08 2011 From: michael6at at yahoo.de (michael schnatterer) Date: Tue, 15 Nov 2011 12:43:08 +0000 (GMT) Subject: [rancid] Rancid and Postfix In-Reply-To: <201111151328.40036.misch@schwartzkopff.org> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <201111151328.40036.misch@schwartzkopff.org> Message-ID: <1321360988.20273.YahooMailNeo@web29012.mail.ird.yahoo.com> Hy, Thanks for your Answer But I'am not sure what you mean with this Mailutils is there another Package to install? I anly have installed postfix via apt-get install postfix like the tutorial descripe. Could you please give me more Information? Thank you very much. ________________________________ Von: Michael Schwartzkopff An: "rancid-discuss at shrubbery.net" Gesendet: 13:28 Dienstag, 15.November 2011 Betreff: Re: [rancid] Rancid and Postfix > Hey every body, > > I have a maybe simple problem. > I have installed an configured Rancid 1 year ago, everything runs fine and > Rancid backups every config change. Now i would configure Rancid to send > E-Mails with postfix. > I installed postfix and configure it. With telnet localhost 25 i could send > E-Mails maually. > > But now i have to configure aliases but i don't understand it. I have > installed and configured Rancid like in this Tutorial. > http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases > i hav tried it with: > rancid-Grp Name: MY EMAIL ADDRESS > rancid-admin-GrpName: MY EMAIL ADDRESS > But nothing happens. > > I hope somebody could help me > > THANKS ! > Best Regards Did you install the mailutils with the "mail" program? -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 M?nchen Tel: (0163) 172 50 98 Fax: (089) 620 304 13 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael6at at yahoo.de Tue Nov 15 14:24:06 2011 From: michael6at at yahoo.de (michael schnatterer) Date: Tue, 15 Nov 2011 14:24:06 +0000 (GMT) Subject: [rancid] Rancid and Postfix In-Reply-To: <201111151457.19411.misch@schwartzkopff.org> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <201111151328.40036.misch@schwartzkopff.org> <1321360988.20273.YahooMailNeo@web29012.mail.ird.yahoo.com> <201111151457.19411.misch@schwartzkopff.org> Message-ID: <1321367046.74778.YahooMailNeo@web29008.mail.ird.yahoo.com> Yes i can send E-Mails from Command line with "telnet localhost 25" like the tutorial descripe. But i dont understand why Rancid don't send the E-Mail after a config change. I think there is maybe a problem with the aliases see my First Post please. Or know you other troubleshooting tips? Thanks Best Regards ________________________________ Von: Michael Schwartzkopff An: michael schnatterer Gesendet: 14:57 Dienstag, 15.November 2011 Betreff: Re: [rancid] Rancid and Postfix > Hy, > > Thanks for your Answer > > But I'am not sure what you mean with this Mailutils is there another > Package to install? I anly have installed postfix via apt-get install > postfix like the tutorial descripe. Could you please give me more > Information? > > Thank you very much. Can you use the mail program from the command line? -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 M?nchen Tel: (0163) 172 50 98 Fax: (089) 620 304 13 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Tue Nov 15 16:02:15 2011 From: rancid at ale.cx (Alex DEKKER) Date: Tue, 15 Nov 2011 16:02:15 +0000 Subject: [rancid] Rancid and Postfix In-Reply-To: <1321367046.74778.YahooMailNeo@web29008.mail.ird.yahoo.com> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <201111151328.40036.misch@schwartzkopff.org> <1321360988.20273.YahooMailNeo@web29012.mail.ird.yahoo.com> <201111151457.19411.misch@schwartzkopff.org> <1321367046.74778.YahooMailNeo@web29008.mail.ird.yahoo.com> Message-ID: <5187721a5373bab25940637d3997a968@localhost> On 15.11.2011 14:24, michael schnatterer wrote: > Or know you other troubleshooting tips? Have a look in the Postfix log. alexd From michael6at at yahoo.de Wed Nov 16 07:11:11 2011 From: michael6at at yahoo.de (michael schnatterer) Date: Wed, 16 Nov 2011 07:11:11 +0000 (GMT) Subject: [rancid] Rancid and Postfix In-Reply-To: <5187721a5373bab25940637d3997a968@localhost> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <201111151328.40036.misch@schwartzkopff.org> <1321360988.20273.YahooMailNeo@web29012.mail.ird.yahoo.com> <201111151457.19411.misch@schwartzkopff.org> <1321367046.74778.YahooMailNeo@web29008.mail.ird.yahoo.com> <5187721a5373bab25940637d3997a968@localhost> Message-ID: <1321427471.21494.YahooMailNeo@web29017.mail.ird.yahoo.com> Hy, Ok in the logs i didn't see anything if i start rancid. But if i start sending E-Mail manually there is some log entrys. The thing that i dont understand is, how communicate Rancid with Postfix? i have never configured something like this. I hope somebody could help me i rotate in that topic since 1 Week :( Thank you realy much Best Regards ________________________________ Von: Alex DEKKER An: rancid-discuss at shrubbery.net Gesendet: 17:02 Dienstag, 15.November 2011 Betreff: Re: [rancid] Rancid and Postfix On 15.11.2011 14:24, michael schnatterer wrote: > Or know you other troubleshooting tips? Have a look in the Postfix log. alexd _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From oglumavd at gmail.com Wed Nov 16 08:06:34 2011 From: oglumavd at gmail.com (oglumavd at gmail.com) Date: Wed, 16 Nov 2011 00:06:34 -0800 Subject: [rancid] Rancid and Postfix Message-ID: <006301cca436$a9f385c0$fdda9140$@gmail.com> Hi Alex, Can you verify the followings? I have this running on Ubuntu 10.x server. 1. install postfix (if already not done it) apt-get install postfix 2. Edit Postfix configuration to reflect your setting, check sys admins for email setting. # ... vi /etc/postfix/main.cf alias_database = hash:/etc/aliases ! if you relayhost = your-email-server-address ... # 3. Edit Rancid configuration. vi /home/rancid/etc/rancid.conf # ... LIST_OF_GROUPS="ADMINS" ... # 4. Edit aliases configuration, step # 3, LIST_OF_GROUPS=ADMINS" (this an example) must match the aliases configuration. vi /etc/aliases # Added by installer for initial user rancid-ADMINS: myadmins at mydomain.com HTH, -oglumavd From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of michael schnatterer Sent: Tuesday, November 15, 2011 11:11 PM To: Alex DEKKER; rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and Postfix Hy, Ok in the logs i didn't see anything if i start rancid. But if i start sending E-Mail manually there is some log entrys. The thing that i dont understand is, how communicate Rancid with Postfix? i have never configured something like this. I hope somebody could help me i rotate in that topic since 1 Week :( Thank you realy much Best Regards _____ Von: Alex DEKKER An: rancid-discuss at shrubbery.net Gesendet: 17:02 Dienstag, 15.November 2011 Betreff: Re: [rancid] Rancid and Postfix On 15.11.2011 14:24, michael schnatterer wrote: > Or know you other troubleshooting tips? Have a look in the Postfix log. alexd _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From oglumavd at gmail.com Wed Nov 16 08:12:42 2011 From: oglumavd at gmail.com (oglumavd at gmail.com) Date: Wed, 16 Nov 2011 00:12:42 -0800 Subject: [rancid] Rancid and Postfix In-Reply-To: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> Message-ID: <007001cca437$84d240f0$8e76c2d0$@gmail.com> Any changes on email server or aliases? Are you using relayhost, check vi /etc/postfix/main.cf and make sure admins are not blocking smtp-relay. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of michael schnatterer Sent: Tuesday, November 15, 2011 2:19 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and Postfix Hey every body, I have a maybe simple problem. I have installed an configured Rancid 1 year ago, everything runs fine and Rancid backups every config change. Now i would configure Rancid to send E-Mails with postfix. I installed postfix and configure it. With telnet localhost 25 i could send E-Mails maually. But now i have to configure aliases but i don't understand it. I have installed and configured Rancid like in this Tutorial. http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases i hav tried it with: rancid-Grp Name: MY EMAIL ADDRESS rancid-admin-GrpName: MY EMAIL ADDRESS But nothing happens. I hope somebody could help me THANKS ! Best Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael6at at yahoo.de Wed Nov 16 08:27:41 2011 From: michael6at at yahoo.de (michael schnatterer) Date: Wed, 16 Nov 2011 08:27:41 +0000 (GMT) Subject: [rancid] Rancid and Postfix In-Reply-To: <007001cca437$84d240f0$8e76c2d0$@gmail.com> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <007001cca437$84d240f0$8e76c2d0$@gmail.com> Message-ID: <1321432061.13727.YahooMailNeo@web29020.mail.ird.yahoo.com> HY, My Problem is not to send the E-Mail this works fine with the console "telnet localhost 25" i believe the problem is the communication between Rancid and postfix. I think postfix didn't recognize that Rancid is doing something. My postfix/main.cf looks like the following: myhostname = my hostname alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = IP of the E-Mail server,localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 10 recipient_delimiter = + default_destination_concurrency_limit = 100 relayhost = IP of the E-Mail Server empty_address_recipient = My E-Mail As you can see i have an relay host. Please help me i am realy desperately. Best Regards ________________________________ Von: "oglumavd at gmail.com" An: 'michael schnatterer' ; rancid-discuss at shrubbery.net Gesendet: 9:12 Mittwoch, 16.November 2011 Betreff: RE: [rancid] Rancid and Postfix Any changes on email server or aliases?? ? Are you using relayhost, check vi /etc/postfix/main.cf and make sure admins are not blocking smtp-relay. ? From:rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of michael schnatterer Sent: Tuesday, November 15, 2011 2:19 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and Postfix ? Hey every body, ? I have a maybe simple problem. I have installed an configured Rancid 1 year ago, everything runs fine and Rancid backups every config change. Now i would configure Rancid to send E-Mails with postfix. I installed postfix and configure it. With telnet localhost 25 i could send E-Mails maually. But now i have to configure aliases but i don't understand it. I have installed and configured Rancid like in this Tutorial. http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases i hav tried it with: rancid-Grp Name: MY EMAIL ADDRESS rancid-admin-GrpName: MY EMAIL ADDRESS But nothing happens. ? I hope somebody could help me ? THANKS ! Best Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From oglumavd at gmail.com Thu Nov 17 06:37:38 2011 From: oglumavd at gmail.com (oglumavd at gmail.com) Date: Wed, 16 Nov 2011 22:37:38 -0800 Subject: [rancid] Rancid and Postfix In-Reply-To: <1321432061.13727.YahooMailNeo@web29020.mail.ird.yahoo.com> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <007001cca437$84d240f0$8e76c2d0$@gmail.com> <1321432061.13727.YahooMailNeo@web29020.mail.ird.yahoo.com> Message-ID: <000c01cca4f3$67ebda20$37c38e60$@gmail.com> Have you tried to watch log mail logs? Delete /home/rancid/logs/ Tail /var/logs/mail Open another terminal window and ssh/telnet into your rancid box ? Add a new device or make a change to device then run rancid manual ? Rancid will trigger an email alert ? Watch mail logs ? Watch /home/rancid/logs/the-recentlog From: michael schnatterer [mailto:michael6at at yahoo.de] Sent: Wednesday, November 16, 2011 12:28 AM To: oglumavd at gmail.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and Postfix HY, My Problem is not to send the E-Mail this works fine with the console "telnet localhost 25" i believe the problem is the communication between Rancid and postfix. I think postfix didn't recognize that Rancid is doing something. My postfix/main.cf looks like the following: myhostname = my hostname alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = IP of the E-Mail server,localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 10 recipient_delimiter = + default_destination_concurrency_limit = 100 relayhost = IP of the E-Mail Server empty_address_recipient = My E-Mail As you can see i have an relay host. Please help me i am realy desperately. Best Regards _____ Von: "oglumavd at gmail.com" An: 'michael schnatterer' ; rancid-discuss at shrubbery.net Gesendet: 9:12 Mittwoch, 16.November 2011 Betreff: RE: [rancid] Rancid and Postfix Any changes on email server or aliases? Are you using relayhost, check vi /etc/postfix/main.cf and make sure admins are not blocking smtp-relay. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of michael schnatterer Sent: Tuesday, November 15, 2011 2:19 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and Postfix Hey every body, I have a maybe simple problem. I have installed an configured Rancid 1 year ago, everything runs fine and Rancid backups every config change. Now i would configure Rancid to send E-Mails with postfix. I installed postfix and configure it. With telnet localhost 25 i could send E-Mails maually. But now i have to configure aliases but i don't understand it. I have installed and configured Rancid like in this Tutorial. http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases i hav tried it with: rancid-Grp Name: MY EMAIL ADDRESS rancid-admin-GrpName: MY EMAIL ADDRESS But nothing happens. I hope somebody could help me THANKS ! Best Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From me_gogorza at hotmail.com Thu Nov 17 18:06:17 2011 From: me_gogorza at hotmail.com (Marito ...) Date: Thu, 17 Nov 2011 15:06:17 -0300 Subject: [rancid] Rancid and Postfix In-Reply-To: <000c01cca4f3$67ebda20$37c38e60$@gmail.com> References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com>, <007001cca437$84d240f0$8e76c2d0$@gmail.com>, <1321432061.13727.YahooMailNeo@web29020.mail.ird.yahoo.com>, <000c01cca4f3$67ebda20$37c38e60$@gmail.com> Message-ID: Hi all, I tried several times to change the aliases file, but it then seems not to update the "little db" that postfix uses (it continued sending the email to the previous configured account). So I gave up trying to make it work, and ended changing the script that make the thing (control_rancid). I searched for : # the receipient(s) of diffs mailrcpt=${mailrcpt:-"@MAILPLUS@${GROUP}${MAILDOMAIN}"}; export mailrcpt adminmailrcpt=${mailrcpt:-"@ADMINMAILPLUS@${GROUP}${MAILDOMAIN}"}; Then replaced @MAILPLUS@${GROUP}${MAILDOMAIN} with my desired email account, and I got it working. Hope this help you. Regards.- Mario From: oglumavd at gmail.com To: michael6at at yahoo.de; rancid-discuss at shrubbery.net Date: Wed, 16 Nov 2011 22:37:38 -0800 Subject: Re: [rancid] Rancid and Postfix Have you tried to watch log mail logs? Delete /home/rancid/logs/ Tail /var/logs/mail Open another terminal window and ssh/telnet into your rancid box ? Add a new device or make a change to device then run rancid manual ? Rancid will trigger an email alert ? Watch mail logs ? Watch /home/rancid/logs/the-recentlog From: michael schnatterer [mailto:michael6at at yahoo.de] Sent: Wednesday, November 16, 2011 12:28 AM To: oglumavd at gmail.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and Postfix HY, My Problem is not to send the E-Mail this works fine with the console "telnet localhost 25" i believe the problem is the communication between Rancid and postfix. I think postfix didn't recognize that Rancid is doing something. My postfix/main.cf looks like the following: myhostname = my hostname alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = IP of the E-Mail server,localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 10 recipient_delimiter = + default_destination_concurrency_limit = 100 relayhost = IP of the E-Mail Server empty_address_recipient = My E-Mail As you can see i have an relay host. Please help me i am realy desperately. Best Regards Von: "oglumavd at gmail.com" An: 'michael schnatterer' ; rancid-discuss at shrubbery.net Gesendet: 9:12 Mittwoch, 16.November 2011 Betreff: RE: [rancid] Rancid and Postfix Any changes on email server or aliases? Are you using relayhost, check vi /etc/postfix/main.cf and make sure admins are not blocking smtp-relay. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of michael schnatterer Sent: Tuesday, November 15, 2011 2:19 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid and Postfix Hey every body, I have a maybe simple problem. I have installed an configured Rancid 1 year ago, everything runs fine and Rancid backups every config change. Now i would configure Rancid to send E-Mails with postfix. I installed postfix and configure it. With telnet localhost 25 i could send E-Mails maually. But now i have to configure aliases but i don't understand it. I have installed and configured Rancid like in this Tutorial. http://openmaniak.com/rancid_tutorial.php Please help me to define Aliases i hav tried it with: rancid-Grp Name: MY EMAIL ADDRESS rancid-admin-GrpName: MY EMAIL ADDRESS But nothing happens. I hope somebody could help me THANKS ! Best Regards _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Nov 17 18:13:42 2011 From: heas at shrubbery.net (john heasley) Date: Thu, 17 Nov 2011 18:13:42 +0000 Subject: [rancid] Rancid and Postfix In-Reply-To: References: <1321352310.16515.YahooMailNeo@web29010.mail.ird.yahoo.com> <007001cca437$84d240f0$8e76c2d0$@gmail.com> <1321432061.13727.YahooMailNeo@web29020.mail.ird.yahoo.com> <000c01cca4f3$67ebda20$37c38e60$@gmail.com> Message-ID: <20111117181342.GA24325@shrubbery.net> Thu, Nov 17, 2011 at 03:06:17PM -0300, Marito ...: > > Hi all, > > I tried several times to change the aliases file, but it then seems not to update the "little db" that postfix uses (it continued sending the email to the previous configured account). http://lmgtfy.com/?q=updating+aliases.db+postfix&l=1 > So I gave up trying to make it work, and ended changing the script that make the thing (control_rancid). > > I searched for : > > # the receipient(s) of diffs > mailrcpt=${mailrcpt:-"@MAILPLUS@${GROUP}${MAILDOMAIN}"}; export mailrcpt > adminmailrcpt=${mailrcpt:-"@ADMINMAILPLUS@${GROUP}${MAILDOMAIN}"}; > > > Then replaced @MAILPLUS@${GROUP}${MAILDOMAIN} with my desired email account, and I got it working. > > Hope this help you. > Regards.- > > Mario > > > > > > > From: oglumavd at gmail.com > To: michael6at at yahoo.de; rancid-discuss at shrubbery.net > Date: Wed, 16 Nov 2011 22:37:38 -0800 > Subject: Re: [rancid] Rancid and Postfix > > > > > > > > > Have you tried to watch log mail logs? > > Delete /home/rancid/logs/ > Tail /var/logs/mail > > Open another terminal window and ssh/telnet into your rancid box > > ? Add a new device or make a change to device then run rancid manual > ? Rancid will trigger an email alert > ? Watch mail logs > ? Watch /home/rancid/logs/the-recentlog > > > > > From: michael schnatterer [mailto:michael6at at yahoo.de] > Sent: Wednesday, November 16, 2011 12:28 AM > To: oglumavd at gmail.com; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Rancid and Postfix > > > > HY, > > > > My Problem is not to send the E-Mail this works fine with the console "telnet localhost 25" i believe the problem is the communication between Rancid and postfix. I think postfix didn't recognize that Rancid is doing something. > > My postfix/main.cf looks like the following: > > > > myhostname = my hostname > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = IP of the E-Mail server,localhost > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > mailbox_size_limit = 10 > recipient_delimiter = + > default_destination_concurrency_limit = 100 > relayhost = IP of the E-Mail Server > empty_address_recipient = My E-Mail > > > > As you can see i have an relay host. > > Please help me i am realy desperately. > > > > > > Best Regards > > > > > > > > > > Von: "oglumavd at gmail.com" > An: 'michael schnatterer' ; rancid-discuss at shrubbery.net > Gesendet: 9:12 Mittwoch, 16.November 2011 > Betreff: RE: [rancid] Rancid and Postfix > > > > > Any changes on email server or aliases? > > Are you using relayhost, check vi /etc/postfix/main.cf and make sure admins are not blocking smtp-relay. > > > > > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of michael schnatterer > Sent: Tuesday, November 15, 2011 2:19 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Rancid and Postfix > > > > > > Hey every body, > > > > > > I have a maybe simple problem. > > > I have installed an configured Rancid 1 year ago, everything runs fine and Rancid backups every config change. > > > Now i would configure Rancid to send E-Mails with postfix. > > > I installed postfix and configure it. With telnet localhost 25 i could send E-Mails maually. > > > But now i have to configure aliases but i don't understand it. I have installed and configured Rancid like in this Tutorial. http://openmaniak.com/rancid_tutorial.php > > > Please help me to define Aliases i hav tried it with: > > > rancid-Grp Name: MY EMAIL ADDRESS > > > rancid-admin-GrpName: MY EMAIL ADDRESS > > > But nothing happens. > > > > > > I hope somebody could help me > > > > > > THANKS ! > > > Best Regards > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From pluxton at antracnetworks.com Tue Nov 22 04:32:09 2011 From: pluxton at antracnetworks.com (Patty Luxton) Date: Mon, 21 Nov 2011 20:32:09 -0800 Subject: [rancid] Rancid with A10 networks Message-ID: <4ECB25C9.6070705@antracnetworks.com> Has anybody written any modifications to Rancid for A10 Load Balancer devices? Clogin seems to work for logging into the device. However, my expect is limited and I'm not sure of how to get rancid to log out of the device (one exit brings you to a > prompt, another exit prompts you as to whether you really want to exit Y or N). I'm sure I could spend some time to figure it out, but hoping to not have to reinvent the wheel. My apologies if this has been posted before - it did not come up in any searches that I tried. Thanks in advance for your help. Patty // -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Tue Nov 22 17:45:59 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 22 Nov 2011 10:45:59 -0700 Subject: [rancid] Spurious up/down messages - locale & sort Message-ID: I really thought we had this one solved with the tr '[A-Z]' '[a-z]' but, as it turns out, a dash is < or > digit depending if you locale is POSIX or en_US.UTF-8. Cron runs as POSIX, so any manual updates have the possibility of generating spurious up/down diffs. Unable to think of a good solution, I instead uttered profane words and implemented a quick solution. $ diff -U 4 control_rancid.bak control_rancid --- control_rancid.bak 2011-11-22 10:15:36.000000000 -0700 +++ control_rancid 2011-11-22 10:19:51.000000000 -0700 @@ -42,8 +42,12 @@ # # control_rancid $GROUP # +# #*@& sort locale!! +LC_COLLATE="POSIX" +export LC_COLLATE + # print a usage message to stderr pr_usage() { echo "usage: $0 [-V] [-r device_name] [-m mail rcpt] group" >&2; } E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Nov 22 20:59:14 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 22 Nov 2011 20:59:14 +0000 Subject: [rancid] Spurious up/down messages - locale & sort In-Reply-To: References: Message-ID: <20111122205914.GD16495@shrubbery.net> Tue, Nov 22, 2011 at 10:45:59AM -0700, Daniel Schmidt: > I really thought we had this one solved with the tr '[A-Z]' '[a-z]' but, as > it turns out, a dash is < or > digit depending if you locale is POSIX or > en_US.UTF-8. Cron runs as POSIX, so any manual updates have the > possibility of generating spurious up/down diffs. Unable to think of a > good solution, I instead uttered profane words and implemented a quick > solution. > probably belongs in rancid.conf rather than control_rancid. From daniel.schmidt at wyo.gov Tue Nov 22 21:18:27 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 22 Nov 2011 14:18:27 -0700 Subject: [rancid] Spurious up/down messages - locale & sort In-Reply-To: <20111122205914.GD16495@shrubbery.net> References: <20111122205914.GD16495@shrubbery.net> Message-ID: <255a5ad83cc360a4b96eaf6d88d79075@mail.gmail.com> Yeah, that does sound like a better idea -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, November 22, 2011 1:59 PM To: Daniel Schmidt Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Spurious up/down messages - locale & sort Tue, Nov 22, 2011 at 10:45:59AM -0700, Daniel Schmidt: > I really thought we had this one solved with the tr '[A-Z]' '[a-z]' > but, as it turns out, a dash is < or > digit depending if you locale > is POSIX or en_US.UTF-8. Cron runs as POSIX, so any manual updates > have the possibility of generating spurious up/down diffs. Unable to > think of a good solution, I instead uttered profane words and > implemented a quick solution. > probably belongs in rancid.conf rather than control_rancid. E-Mail to and from me, in connection with the transaction of public business,is subject to the Wyoming Public Records Act, and may be disclosed to third parties. From dr at cluenet.de Wed Nov 23 22:06:55 2011 From: dr at cluenet.de (Daniel Roesen) Date: Wed, 23 Nov 2011 23:06:55 +0100 Subject: [rancid] Rancid with A10 networks In-Reply-To: <4ECB25C9.6070705@antracnetworks.com> References: <4ECB25C9.6070705@antracnetworks.com> Message-ID: <20111123220655.GA22760@srv03.cluenet.de> On Mon, Nov 21, 2011 at 08:32:09PM -0800, Patty Luxton wrote: > Has anybody written any modifications to Rancid for A10 Load Balancer > devices? Yes, A10. :-) Ask them about it - IIRC they slightly modified the fnrancid script. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 From r.engehausen at gmail.com Sun Nov 27 20:17:48 2011 From: r.engehausen at gmail.com (Roy) Date: Sun, 27 Nov 2011 12:17:48 -0800 Subject: [rancid] Ubiquiti Message-ID: <4ED29AEC.9040003@gmail.com> I have been experimenting with an add-on for Ubiquiti radios. Anyone interested in trying it out and giving me any comments? Roy From rssntn67 at yahoo.it Mon Nov 28 07:00:10 2011 From: rssntn67 at yahoo.it (Antonio Russo) Date: Mon, 28 Nov 2011 08:00:10 +0100 Subject: [rancid] Ubiquiti In-Reply-To: <4ED29AEC.9040003@gmail.com> References: <4ED29AEC.9040003@gmail.com> Message-ID: <93492D29-FFE6-4982-9733-4B4F790F5427@yahoo.it> I'm interested! I have a couple of devices to backup! Antonio Il giorno 27/nov/2011, alle ore 21.17, Roy ha scritto: > I have been experimenting with an add-on for Ubiquiti radios. Anyone interested in trying it out and giving me any comments? > > Roy > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rssntn67 at yahoo.it Mon Nov 28 07:19:31 2011 From: rssntn67 at yahoo.it (Antonio Russo) Date: Mon, 28 Nov 2011 08:19:31 +0100 Subject: [rancid] Alvarion and Alcatel Message-ID: <66679547-4C19-4BE6-92EC-8BD7251E1741@yahoo.it> I'm working on some not yet supported device. My release is rancid 2.3.6. Any suggestion about the following devices: "Alcatel OmniSwitch6400 ----> Sysoid .1.3.6.1.4.1.6486.800.1.1.2.1.10.1.1" "Alcatel OmniStack LS 6224 ----> Sysoid .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.1" "Alcatel OmniStack LS 6224P ---->Sysoid .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.2" "Alcatel OmniStack LS 6212 ---->Sysoid .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.6" "Alvarion BreezeACCESS VL AU-SA --------> Sysoid .1.3.6.1.4.1.12394.4.1.5" "Alvarion BreezeACCESS VL SU-54-BD --------> Sysoid .1.3.6.1.4.1.12394.4.1.15" "Alvarion BreezeNET B28 (BU) --------> Sysoid .1.3.6.1.4.1.12394.4.1.22" "Alvarion BreezeNET B100 (BU) --------> Sysoid .1.3.6.1.4.1.12394.4.1.23" "Alvarion BreezeNET B28 (RB) --------> Sysoid .1.3.6.1.4.1.12394.4.1.32" "Alvarion BreezeNET B100 (RB) --------> Sysoid .1.3.6.1.4.1.12394.4.1.33" I had success with mikrotik using still yet unsopported with the mtrancid! I also tried alurancid for Alcatel without success! Antonio From zmousm at noc.grnet.gr Mon Nov 28 13:36:43 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Mon, 28 Nov 2011 15:36:43 +0200 Subject: [rancid] [PATCH 0/2] Better subversion support, multiple fixes for Extreme XOS Message-ID: <1322487387-1336-1-zmousm@noc.grnet.gr> Hi, my colleague Faidon Liambotis and I had been running rancid 2.3.2a8 on Debian Lenny 5.0 (Linux 2.6.26, expect 5.43) since 2009. We use rancid for configuration monitoring in GRNET (Greek Research and Technology Network, the Greek NREN), among other things for various Extreme Networks switches running XOS. We occasionally had to introduce fixes and workarounds in clogin and xrancid, in order to restore compatibility with XOS devices, usually after a XOS upgrade would break something. Recently we had to upgrade to Debian Squeeze 6.0, at which time we decided to forward port our changes to rancid 2.3.6 and submit them in hope they will be considered for inclusion in the rancid code base. In retrospect it might be a good idea to split clogin for XOS devices into a new script (xlogin?), however such an effort would have been beyond the scope of what we afforded to do in this context. We also submit a few changes to improve support for using subversion repositories with rancid. These patches apply independently against rancid 2.3.6. Thanks in advance for your comments and feedback. Best regards, Zenon Mousmoulas From zmousm at noc.grnet.gr Mon Nov 28 13:36:45 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Mon, 28 Nov 2011 15:36:45 +0200 Subject: [rancid] [PATCH 1/2] Better support for subversion repositories In-Reply-To: <1322487387-1336-1-zmousm@noc.grnet.gr> References: <1322487387-1336-1-zmousm@noc.grnet.gr> Message-ID: <1322487387-1336-2-zmousm@noc.grnet.gr> Improve subversion support: - Support arbitrary subversion URLs as (pre-provisioned) repositories. - Do not overwrite an existing local repository. - Avoid "svn: Directory '' is out of date" message. Included for completeness, copied from Debian patch by Nicolas DEFFAYET : http://patch-tracker.debian.org/patch/series/dl/rancid/2.3.6-1/09_svn.dpatch Signed-off-by: Zenon Mousmoulas --- diff -ru rancid-2.3.6/bin/control_rancid.in rancid-2.3.6-grnet/bin/control_rancid.in --- rancid-2.3.6/bin/control_rancid.in 2011-02-16 01:16:59.000000000 +0200 +++ rancid-2.3.6-grnet/bin/control_rancid.in 2011-11-26 00:12:08.000000000 +0200 @@ -167,6 +167,12 @@ fi fi +# svn update to avoid 'Out of date' error +if [ $RCSSYS = svn ] +then + svn update +fi + # do cvs update of router.db in case anyone has fiddled. $RCSSYS update router.db > $TMP 2>&1 grep "^C" $TMP > /dev/null diff -ru rancid-2.3.6/bin/rancid-cvs.in rancid-2.3.6-grnet/bin/rancid-cvs.in --- rancid-2.3.6/bin/rancid-cvs.in 2011-02-16 01:16:59.000000000 +0200 +++ rancid-2.3.6-grnet/bin/rancid-cvs.in 2011-11-26 00:12:08.000000000 +0200 @@ -93,11 +93,20 @@ fi # Top level CVS stuff -if [ ! -d $CVSROOT ]; then - if [ $RCSSYS = cvs ]; then +if [ $RCSSYS = cvs ]; then + if [ ! -d $CVSROOT ]; then cvs -d $CVSROOT init + fi +else + if echo "$CVSROOT" | grep -q "://"; then + # do nothing because CVSROOT is some sort of a URL + # also assume the repository has already been provisioned + : else - svnadmin create $CVSROOT @SVN_FSTYPE@ + if [ ! -d $CVSROOT ] && ! svn ls "file://$CVSROOT" >/dev/null 2>&1; then + svnadmin create $CVSROOT @SVN_FSTYPE@ + fi + CVSROOT="file://$CVSROOT" fi fi @@ -128,9 +137,11 @@ cd $BASEDIR cvs checkout $GROUP else - svn import -m "$GROUP" . file:///$CVSROOT/$GROUP + svn import -m "$GROUP" . $CVSROOT/$GROUP cd $BASEDIR - svn checkout file:///$CVSROOT/$GROUP $GROUP + svn checkout $CVSROOT/$GROUP $GROUP + cd $DIR + svn update fi fi cd $DIR diff -ru rancid-2.3.6/etc/rancid.conf.sample.in rancid-2.3.6-grnet/etc/rancid.conf.sample.in --- rancid-2.3.6/etc/rancid.conf.sample.in 2011-02-16 01:16:59.000000000 +0200 +++ rancid-2.3.6-grnet/etc/rancid.conf.sample.in 2011-11-26 00:12:08.000000000 +0200 @@ -21,6 +21,15 @@ BASEDIR=@localstatedir@; export BASEDIR PATH=@bindir@:@ENV_PATH@; export PATH # Location of the CVS/SVN repository. Be careful changing this. +# If RCSSYS is svn, this can be: +# - an (absolute) path (a subdirectory of BASEDIR by default). +# - any URL that subversion understands, but beware that: +# - no attempt will be made to create the repository when +# running rancid-cvs. +# - authentication credentials, if necessary, MUST be cached +# (see SVN book, Ch. 3, Network Model, Caching credentials) +# before non-interactive commands can run, e.g. by running +# rancid-cvs after installation. CVSROOT=$BASEDIR/CVS; export CVSROOT # Location of log files produced by rancid-run(1). LOGDIR=$BASEDIR/logs; export LOGDIR From zmousm at noc.grnet.gr Mon Nov 28 13:36:45 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Mon, 28 Nov 2011 15:36:45 +0200 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <1322487387-1336-1-zmousm@noc.grnet.gr> References: <1322487387-1336-1-zmousm@noc.grnet.gr> Message-ID: <1322487387-1336-3-zmousm@noc.grnet.gr> Improve support for Extreme Networks devices running XOS: - Fix end of config detection, since there is no "# End of configuration file" anymore, since XOS 12.2 or maybe earlier (xrancid). - Handle more forms of syntax error messages (xrancid). - Also parse "show switch" output to grab chassis type (xrancid). - ANSI escape sequences seem to be used since XOS 12.3 or maybe earlier to draw the pager prompt, skip them if found in order to help with pager prompt detection (clogin). - The pager can be disabled per session since XOS 12.3, try to do that in order to avoid struggling with pager prompts and ANSI sequences altogether (clogin). - Eat all space that may be there after username/password prompts (clogin). - XOS runs a large banner by default after login (which matches prompt detection!), however output buffering is traditionally and consistently broken on XOS devices, causing mismatches in prompt detection and subsequent commands. Therefore we need to wait 1 second to eat all output up to the first prompt, for things to work from there on. Unfortunately the delay affects all devices, not just XOS. Signed-off-by: Zenon Mousmoulas --- diff -ru rancid-2.3.6/bin/clogin.in rancid-2.3.6-grnet/bin/clogin.in --- rancid-2.3.6/bin/clogin.in 2011-02-16 01:16:59.000000000 +0200 +++ rancid-2.3.6-grnet/bin/clogin.in 2011-11-26 00:15:17.000000000 +0200 @@ -610,11 +610,9 @@ global do_saveconfig in_proc platform set in_proc 1 - # If the prompt is (enable), then we are on a switch and the - # command is "set length 0"; otherwise its "terminal length 0". - # skip if its an extreme (since the pager can not be disabled on a - # per-vty basis). if { [ string compare "extreme" "$platform" ] } { + # If the prompt is (enable), then we are on a switch and the + # command is "set length 0"; otherwise its "terminal length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" # This is ugly, but reduces code duplication, allowing the @@ -631,7 +629,12 @@ -re "\[\n\r]+" { exp_continue } } } else { + send "disable clipaging\r" set reprompt $prompt + expect { + -re $reprompt {} + -re "\[\n\r]+" { exp_continue } + } } # this is the only way i see to get rid of more prompts in o/p..grrrrr @@ -640,11 +643,14 @@ set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look - # for the "More" prompt. the extreme is equally obnoxious, with a - # global switch in the config. + # for the "More" prompt. for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { + -re "^\x1b(\\\[|\(|\))\[;?0-9]*\[0-9A-Za-z]" { # skip ANSI escape sequences + set seen_ansi 1 + exp_continue + } -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } @@ -658,12 +664,14 @@ -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } - -re "\[^\r\n]*Press to cont\[^\r\n]*" { + -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " + if { ! $seen_ansi } { # bloody ^[[2K after " " - expect { - -re "^\[^\r\n]*\r" {} - } + expect { + -re "^\[^\r\n]*\r" {} + } + } exp_continue } -re "^ *--More--\[^\n\r]*" { @@ -808,19 +816,19 @@ # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|Login|login|user name|User):" + set u_prompt "(Username|Login|login|user name|User): *" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { - set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+):" + set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+): *" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { - set e_prompt "\[Pp]assword:" + set e_prompt "\[Pp]assword: *" } else { set e_prompt [join [lindex $e_prompt 0] ""] } @@ -861,6 +869,18 @@ # if login failed or rsh was unsuccessful, move on to the next device continue } + + # Get all (output after login) you can eat in 1s + # (hopefully up to and including the first prompt). + # This is mostly necessary to work around + # stoopid extreme output buffering. + expect { + -timeout 1 + -re "\[\n\r]+" { exp_continue } + -re "\[^\n\r]+" { exp_continue -continue_timer } + timeout {} + } + # Figure out the prompt. if { [regexp -- "(#| \\(enable\\))" $prompt_match junk] == 1 } { set enable 0 diff -ru rancid-2.3.6/bin/xrancid.in rancid-2.3.6-grnet/bin/xrancid.in --- rancid-2.3.6/bin/xrancid.in 2011-02-16 01:16:59.000000000 +0200 +++ rancid-2.3.6-grnet/bin/xrancid.in 2011-11-26 00:15:17.000000000 +0200 @@ -280,6 +280,8 @@ /^(boot |next reboot)/i && next; /^(auto |qos mode|sys\S*:|temperature|time)/i && next; + /^system type\s*:\s*(.+)/i && + ProcessHistory("COMMENTS","keysort","A0","#Chassis type: $1\n") && next; /^power supply: (.*)/i && ProcessHistory("COMMENTS","keysort","C0","#$1") && next; /^license/i && ProcessHistory("COMMENTS","keysort","D0","#Image: $_") @@ -300,14 +302,17 @@ print STDERR " In WriteTerm: $_" if ($debug); my($comment) = 1; # strip extra comments, esp to preserve chassis type + $found_end = 0; while () { tr/\015//d; last if(/^$prompt/); next if(/^\s*$/); return(0) if(/^syntax error at token /i); + return(0) if(/^%% Invalid input detected at /i); + return(0) if(/^%% Ambiguous command:/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; - return(0) if ($found_end); + last if ($found_end); s/^\s*$/#/; next if (/full detail configuration/i); @@ -389,12 +394,6 @@ # catch anything that wasnt match above. ProcessHistory("COMMENTS","keysort","H0","$_"); - # end of config - if (/^# End of configuration file/i) { - printf STDERR " End WriteTerm: $_" if ($debug); - $found_end = 1; - return(0); - } } if ($lines < 3) { @@ -403,6 +402,7 @@ return(-1); } $found_end = 1; + printf STDERR " End WriteTerm: $_" if ($debug); return(0); } @@ -487,19 +487,19 @@ ProcessHistory("COMMENTS","keysort","X0","#\n"); TOP: while() { tr/\015//d; - # note: this match sucks rocks, but currently the extreme bits are - # unreliable about echoing the 'exit\n' command. this match might really - # be a bad idea, but instead rely upon WriteTerm's found_end? - if (/$prompt\s?(quit|exit|Connection( to \S+)? closed)/ && $found_end) { - $clean_run = 1; - last; - } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run = 0; last; } + # note: this match sucks rocks, but currently the extreme bits are + # unreliable about echoing the 'exit\n' command. this match might really + # be a bad idea, but instead rely upon WriteTerm's found_end? + if (/($prompt\s?(quit|exit)|Connection( to \S+)? closed)/ && $found_end) { + $clean_run = 1; + last; + } while (/$prompt\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { From nick at buraglio.com Mon Nov 28 13:58:08 2011 From: nick at buraglio.com (Nick Buraglio) Date: Mon, 28 Nov 2011 07:58:08 -0600 Subject: [rancid] Alvarion and Alcatel In-Reply-To: <66679547-4C19-4BE6-92EC-8BD7251E1741@yahoo.it> References: <66679547-4C19-4BE6-92EC-8BD7251E1741@yahoo.it> Message-ID: <6714213029350048323@unknownmsgid> Alurancud was written for the 7750 series, I believe (but am not positive) that the cli is different. I think there was some code that may have worked on the 6400 called orancid. http://www.google.com/url?sa=t&source=web&cd=7&ved=0CD8QFjAG&url=http%3A%2F%2Fweb.gxis.de%2Ftiki%2Ftiki-view_blog_post.php%3FpostId%3D104&ei=2ZLTTtLHOoau2AWY8pCvDw&usg=AFQjCNHb26oFAWFGj1cIdRp8TYwBWWTpng&sig2=sWaVv5y2k1bnPfJY9rQMLg -- nb On Nov 28, 2011, at 1:23 AM, Antonio Russo wrote: > I'm working on some not yet supported device. > > My release is rancid 2.3.6. > Any suggestion about the following devices: > > "Alcatel OmniSwitch6400 ----> Sysoid .1.3.6.1.4.1.6486.800.1.1.2.1.10.1.1" > "Alcatel OmniStack LS 6224 ----> Sysoid .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.1" > "Alcatel OmniStack LS 6224P ---->Sysoid .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.2" > "Alcatel OmniStack LS 6212 ---->Sysoid .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.6" > > "Alvarion BreezeACCESS VL AU-SA --------> Sysoid .1.3.6.1.4.1.12394.4.1.5" > "Alvarion BreezeACCESS VL SU-54-BD --------> Sysoid .1.3.6.1.4.1.12394.4.1.15" > "Alvarion BreezeNET B28 (BU) --------> Sysoid .1.3.6.1.4.1.12394.4.1.22" > "Alvarion BreezeNET B100 (BU) --------> Sysoid .1.3.6.1.4.1.12394.4.1.23" > "Alvarion BreezeNET B28 (RB) --------> Sysoid .1.3.6.1.4.1.12394.4.1.32" > "Alvarion BreezeNET B100 (RB) --------> Sysoid .1.3.6.1.4.1.12394.4.1.33" > > > I had success with mikrotik using still yet unsopported with the mtrancid! > > I also tried alurancid for Alcatel without success! > > > Antonio > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From umberto.nicoletti at gmail.com Mon Nov 28 14:12:05 2011 From: umberto.nicoletti at gmail.com (Umberto Nicoletti) Date: Mon, 28 Nov 2011 15:12:05 +0100 Subject: [rancid] Alvarion and Alcatel In-Reply-To: <6714213029350048323@unknownmsgid> References: <66679547-4C19-4BE6-92EC-8BD7251E1741@yahoo.it> <6714213029350048323@unknownmsgid> Message-ID: I'm also interested in Alcatel 62xx or 64xx series support. Last I tried (some 6months ago) I could not make it work no matter what tool (alurancid, orancid, etc) I used. Umberto On Mon, Nov 28, 2011 at 2:58 PM, Nick Buraglio wrote: > Alurancud was written for the 7750 series, I believe (but am not > positive) that the cli is different. I think there was some code that > may have worked on the 6400 called orancid. > > http://www.google.com/url?sa=t&source=web&cd=7&ved=0CD8QFjAG&url=http%3A%2F%2Fweb.gxis.de%2Ftiki%2Ftiki-view_blog_post.php%3FpostId%3D104&ei=2ZLTTtLHOoau2AWY8pCvDw&usg=AFQjCNHb26oFAWFGj1cIdRp8TYwBWWTpng&sig2=sWaVv5y2k1bnPfJY9rQMLg > -- > nb > > On Nov 28, 2011, at 1:23 AM, Antonio Russo wrote: > > > I'm working on some not yet supported device. > > > > My release is rancid 2.3.6. > > Any suggestion about the following devices: > > > > "Alcatel OmniSwitch6400 ----> Sysoid > .1.3.6.1.4.1.6486.800.1.1.2.1.10.1.1" > > "Alcatel OmniStack LS 6224 ----> Sysoid > .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.1" > > "Alcatel OmniStack LS 6224P ---->Sysoid > .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.2" > > "Alcatel OmniStack LS 6212 ---->Sysoid > .1.3.6.1.4.1.6486.800.1.1.2.2.4.1.6" > > > > "Alvarion BreezeACCESS VL AU-SA --------> Sysoid > .1.3.6.1.4.1.12394.4.1.5" > > "Alvarion BreezeACCESS VL SU-54-BD --------> Sysoid > .1.3.6.1.4.1.12394.4.1.15" > > "Alvarion BreezeNET B28 (BU) --------> Sysoid > .1.3.6.1.4.1.12394.4.1.22" > > "Alvarion BreezeNET B100 (BU) --------> Sysoid > .1.3.6.1.4.1.12394.4.1.23" > > "Alvarion BreezeNET B28 (RB) --------> Sysoid > .1.3.6.1.4.1.12394.4.1.32" > > "Alvarion BreezeNET B100 (RB) --------> Sysoid > .1.3.6.1.4.1.12394.4.1.33" > > > > > > I had success with mikrotik using still yet unsopported with the > mtrancid! > > > > I also tried alurancid for Alcatel without success! > > > > > > Antonio > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sid at brainstorminternet.net Mon Nov 28 01:34:38 2011 From: sid at brainstorminternet.net (Sid Arnold) Date: Sun, 27 Nov 2011 18:34:38 -0700 Subject: [rancid] Ubiquiti In-Reply-To: <4ED29AEC.9040003@gmail.com> References: <4ED29AEC.9040003@gmail.com> Message-ID: <41E47177-1BB4-4712-8FBC-669284EF09E8@brainstorminternet.net> I would be really interested. Sid Sent from my iPhone On Nov 27, 2011, at 1:17 PM, Roy wrote: > I have been experimenting with an add-on for Ubiquiti radios. Anyone interested in trying it out and giving me any comments? > > Roy > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Nov 29 22:28:38 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 29 Nov 2011 22:28:38 +0000 Subject: [rancid] [PATCH 1/2] Better support for subversion repositories In-Reply-To: <1322487387-1336-2-zmousm@noc.grnet.gr> References: <1322487387-1336-1-zmousm@noc.grnet.gr> <1322487387-1336-2-zmousm@noc.grnet.gr> Message-ID: <20111129222838.GA23935@shrubbery.net> Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: > Improve subversion support: > - Support arbitrary subversion URLs as (pre-provisioned) repositories. > - Do not overwrite an existing local repository. > - Avoid "svn: Directory '' is out of date" message. > Included for completeness, copied from Debian patch > by Nicolas DEFFAYET : > http://patch-tracker.debian.org/patch/series/dl/rancid/2.3.6-1/09_svn.dpatch > > +++ rancid-2.3.6-grnet/bin/control_rancid.in 2011-11-26 00:12:08.000000000 +0200 > @@ -167,6 +167,12 @@ > fi > fi > > +# svn update to avoid 'Out of date' error > +if [ $RCSSYS = svn ] > +then > + svn update > +fi why is this necessary? it should never be out of date, unless someone has altered the repository, in which case you want to be alerted to that. From heas at shrubbery.net Tue Nov 29 22:51:46 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 29 Nov 2011 22:51:46 +0000 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <20111129224421.D6D9124CDD4@sea.shrubbery.net> <1322487387-1336-3-zmousm@noc.grnet.gr> Message-ID: <20111129225146.GB23935@shrubbery.net> Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: > Improve support for Extreme Networks devices running XOS: > - The pager can be disabled per session since XOS 12.3, try to do that > in order to avoid struggling with pager prompts and ANSI sequences > altogether (clogin). > +++ rancid-2.3.6-grnet/bin/clogin.in 2011-11-26 00:15:17.000000000 +0200 > @@ -610,11 +610,9 @@ > global do_saveconfig in_proc platform > set in_proc 1 > > - # If the prompt is (enable), then we are on a switch and the > - # command is "set length 0"; otherwise its "terminal length 0". > - # skip if its an extreme (since the pager can not be disabled on a > - # per-vty basis). > if { [ string compare "extreme" "$platform" ] } { > + # If the prompt is (enable), then we are on a switch and the > + # command is "set length 0"; otherwise its "terminal length 0". > if [ regexp -- ".*> .*enable" "$prompt" ] { > send "set length 0\r" > # This is ugly, but reduces code duplication, allowing the > @@ -631,7 +629,12 @@ > -re "\[\n\r]+" { exp_continue } > } > } else { > + send "disable clipaging\r" > set reprompt $prompt > + expect { > + -re $reprompt {} > + -re "\[\n\r]+" { exp_continue } > + } > } > > # this is the only way i see to get rid of more prompts in o/p..grrrrr > @@ -640,11 +643,14 @@ > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on the PIX, so we have to look > - # for the "More" prompt. the extreme is equally obnoxious, with a > - # global switch in the config. > + # for the "More" prompt. i think this what you really want: Index: bin/clogin.in =================================================================== --- bin/clogin.in (revision 2340) +++ bin/clogin.in (working copy) @@ -633,8 +633,8 @@ set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look - # for the "More" prompt. the extreme is equally obnoxious, with a - # global switch in the config. + # for the "More" prompt. the extreme is equally obnoxious in pre-12.3 XOS, + # with a global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { @@ -897,20 +897,25 @@ } } if { $do_command || $do_script } { - # If the prompt is (enable), then we are on a switch and the - # command is "set length 0"; otherwise its "terminal length 0". - if [regexp -- ".*> .*enable" "$prompt"] { - send "set length 0\r" - expect -re $prompt {} - send "set width 132\r" - expect -re $prompt {} - send "set logging session disable\r" + if { [ string compare "extreme" "$platform" ] } { + # If the prompt is (enable), then we are on a switch and the + # command is "set length 0"; otherwise its "terminal length 0". + if [regexp -- ".*> .*enable" "$prompt"] { + send "set length 0\r" + expect -re $prompt {} + send "set width 132\r" + expect -re $prompt {} + send "set logging session disable\r" + } else { + send "terminal length 0\r" + expect -re $prompt {} + send "terminal width 132\r" + } + expect -re $prompt {} } else { - send "terminal length 0\r" - expect -re $prompt {} - send "terminal width 132\r" + send "disable clipaging\r" + expect -re $prompt {} } - expect -re $prompt {} } if { $do_command } { if {[run_commands $prompt $command]} { > - set u_prompt "(Username|Login|login|user name|User):" > + set u_prompt "(Username|Login|login|user name|User): *" why is this necessary? if there happen to be spaces after the prompt, it should be possible to ignore them, send the input and allow the next expect to eat the spaces, if they exist. > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > } > set p_prompt [find passprompt $router] > if { "$p_prompt" == "" } { > - set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+):" > + set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+): *" > } else { > set p_prompt [join [lindex $p_prompt 0] ""] > } > set e_prompt [find enableprompt $router] > if { "$e_prompt" == "" } { > - set e_prompt "\[Pp]assword:" > + set e_prompt "\[Pp]assword: *" > } else { > set e_prompt [join [lindex $e_prompt 0] ""] > } From zmousm at noc.grnet.gr Wed Nov 30 18:10:28 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Wed, 30 Nov 2011 20:10:28 +0200 Subject: [rancid] [PATCH 1/2] Better support for subversion repositories In-Reply-To: <20111129222838.GA23935@shrubbery.net> References: <1322487387-1336-1-zmousm@noc.grnet.gr> <1322487387-1336-2-zmousm@noc.grnet.gr> <20111129222838.GA23935@shrubbery.net> Message-ID: <329eddb2b2808988fa6768a6692fadf7@noc.grnet.gr> On Tue, 29 Nov 2011 22:28:38 +0000, john heasley wrote: > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: >> Improve subversion support: >> - Support arbitrary subversion URLs as (pre-provisioned) repositories. >> - Do not overwrite an existing local repository. >> - Avoid "svn: Directory '' is out of date" message. >> Included for completeness, copied from Debian patch >> by Nicolas DEFFAYET : >> http://patch-tracker.debian.org/patch/series/dl/rancid/2.3.6-1/09_svn.dpatch >> >> +++ rancid-2.3.6-grnet/bin/control_rancid.in 2011-11-26 >> 00:12:08.000000000 +0200 >> @@ -167,6 +167,12 @@ >> fi >> fi >> >> +# svn update to avoid 'Out of date' error >> +if [ $RCSSYS = svn ] >> +then >> + svn update >> +fi > > why is this necessary? it should never be out of date, unless someone has > altered the repository, in which case you want to be alerted to that. We "inherited" this due to merging with the Debian patch I mentioned earlier, while forward porting our changes to 2.3.6. Since we initially tried to apply our changes on top of the Debian package for 2.3.6 (rather than vanilla 2.3.6), we had a conflict with the other hunk from this Debian patch: --- rancid~/bin/rancid-cvs.in +++ rancid/bin/rancid-cvs.in @@ -131,6 +131,8 @@ svn import -m "$GROUP" . file:///$CVSROOT/$GROUP cd $BASEDIR svn checkout file:///$CVSROOT/$GROUP $GROUP + cd $DIR + svn update fi fi cd $DIR So rather than sending only this change (which is required and has been tested) we opted for merging with the Debian patch. I am not sure however when the change you noted would be necessary and I certainly can not object to your reasoning against it. Therefore I suppose we can drop this hunk. I can send an updated patch if you are OK with the rest of the changes. Cheers, Z. From zmousm at noc.grnet.gr Wed Nov 30 18:12:43 2011 From: zmousm at noc.grnet.gr (Zenon Mousmoulas) Date: Wed, 30 Nov 2011 20:12:43 +0200 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <20111129225146.GB23935@shrubbery.net> References: <20111129225146.GB23935@shrubbery.net> Message-ID: <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> On Tue, 29 Nov 2011 22:51:46 +0000, john heasley wrote: > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: >> Improve support for Extreme Networks devices running XOS: >> - The pager can be disabled per session since XOS 12.3, try to do that >> in order to avoid struggling with pager prompts and ANSI sequences >> altogether (clogin). > >> +++ rancid-2.3.6-grnet/bin/clogin.in 2011-11-26 00:15:17.000000000 +0200 >> @@ -610,11 +610,9 @@ >> global do_saveconfig in_proc platform >> set in_proc 1 >> >> - # If the prompt is (enable), then we are on a switch and the >> - # command is "set length 0"; otherwise its "terminal length 0". >> - # skip if its an extreme (since the pager can not be disabled on a >> - # per-vty basis). >> if { [ string compare "extreme" "$platform" ] } { >> + # If the prompt is (enable), then we are on a switch and the >> + # command is "set length 0"; otherwise its "terminal length 0". >> if [ regexp -- ".*> .*enable" "$prompt" ] { >> send "set length 0\r" >> # This is ugly, but reduces code duplication, allowing the >> @@ -631,7 +629,12 @@ >> -re "\[\n\r]+" { exp_continue } >> } >> } else { >> + send "disable clipaging\r" >> set reprompt $prompt >> + expect { >> + -re $reprompt {} >> + -re "\[\n\r]+" { exp_continue } >> + } >> } >> >> # this is the only way i see to get rid of more prompts in >> o/p..grrrrr >> @@ -640,11 +643,14 @@ >> set commands [split $command \;] >> set num_commands [llength $commands] >> # the pager can not be turned off on the PIX, so we have to look >> - # for the "More" prompt. the extreme is equally obnoxious, with a >> - # global switch in the config. >> + # for the "More" prompt. > > i think this what you really want: The following diff seems to be against some version of clogin (other than 2.3.6) I don't have access to (is there a public source code repo for rancid, btw?) so I can not apply/try it and therefore I'm not sure if it is what I really want. > Index: bin/clogin.in > =================================================================== > --- bin/clogin.in (revision 2340) > +++ bin/clogin.in (working copy) > @@ -633,8 +633,8 @@ > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on the PIX, so we have to look > - # for the "More" prompt. the extreme is equally obnoxious, with a > - # global switch in the config. > + # for the "More" prompt. the extreme is equally obnoxious in > pre-12.3 XOS, > + # with a global switch in the config. Actually I am not sure this last statement is true: we had not found such a "global switch" in pre-12.3 XOS, as far as we can remember. > for {set i 0} {$i < $num_commands} { incr i} { > send -- "[subst -nocommands [lindex $commands $i]]\r" > expect { > @@ -897,20 +897,25 @@ > } > } > if { $do_command || $do_script } { > - # If the prompt is (enable), then we are on a switch and the > - # command is "set length 0"; otherwise its "terminal length 0". > - if [regexp -- ".*> .*enable" "$prompt"] { > - send "set length 0\r" > - expect -re $prompt {} > - send "set width 132\r" > - expect -re $prompt {} > - send "set logging session disable\r" > + if { [ string compare "extreme" "$platform" ] } { > + # If the prompt is (enable), then we are on a switch and the > + # command is "set length 0"; otherwise its "terminal length 0". > + if [regexp -- ".*> .*enable" "$prompt"] { > + send "set length 0\r" > + expect -re $prompt {} > + send "set width 132\r" > + expect -re $prompt {} > + send "set logging session disable\r" > + } else { > + send "terminal length 0\r" > + expect -re $prompt {} > + send "terminal width 132\r" > + } > + expect -re $prompt {} > } else { > - send "terminal length 0\r" > - expect -re $prompt {} > - send "terminal width 132\r" > + send "disable clipaging\r" > + expect -re $prompt {} > } > - expect -re $prompt {} > } > if { $do_command } { > if {[run_commands $prompt $command]} { > > >> - set u_prompt "(Username|Login|login|user name|User):" >> + set u_prompt "(Username|Login|login|user name|User): *" > > why is this necessary? if there happen to be spaces after the prompt, it > should be possible to ignore them, send the input and allow the next expect > to eat the spaces, if they exist. This was part of the changes we ported from 2.3.2a8 to 2.3.6 and it was used (still used today actually) in production at GRNET since 2009, so it was definitely necessary at some point; unfortunately neither Faidon nor I can no longer remember a specific case where this would be necessary. Your explanation is reasonable. I suppose we can drop this. > >> } else { >> set u_prompt [join [lindex $u_prompt 0] ""] >> } >> set p_prompt [find passprompt $router] >> if { "$p_prompt" == "" } { >> - set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+):" >> + set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+): *" >> } else { >> set p_prompt [join [lindex $p_prompt 0] ""] >> } >> set e_prompt [find enableprompt $router] >> if { "$e_prompt" == "" } { >> - set e_prompt "\[Pp]assword:" >> + set e_prompt "\[Pp]assword: *" >> } else { >> set e_prompt [join [lindex $e_prompt 0] ""] >> } From heas at shrubbery.net Wed Nov 30 21:51:10 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 30 Nov 2011 21:51:10 +0000 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> References: <20111129225146.GB23935@shrubbery.net> <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> Message-ID: <20111130215110.GS6099@shrubbery.net> Wed, Nov 30, 2011 at 08:12:43PM +0200, Zenon Mousmoulas: > On Tue, 29 Nov 2011 22:51:46 +0000, john heasley > wrote: > > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: > >> Improve support for Extreme Networks devices running XOS: > >> - The pager can be disabled per session since XOS 12.3, try to do that > >> in order to avoid struggling with pager prompts and ANSI sequences > >> altogether (clogin). > > > >> +++ rancid-2.3.6-grnet/bin/clogin.in 2011-11-26 00:15:17.000000000 > +0200 > >> @@ -610,11 +610,9 @@ > >> global do_saveconfig in_proc platform > >> set in_proc 1 > >> > >> - # If the prompt is (enable), then we are on a switch and the > >> - # command is "set length 0"; otherwise its "terminal length 0". > >> - # skip if its an extreme (since the pager can not be disabled on a > >> - # per-vty basis). > >> if { [ string compare "extreme" "$platform" ] } { > >> + # If the prompt is (enable), then we are on a switch and the > >> + # command is "set length 0"; otherwise its "terminal length > 0". > >> if [ regexp -- ".*> .*enable" "$prompt" ] { > >> send "set length 0\r" > >> # This is ugly, but reduces code duplication, allowing the > >> @@ -631,7 +629,12 @@ > >> -re "\[\n\r]+" { exp_continue } > >> } > >> } else { > >> + send "disable clipaging\r" > >> set reprompt $prompt > >> + expect { > >> + -re $reprompt {} > >> + -re "\[\n\r]+" { exp_continue } > >> + } > >> } > >> > >> # this is the only way i see to get rid of more prompts in > >> o/p..grrrrr > >> @@ -640,11 +643,14 @@ > >> set commands [split $command \;] > >> set num_commands [llength $commands] > >> # the pager can not be turned off on the PIX, so we have to look > >> - # for the "More" prompt. the extreme is equally obnoxious, with a > >> - # global switch in the config. > >> + # for the "More" prompt. > > > > i think this what you really want: > > The following diff seems to be against some version of clogin (other > than 2.3.6) I don't have access to (is there a public source code repo > for rancid, btw?) so I can not apply/try it and therefore I'm not sure > if it is what I really want. attached > > Index: bin/clogin.in > > =================================================================== > > --- bin/clogin.in (revision 2340) > > +++ bin/clogin.in (working copy) > > @@ -633,8 +633,8 @@ > > set commands [split $command \;] > > set num_commands [llength $commands] > > # the pager can not be turned off on the PIX, so we have to look > > - # for the "More" prompt. the extreme is equally obnoxious, with a > > - # global switch in the config. > > + # for the "More" prompt. the extreme is equally obnoxious in > > pre-12.3 XOS, > > + # with a global switch in the config. > > Actually I am not sure this last statement is true: we had not found > such a "global switch" in pre-12.3 XOS, as far as we can remember. What came before XOS? has it always been called XOS? the old extreme boxes had a global knob, IIRC. > > for {set i 0} {$i < $num_commands} { incr i} { > > send -- "[subst -nocommands [lindex $commands $i]]\r" > > expect { > > @@ -897,20 +897,25 @@ > > } > > } > > if { $do_command || $do_script } { > > - # If the prompt is (enable), then we are on a switch and the > > - # command is "set length 0"; otherwise its "terminal length 0". > > - if [regexp -- ".*> .*enable" "$prompt"] { > > - send "set length 0\r" > > - expect -re $prompt {} > > - send "set width 132\r" > > - expect -re $prompt {} > > - send "set logging session disable\r" > > + if { [ string compare "extreme" "$platform" ] } { > > + # If the prompt is (enable), then we are on a switch and the > > + # command is "set length 0"; otherwise its "terminal length 0". > > + if [regexp -- ".*> .*enable" "$prompt"] { > > + send "set length 0\r" > > + expect -re $prompt {} > > + send "set width 132\r" > > + expect -re $prompt {} > > + send "set logging session disable\r" > > + } else { > > + send "terminal length 0\r" > > + expect -re $prompt {} > > + send "terminal width 132\r" > > + } > > + expect -re $prompt {} > > } else { > > - send "terminal length 0\r" > > - expect -re $prompt {} > > - send "terminal width 132\r" > > + send "disable clipaging\r" > > + expect -re $prompt {} > > } > > - expect -re $prompt {} > > } > > if { $do_command } { > > if {[run_commands $prompt $command]} { > > > > > >> - set u_prompt "(Username|Login|login|user name|User):" > >> + set u_prompt "(Username|Login|login|user name|User): *" > > > > why is this necessary? if there happen to be spaces after the prompt, > it > > should be possible to ignore them, send the input and allow the next > expect > > to eat the spaces, if they exist. > > This was part of the changes we ported from 2.3.2a8 to 2.3.6 and it > was used (still used today actually) in production at GRNET since > 2009, so it was definitely necessary at some point; unfortunately neither > Faidon nor I can no longer remember a specific case where this would > be necessary. Your explanation is reasonable. I suppose we can drop this. > > > > >> } else { > >> set u_prompt [join [lindex $u_prompt 0] ""] > >> } > >> set p_prompt [find passprompt $router] > >> if { "$p_prompt" == "" } { > >> - set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+):" > >> + set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+): *" > >> } else { > >> set p_prompt [join [lindex $p_prompt 0] ""] > >> } > >> set e_prompt [find enableprompt $router] > >> if { "$e_prompt" == "" } { > >> - set e_prompt "\[Pp]assword:" > >> + set e_prompt "\[Pp]assword: *" > >> } else { > >> set e_prompt [join [lindex $e_prompt 0] ""] > >> } From heas at shrubbery.net Wed Nov 30 21:59:34 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 30 Nov 2011 21:59:34 +0000 Subject: [rancid] [PATCH 1/2] Better support for subversion repositories In-Reply-To: <329eddb2b2808988fa6768a6692fadf7@noc.grnet.gr> References: <1322487387-1336-1-zmousm@noc.grnet.gr> <1322487387-1336-2-zmousm@noc.grnet.gr> <20111129222838.GA23935@shrubbery.net> <329eddb2b2808988fa6768a6692fadf7@noc.grnet.gr> Message-ID: <20111130215934.GT6099@shrubbery.net> Wed, Nov 30, 2011 at 08:10:28PM +0200, Zenon Mousmoulas: > On Tue, 29 Nov 2011 22:28:38 +0000, john heasley > wrote: > > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: > >> Improve subversion support: > >> - Support arbitrary subversion URLs as (pre-provisioned) repositories. > >> - Do not overwrite an existing local repository. > >> - Avoid "svn: Directory '' is out of date" message. > >> Included for completeness, copied from Debian patch > >> by Nicolas DEFFAYET : > >> > http://patch-tracker.debian.org/patch/series/dl/rancid/2.3.6-1/09_svn.dpatch > >> > >> +++ rancid-2.3.6-grnet/bin/control_rancid.in 2011-11-26 > >> 00:12:08.000000000 +0200 > >> @@ -167,6 +167,12 @@ > >> fi > >> fi > >> > >> +# svn update to avoid 'Out of date' error > >> +if [ $RCSSYS = svn ] > >> +then > >> + svn update > >> +fi > > > > why is this necessary? it should never be out of date, unless someone > has > > altered the repository, in which case you want to be alerted to that. > > We "inherited" this due to merging with the Debian patch I > mentioned earlier, while forward porting our changes to 2.3.6. Since > we initially tried to apply our changes on top of the Debian package > for 2.3.6 (rather than vanilla 2.3.6), we had a conflict with the > other hunk from this Debian patch: > > --- rancid~/bin/rancid-cvs.in > +++ rancid/bin/rancid-cvs.in > @@ -131,6 +131,8 @@ > svn import -m "$GROUP" . file:///$CVSROOT/$GROUP > cd $BASEDIR > svn checkout file:///$CVSROOT/$GROUP $GROUP > + cd $DIR > + svn update > fi > fi > cd $DIR > > So rather than sending only this change (which is required and has > been tested) we opted for merging with the Debian patch. > > I am not sure however when the change you noted would be necessary and > I certainly can not object to your reasoning against it. Therefore I > suppose we can drop this hunk. there are three cases that i am aware of - 1) someone changes the respository from another working set, 2) host crashes leaving files mangled (rare), or 3) when svn:ignore property is altered. i dont understand why changing that property on the directory requires an update, but it does and that was added to 2.3.6. > I can send an updated patch if you are OK with the rest of the > changes. > > Cheers, > Z. From heas at shrubbery.net Wed Nov 30 22:01:07 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 30 Nov 2011 22:01:07 +0000 Subject: [rancid] [PATCH 2/2] Multiple fixes/improvements for Extreme XOS In-Reply-To: <20111130215110.GS6099@shrubbery.net> References: <20111129225146.GB23935@shrubbery.net> <43d94f7f9105774c2727e493af738b87@noc.grnet.gr> <20111130215110.GS6099@shrubbery.net> Message-ID: <20111130220107.GU6099@shrubbery.net> Wed, Nov 30, 2011 at 09:51:10PM +0000, john heasley: > Wed, Nov 30, 2011 at 08:12:43PM +0200, Zenon Mousmoulas: > > On Tue, 29 Nov 2011 22:51:46 +0000, john heasley > > wrote: > > > Mon, Nov 28, 2011 at 03:36:45PM +0200, Zenon Mousmoulas: > > >> Improve support for Extreme Networks devices running XOS: > > >> - The pager can be disabled per session since XOS 12.3, try to do that > > >> in order to avoid struggling with pager prompts and ANSI sequences > > >> altogether (clogin). > > > > > >> +++ rancid-2.3.6-grnet/bin/clogin.in 2011-11-26 00:15:17.000000000 > > +0200 > > >> @@ -610,11 +610,9 @@ > > >> global do_saveconfig in_proc platform > > >> set in_proc 1 > > >> > > >> - # If the prompt is (enable), then we are on a switch and the > > >> - # command is "set length 0"; otherwise its "terminal length 0". > > >> - # skip if its an extreme (since the pager can not be disabled on a > > >> - # per-vty basis). > > >> if { [ string compare "extreme" "$platform" ] } { > > >> + # If the prompt is (enable), then we are on a switch and the > > >> + # command is "set length 0"; otherwise its "terminal length > > 0". > > >> if [ regexp -- ".*> .*enable" "$prompt" ] { > > >> send "set length 0\r" > > >> # This is ugly, but reduces code duplication, allowing the > > >> @@ -631,7 +629,12 @@ > > >> -re "\[\n\r]+" { exp_continue } > > >> } > > >> } else { > > >> + send "disable clipaging\r" > > >> set reprompt $prompt > > >> + expect { > > >> + -re $reprompt {} > > >> + -re "\[\n\r]+" { exp_continue } > > >> + } > > >> } > > >> > > >> # this is the only way i see to get rid of more prompts in > > >> o/p..grrrrr > > >> @@ -640,11 +643,14 @@ > > >> set commands [split $command \;] > > >> set num_commands [llength $commands] > > >> # the pager can not be turned off on the PIX, so we have to look > > >> - # for the "More" prompt. the extreme is equally obnoxious, with a > > >> - # global switch in the config. > > >> + # for the "More" prompt. > > > > > > i think this what you really want: > > > > The following diff seems to be against some version of clogin (other > > than 2.3.6) I don't have access to (is there a public source code repo > > for rancid, btw?) so I can not apply/try it and therefore I'm not sure > > if it is what I really want. > > attached Sorry, forgot the attachment. -------------- next part -------------- #! @EXPECT_PATH@ -- ## ## $Id: clogin.in 2333 2011-11-17 21:09:05Z heas $ ## ## @PACKAGE@ @VERSION@ ## Copyright (c) @COPYYEARS@ by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # clogin - Cisco login # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-dSV\] \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-r passphrase\] \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Save config, if prompted set do_saveconfig 0 # Sometimes routers take awhile to answer (the default is 10 sec) set timeoutdflt 45 # set send_human {.4 .4 .7 .3 5} # Find the user in the ENV, or use the unix userid. if {[info exists env(CISCO_USER)]} { set default_user $env(CISCO_USER) } elseif {[info exists env(USER)]} { set default_user $env(USER) } elseif {[info exists env(LOGNAME)]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [catch {exec id} reason] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[info exists env(CLOGINRC)]} { set password_file $env(CLOGINRC) } # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Username } -u* { if {! [regexp .\[uU\](.+) $arg ignore user]} { incr i set username [lindex $argv $i] } # VTY Password } -p* { if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } set do_passwd 0 # ssh passphrase } -r* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set vapassphrase [lindex $argv $i] } # VTY Password } -v* { if {! [regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [lindex $argv $i] } set do_passwd 0 # Version string } -V* { send_user "@PACKAGE@ @VERSION@\n" exit 0 # Enable Username } -w* { if {! [regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [lindex $argv $i] } # Environment variable to pass to -s scripts } -E* { if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [lindex $argv $i] } set do_enapasswd 0 # Command to run. } -c* { if {! [regexp .\[cC\](.+) $arg ignore command]} { incr i set command [lindex $argv $i] } set do_command 1 # Expect script to run. } -s* { if {! [regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [lindex $argv $i] } if { ! [file readable $sfile] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # 'ssh -c' cypher type } -y* { if {! [regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [lindex $argv $i] } # alternate cloginrc file } -f* { if {! [regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [lindex $argv $i] } # Timeout } -t* { if {! [regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeoutdflt [lindex $argv $i] } # Command file } -x* { if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [lindex $argv $i] } if [catch {set cmd_fd [open $cmd_file r]} reason] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [regexp "^/" $args ignore] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [catch {source $password_file} reason] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user userpswd passwd enapasswd cmethod cyphertype identfile } { global command spawn_id in_proc do_command do_script platform passphrase global prompt prompt_match u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog methcmd suffix port if {"$port" == ""} { set retval [catch {spawn telnet $router} reason] } else { set retval [catch {spawn telnet $router $port} reason] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { # ssh to the router & try to login with or without an identfile. regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd $sshcmd if {"$port" != ""} { set cmd "$cmd -p $port" } if {"$identfile" != ""} { set cmd "$cmd -i $identfile" } set retval [catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason] if { $retval } { send_user "\nError: $cmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { if { ! $do_command } { if { [llength $cmethod] == 1 } { send_user "\nError: rsh is an invalid method for -x and " send_user "interactive logins\n" } if { $progs == 0 } { return 1 } continue; } set commands [split $command \;] set num_commands [llength $commands] set rshfail 0 for {set i 0} {$i < $num_commands && !$rshfail} { incr i} { log_user 0 set retval [catch {spawn rsh $user@$router [lindex $commands $i] } reason] if { $retval } { send_user "\nError: rsh failed: $reason\n" log_user 1; return 1 } send_user "$router# [lindex $commands $i]\n" # rcmd does not get a pager and no prompts, so we just have to # look for failures & lines. expect { "Connection refused" { catch {close}; catch {wait}; send_user "\nError: Connection\ Refused ($prog): $router\n" set rshfail 1 } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; send_user "\nError: Connection\ closed ($prog): $router\n" set rshfail 1 } "Host is unreachable" { catch {close}; catch {wait}; send_user "\nError: Host Unreachable:\ $router\n" set rshfail 1 } "No address associated with" { catch {close}; catch {wait}; send_user "\nError: Unknown host\ $router\n" set rshfail 1 } -re "\b+" { exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } timeout { catch {close}; catch {wait}; send_user "\nError: TIMEOUT reached\n" set rshfail 1 } eof { catch {close}; catch {wait}; } } log_user 1 } if { $rshfail } { if { !$progs } { return 1 } else { continue } } # fake the end of the session for rancid. send_user "$router# exit\n" # return rsh "success" return -1 } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "^<-+ More -+>\[^\n\r]*" { # ASA will use the pager for long banners send " "; exp_continue } -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } "Host is unreachable" { send_user "\nError: Host Unreachable: $router\n"; catch {close}; catch {wait}; return 1 } "No address associated with name" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Press any key to continue" { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue } -re "Last login:" { exp_continue } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send -- "$userpswd\r" exp_continue } -re "Enter passphrase.*: " { # sleep briefly to allow time for stty -echo sleep .3 send -- "$passphrase\r" exp_continue } -re "$u_prompt" { send -- "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send -- "$userpswd\r" } else { send -- "$passwd\r" } exp_continue } -re "$prompt" { set prompt_match $expect_out(0,string); break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; catch {wait}; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global do_saveconfig in_proc global prompt u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send -- "$enauser\r"; exp_continue} -re "$e_prompt" { send -- "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> \\(enable\\) " } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global do_saveconfig in_proc platform set in_proc 1 # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "terminal length 0". # skip if its an extreme (since the pager can not be disabled on a # per-vty basis). if { [string compare "extreme" "$platform"] } { # match cisco config mode prompts too, such as router(config-if)#, # but catalyst does not change in this fashion. regsub -all {^(.{1,11}).*([#>])$} $prompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt } else { set reprompt $prompt } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious in pre-12.3 XOS, # with a global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst -nocommands [lindex $commands $i]]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\[\r\n]+" { # specific match c1900 pager send " " exp_continue } -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } log_user 1 if { [string compare "extreme" "$platform"] } { send -h "exit\r" } else { send -h "quit\r" } expect { -re "^\[^\n\r *]*$reprompt" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send -h "exit\r" exp_continue; } "The system has unsaved changes" { # Force10 SFTOS if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } "Would you like to save them now" { # Force10 if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } -re "(Profile|Configuration) changes have occurred.*" { # Cisco CSS if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } "Do you wish to save your configuration changes" { if {$do_saveconfig} { catch {send "y\r"} } else { catch {send "n\r"} } exp_continue } -re "\[\n\r]+" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 set prompt_match "" set enable 0 foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user -- "$router\n" # device timeout set timeout [find timeout $router] if { [llength $timeout] == 0 } { set timeout $timeoutdflt } # Default prompt. set prompt "(>|#| \\(enable\\))" # look for noenable option in .cloginrc if { [find noenable $router] == "1" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user -- "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name|User):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd|Enter password for \[^ :]+):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out identity file to use set identfile [join [lindex [find identity $router] 0] ""] # Figure out passphrase to use if {[info exists avpassphrase]} { set passphrase $avpassphrase } else { set passphrase [join [lindex [find passphrase $router] 0] ""] } if { ! [string length "$passphrase"]} { set passphrase $passwd } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [join [lindex [find sshcmd $router] 0] ""] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype $identfile]} { incr exitval # if login failed or rsh was unsuccessful, move on to the next device continue } # Figure out the prompt. if { [regexp -- "(#| \\(enable\\))" $prompt_match junk] == 1 } { set enable 0 } else { if { $avenable == 0 } { set enable 0 } else { set ne [find noenable $router] set ae [find autoenable $router] if { "$ne" == "1" || "$ae" == "1" || $avautoenable } { set enable 0 } else { set enable 1 } } } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { incr exitval catch {close}; catch {wait}; continue } } } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+\[:.])1 ($prompt)" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk regsub -all "\[\]\[\(\)]" $junk {\\&} junk; set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[\(\)]" $junk {\\&} prompt; } } if { $do_command || $do_script } { if { [ string compare "extreme" "$platform" ] } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "terminal length 0". if [regexp -- ".*> .*enable" "$prompt"] { send "set length 0\r" expect -re $prompt {} send "set width 132\r" expect -re $prompt {} send "set logging session disable\r" } else { send "terminal length 0\r" expect -re $prompt {} send "terminal width 132\r" } expect -re $prompt {} } else { send "disable clipaging\r" expect -re $prompt {} } } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval