From jreed777 at gmail.com Thu Sep 1 17:14:39 2011 From: jreed777 at gmail.com (Jonathan Reed) Date: Thu, 1 Sep 2011 13:14:39 -0400 Subject: [rancid] rancid emailing not working Message-ID: I'm unable to have rancid send an email to me after completion. Does the email function depend on the success of comparing via cvs? I'm running sudo rancid-run -f /etc/rancid/rancid.conf_DIST -m myemail at example.com -r 172.x.x.26 LOGFILE: starting: Thu Sep 1 12:56:39 EDT 2011 *cvs status: use `cvs add' to create an entry for `172.x.x.26'* *cvs add: in directory `.':* *cvs [add aborted]: there is no version here; do `cvs checkout' first* *cvs added missing router 172.x.x.26* *.......* *Trying to get all of the configs.* *All routers sucessfully completed.* * * *cvs diff: in directory .:* *cvs [diff aborted]: there is no version here; run 'cvs checkout' first* *cvs commit: in directory .:* *cvs [commit aborted]: there is no version here; run 'cvs checkout' first* * * *ending: Thu Sep 1 12:56:56 EDT 2011* -------------- next part -------------- An HTML attachment was scrubbed... URL: From tensai at zmonkey.org Thu Sep 1 20:27:10 2011 From: tensai at zmonkey.org (Corey Edwards) Date: Thu, 01 Sep 2011 14:27:10 -0600 Subject: [rancid] duplicated characters Message-ID: <4E5FEA9E.5060707@zmonkey.org> After a recent upgrade from Debian 5.0 to 6.0 I began seeing duplicate characters in config diffs. Here's an example: - access-list 102 deny udp any any eq 135 + access-list 102 denny udp any any eq 135 - access-list 110 deny tcp any any eq 445 log + access-list 110 deny tcp any any eq 445 log The next round of updates will revert the change back. I haven't found any pattern to which character it will be or even which router. It's only happening with my Cisco devices, not any of our others (Foundry switches, Mikrotiks or Lucent TNTs). I'm using 2.3.1, but a fresh install of 2.3.6 on the same server does the same thing. 2.3.6 on my Ubuntu 10.04 laptop works just fine. To verify whether the routers themselves were errant, I did a packet capture. That confirmed that the data from the router is correct. I turned on debugging in clogin. WriteTerm shows the duplicate characters. So then I put in a puts in run_commands in rancid and that also showed duplicate characters in $expect_out(buffer). I found this thread from 2004 which hinted at it being an issue with the telnet client. The OP eventually switched to ssh which in this case isn't an option. http://www.gossamer-threads.com/lists/rancid/users/720 The incessant emails are driving me batty and making the cvs history significantly less useful. I'll debug whatever needs to be debugged but I'm fresh out of ideas of where to look. I started looking at expect but was quickly lost in the code. Any ideas? Corey From marty at supine.com Fri Sep 2 10:56:55 2011 From: marty at supine.com (Martin Barry) Date: Fri, 2 Sep 2011 12:56:55 +0200 Subject: [rancid] rancid emailing not working In-Reply-To: References: Message-ID: <20110902105655.GA15311@merboo.mamista.net> $quoted_author = "Jonathan Reed" ; > > I'm unable to have rancid send an email to me after completion. Does the > email function depend on the success of comparing via cvs? It sends an email only if there is diff output. > *cvs add: in directory `.':* > *cvs [add aborted]: there is no version here; do `cvs checkout' first* This is bad. You ran rancid-cvs first and it completed without error? cheers Marty From jreed777 at gmail.com Fri Sep 2 14:25:21 2011 From: jreed777 at gmail.com (Jonathan Reed) Date: Fri, 2 Sep 2011 10:25:21 -0400 Subject: [rancid] rancid emailing not working In-Reply-To: <20110902105655.GA15311@merboo.mamista.net> References: <20110902105655.GA15311@merboo.mamista.net> Message-ID: I was aware that cvs was not setup on that system, but I didnt realize it was necessary for email functionality, make sense though. I'll be creating a repo to have this sorted out. thanks for helping out guys. On Fri, Sep 2, 2011 at 6:56 AM, Martin Barry wrote: > $quoted_author = "Jonathan Reed" ; > > > > I'm unable to have rancid send an email to me after completion. Does the > > email function depend on the success of comparing via cvs? > > It sends an email only if there is diff output. > > > > *cvs add: in directory `.':* > > *cvs [add aborted]: there is no version here; do `cvs checkout' first* > > This is bad. You ran rancid-cvs first and it completed without error? > > cheers > Marty > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Sat Sep 3 20:08:19 2011 From: heas at shrubbery.net (john heasley) Date: Sat, 3 Sep 2011 20:08:19 +0000 Subject: [rancid] duplicated characters In-Reply-To: <4E5FEA9E.5060707@zmonkey.org> References: <4E5FEA9E.5060707@zmonkey.org> Message-ID: <20110903200819.GR143@shrubbery.net> Thu, Sep 01, 2011 at 02:27:10PM -0600, Corey Edwards: > After a recent upgrade from Debian 5.0 to 6.0 I began seeing duplicate > characters in config diffs. Here's an example: > > - access-list 102 deny udp any any eq 135 > + access-list 102 denny udp any any eq 135 > - access-list 110 deny tcp any any eq 445 log > + access-list 110 deny tcp any any eq 445 log > > The next round of updates will revert the change back. I haven't found > any pattern to which character it will be or even which router. It's > only happening with my Cisco devices, not any of our others (Foundry > switches, Mikrotiks or Lucent TNTs). I'm using 2.3.1, but a fresh > install of 2.3.6 on the same server does the same thing. 2.3.6 on my > Ubuntu 10.04 laptop works just fine. > > To verify whether the routers themselves were errant, I did a packet > capture. That confirmed that the data from the router is correct. I > turned on debugging in clogin. WriteTerm shows the duplicate characters. > So then I put in a puts in run_commands in rancid and that also showed > duplicate characters in $expect_out(buffer). > > I found this thread from 2004 which hinted at it being an issue with the > telnet client. The OP eventually switched to ssh which in this case > isn't an option. > > http://www.gossamer-threads.com/lists/rancid/users/720 i dont know what the fbsd fix was for this, but they fixed it somehow in their tcl or expect port. perhaps its related to a problem that came up in rancid 2.3.5 something changed in debian's libc that caused problems with string handling functions, which i believe was related to internationalization. or could be a bug in buffer handling in expect or tcl. either way, if you can capture clogin -d -c 'show running' o/p where this occurs, it should at least reveal where the bug is. you can also try rebuilding tcl and expect w/o internationalization. > The incessant emails are driving me batty and making the cvs history > significantly less useful. I'll debug whatever needs to be debugged but > I'm fresh out of ideas of where to look. I started looking at expect but > was quickly lost in the code. > > Any ideas? > > Corey > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From pc50000 at gmail.com Tue Sep 6 23:16:02 2011 From: pc50000 at gmail.com (P C) Date: Tue, 6 Sep 2011 17:16:02 -0600 Subject: [rancid] rancid 2.3.6: clogin with multiple devices fails... ($autologin not defined) In-Reply-To: References: Message-ID: Has any determined the best solution for this? I just upgraded from version 2.3.1_3 to 2.3.6 and now I'm having this problem too. I used to do clogin -c "show inventory" `cat all_routers.txt` and it would return said command for the routers listed in all_routers.txt, with one router entry per line. Now, the first routers runs fine, but each subsequent one gives this: can't read "autoenable": no such variable while executing "if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file...." ("foreach" body line 28) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 743) On Wed, Jul 13, 2011 at 6:57 PM, Jon Peatfield wrote: > On Wed, 13 Jul 2011, Lee wrote: > >>> I can see a number of possible fixes to the current clogin code but would >>> prefer an expert to take a look at it... >> >> ?... crickets ... >> >> OK, how 'bout a proposed fix? ?Starting at my line 756 in clogin it's: >> set enable 0 >> foreach router [lrange $argv $i end] { >> ? set router [string tolower $router] >> ? # attempt at platform switching. >> >> Fix is to move the "set enable 0" line after the "foreach router [..." >> line. > > Which does seem to fix it, or at least hide the underlying problems... > > My worry is that the code is testing $enable in the loop before it can be > set other than to 0, so either the testing of $enable code is wrong, or it > really is intended to be the value of $enable from the *previous* time round > the loop, in which case the fix may break something subtle... > > Then there is the use of $autoenable itself, which I assume was left when > the variable was renamed, but it isn't obvious (to me) if that should be > $avautoenable or $ae since I don't understand what the test is meant to be > doing... > > So we have (in the unfixed 2.3.6): > > ... > set enable 0 > foreach router [lrange $argv $i end] { > ... > ? ?# look for noenable option in .cloginrc > ? ?if { [find noenable $router] == "1" } { > ? ? ? ?set enable 0 > ? ?} > ... > ? ? ?if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < > 2 } { > ? ? ? ?send_user -- "\nError: no enable password for $router in > $password_file.\n" > ? ? ? ?continue > ? ? ?} > ... > > ... > } > > so maybe that test of $enable just needs to be moved after the places where > enable is set... > > I clearly don't understand the code. > > ?-- Jon > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From pc50000 at gmail.com Wed Sep 7 17:19:30 2011 From: pc50000 at gmail.com (P C) Date: Wed, 7 Sep 2011 11:19:30 -0600 Subject: [rancid] rancid "PAR" value only seems to do concurrent logins for a single device group? Message-ID: When you have multiple device groups (such as building1-switches, building2-switches, etc.), I've noticed setting the "PAR" value has no effect outside of an individual device group. The script must run through all devices in the device group it is processing before it moves to the next group. If you have many groups, and especially a hung device in a group, this can take a very long time before it proceeds. Is there any way to make it run across groups? From heas at shrubbery.net Wed Sep 7 20:23:20 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 7 Sep 2011 20:23:20 +0000 Subject: [rancid] rancid "PAR" value only seems to do concurrent logins for a single device group? In-Reply-To: References: Message-ID: <20110907202319.GJ2400@shrubbery.net> Wed, Sep 07, 2011 at 11:19:30AM -0600, P C: > When you have multiple device groups (such as building1-switches, > building2-switches, etc.), I've noticed setting the "PAR" value has no > effect outside of an individual device group. The script must run > through all devices in the device group it is processing before it > moves to the next group. If you have many groups, and especially a > hung device in a group, this can take a very long time before it > proceeds. > > Is there any way to make it run across groups? use par within cron to exec rancid-run for each group individually. From adam.korab at gmail.com Wed Sep 7 20:26:44 2011 From: adam.korab at gmail.com (Adam Korab) Date: Wed, 7 Sep 2011 15:26:44 -0500 Subject: [rancid] ExtremeXOS clogin problems Message-ID: rancid 2.3.6, XOS 12.5.2.6 on a SummitStack X460-24t clogin appears to send the username twice. The (dirt simple) .cloginrc bit: add user {admin} add password * {foo} add method ssh telnet add noenable * 1 Here's the clogin output and the dsniff scrape of the telnet passwords: [rancid at lachesis ~]$ clogin 10.3.255.1 10.3.255.1 spawn ssh -c 3des -x -l admin 10.3.255.1 ssh: connect to host 10.3.255.1 port 22: Connection refused spawn telnet 10.3.255.1 Trying 10.3.255.1... Connected to 10.3.255.1 (10.3.255.1). Escape character is '^]'. telnet session telnet1 on /dev/ptyb1 login: admin password: Login incorrect login: foo password: Login incorrect login: foo password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. Error: Connection closed (telnet): 10.3.255.1 ********************************** dsniff: ----------------- 09/07/11 15:23:31 tcp 10.1.1.99.59654 -> 10.3.255.1.23 (telnet) admin admin foo admin foo admin From heas at shrubbery.net Wed Sep 7 20:35:58 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 7 Sep 2011 20:35:58 +0000 Subject: [rancid] ExtremeXOS clogin problems In-Reply-To: References: Message-ID: <20110907203558.GK2400@shrubbery.net> Wed, Sep 07, 2011 at 03:26:44PM -0500, Adam Korab: > rancid 2.3.6, XOS 12.5.2.6 on a SummitStack X460-24t > > clogin appears to send the username twice. The (dirt simple) .cloginrc bit: > > add user {admin} > add password * {foo} > add method ssh telnet > add noenable * 1 > > Here's the clogin output and the dsniff scrape of the telnet passwords: looks rather weird. clogin -d host > op 2&>1 figure out what it actually sending in response to password. > [rancid at lachesis ~]$ clogin 10.3.255.1 > 10.3.255.1 > spawn ssh -c 3des -x -l admin 10.3.255.1 > ssh: connect to host 10.3.255.1 port 22: Connection refused > spawn telnet 10.3.255.1 > Trying 10.3.255.1... > Connected to 10.3.255.1 (10.3.255.1). > Escape character is '^]'. > > telnet session telnet1 on /dev/ptyb1 > > > login: admin > password: > > Login incorrect > > login: foo > password: > > Login incorrect > > login: foo > password: > > Login incorrect > Maximum number of login attempts reached! > Connection closed by foreign host. > > Error: Connection closed (telnet): 10.3.255.1 > > ********************************** > dsniff: > > ----------------- > 09/07/11 15:23:31 tcp 10.1.1.99.59654 -> 10.3.255.1.23 (telnet) > admin > admin > foo > admin > foo > admin > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From adam.korab at gmail.com Wed Sep 7 20:52:46 2011 From: adam.korab at gmail.com (Adam Korab) Date: Wed, 7 Sep 2011 15:52:46 -0500 Subject: [rancid] ExtremeXOS clogin problems In-Reply-To: <20110907203558.GK2400@shrubbery.net> References: <20110907203558.GK2400@shrubbery.net> Message-ID: On Wed, Sep 7, 2011 at 3:35 PM, john heasley wrote: > > looks rather weird. > > clogin -d host > op 2&>1 > > figure out what it actually sending in response to password. Interestingly enough, putting the username in add password and vice versa actually works and clogin succeeds...after sending the "add password" string twice, that is. [rancid at lachesis ~]$ clogin -d 10.3.255.1 10.3.255.1 spawn ssh -c 3des -x -l admin 10.3.255.1 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {17702} expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n \r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no ssh: connect to host 10.3.255.1 port 22: Connection refused expect: does "ssh: connect to host 10.3.255.1 port 22: Connection refused\r\r \n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused )"? yes expect: set expect_out(0,string) "Connection refused" expect: set expect_out(1,string) "Connection refused" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "ssh: connect to host 10.3.255.1 port 22: Conn ection refused" spawn telnet 10.3.255.1 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {17705} expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n \r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no Trying 10.3.255.1... Connected to 10.3.255.1 (10.3.255.1). Escape character is '^]'. expect: does "Trying 10.3.255.1...\r\r\nConnected to 10.3.255.1 (10.3.255.1). \r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match regular expression "(Connection refused |Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.3.255.1...\r\r\nConnected to 10.3.255.1 (10.3.255.1). \r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.3.255.1...\r\r\nConnected to 10.3.255.1 (10.3.255.1). \r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no telnet session telnet0 on /dev/ptyb0 login: expect: does "Trying 10.3.255.1...\r\r\nConnected to 10.3.255.1 (10.3.255.1). \r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\n\r\nlogin: " (s pawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.3.255.1...\r\r\nConnected to 10.3.255.1 (10.3.255.1). \r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\n\r\nlogin: " (s pawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.3.255.1...\r\r\nConnected to 10.3.255.1 (10.3.255.1). \r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\n\r\nlogin: " (s pawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Trying 10.3.255.1...\r\r\nConnected to ch-cr-core1.ci.grand-island.n e.us (10.3.255.1).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\ r\n\r\nlogin:" send: sending "admin\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\ n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no login: admin password: expect: does " \r\u001b[Klogin: admin\r\n\rpassword: " (spawn_id exp6) match regular expression "(Co nnection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\u001b[Klogin: admin\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown h ost\r"? no expect: does " \r\u001b[Klogin: admin\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is u nreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\u001b[Klogin:" send: sending "admin\r" to { exp6 } expect: continuing expect expect: does " admin\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused| Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " admin\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " admin\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? yes expect: set expect_out(0,string) "password:" expect: set expect_out(1,string) "password" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " admin\r\n\rpassword:" send: sending "foo\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\ n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no Login incorrect login: expect: does " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "unkno wn host\r"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin:" send: sending "admin\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\ n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no foo expect: does " foo\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure c onnection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " foo\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " foo\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no password: expect: does " foo\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refuse d|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " foo\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " foo\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? yes expect: set expect_out(0,string) "password:" expect: set expect_out(1,string) "password" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " foo\r\n\rpassword:" send: sending "foo\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\ n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no Login incorrect login: expect: does " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "unkno wn host\r"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\n\r\nlogin:" send: sending "admin\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\ n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no foo expect: does " foo\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure c onnection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " foo\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " foo\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no password: expect: does " foo\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refuse d|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " foo\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " foo\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? yes expect: set expect_out(0,string) "password:" expect: set expect_out(1,string) "password" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " foo\r\n\rpassword:" send: sending "foo\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\ n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no Login incorrect Maximum number of login attempts reached! expect: does " \r\n\r\r\n\rLogin incorrect\r\nMaximum number of login attempts reached!\r\n" (spawn_ id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\nMaximum number of login attempts reached!\r\n" (spawn_ id exp6) match glob pattern "unknown host\r"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\nMaximum number of login attempts reached!\r\n" (spawn_ id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? no "Enter passphrase.*: "? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd|Enter password for [^ :]+):"? no "(>|#| \(enable\))"? no "Login invalid"? no Connection closed by foreign host. expect: does " \r\n\r\r\n\rLogin incorrect\r\nMaximum number of login attempts reached!\r\nConnectio n closed by foreign host.\r\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secur e connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? yes expect: set expect_out(0,string) "Connection closed by" expect: set expect_out(1,string) "Connection closed by" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nMaximum number of login attempts rea ched!\r\nConnection closed by" write() failed to write anything - will sleep(1) and retry... Error: Connection closed (telnet): 10.3.255.1 From J.S.Peatfield at damtp.cam.ac.uk Thu Sep 8 01:29:36 2011 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Thu, 8 Sep 2011 02:29:36 +0100 (BST) Subject: [rancid] rancid 2.3.6: clogin with multiple devices fails... ($autologin not defined) In-Reply-To: References: Message-ID: On Tue, 6 Sep 2011, P C wrote: > Has any determined the best solution for this? I just upgraded from > version 2.3.1_3 to 2.3.6 and now I'm having this problem too. > > I used to do clogin -c "show inventory" `cat all_routers.txt` and it > would return said command for the routers listed in all_routers.txt, > with one router entry per line. > > Now, the first routers runs fine, but each subsequent one gives this: I'm currently just looping over the devices calling clogin for each device: for i in $(cat all_routers.txt); do clogin -c "...." $i; done etc. That works for me for now. -- Jon From pc50000 at gmail.com Thu Sep 8 16:26:52 2011 From: pc50000 at gmail.com (P C) Date: Thu, 8 Sep 2011 10:26:52 -0600 Subject: [rancid] terminal width on Cisco ASA Message-ID: How is the terminal width communicated to the Cisco security appliance by rancid-run when kicked off via crontab? I am getting output in my alerts like this, almost like it's cutting off at ~60-70 characters or so. When viewing through a shell via SSH, the output is the width of the window without issue and is not truncated. Is this some sort of variable I can set so the output does not get kicked to the next line like this? Or perhaps is this happening after the SSH session, and during the e-mail/CVS diff process? I have also considered terminal width xxx Cisco ASA side, but this is a permanent configuration command (config) mode and not a per-session exec command, so it's probably better just to send the right width to it in the first place via the SSH/terminal negotiation, however this may be done. + access-list myaclname extended permit ip host 10.100.100.100 + object-group MY_OBJECT log warnings interval 10 From cgauthier at mapscu.com Thu Sep 8 16:41:39 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Thu, 8 Sep 2011 09:41:39 -0700 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: References: Message-ID: I find that I get wrapped lines and combined lines occasionally in the email, but is stored correctly in the repository. It's never been that big of a deal to me, so I just live with it and recognize it's something to do with diff and email. I'll see if I can find an example and forward it on. Chris Gauthier, CCNA Security Network Administrator Maps Credit Union v: 503.588.0181 x3401 f: 503.779.1083 https://www.mapscu.com > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of P C > Sent: Thursday, September 08, 2011 9:27 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] terminal width on Cisco ASA > > How is the terminal width communicated to the Cisco security appliance by > rancid-run when kicked off via crontab? I am getting output in my alerts like > this, almost like it's cutting off at ~60-70 characters or so. When viewing > through a shell via SSH, the output is the width of the window without issue and > is not truncated. > > Is this some sort of variable I can set so the output does not get kicked to the > next line like this? > > Or perhaps is this happening after the SSH session, and during the e-mail/CVS > diff process? > > I have also considered terminal width xxx Cisco ASA side, but this is a permanent > configuration command (config) mode and not a per-session exec command, so > it's probably better just to send the right width to it in the first place via the > SSH/terminal negotiation, however this may be done. > > + access-list myaclname extended permit ip host 10.100.100.100 > + object-group MY_OBJECT log warnings interval 10 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From mlott at gie.com Thu Sep 8 21:48:36 2011 From: mlott at gie.com (Miles Lott) Date: Thu, 08 Sep 2011 16:48:36 -0500 Subject: [rancid] Linksys switches Message-ID: <4E693834.6030603@gie.com> I wanted to respond to the following thread about fetching configs from Linksys switches. http://www.shrubbery.net/pipermail/rancid-discuss/2010-March/004750.html I have a hacked-up version of hlogin and hrancid called llogin and lrancid. I should be close to finishing these up by tomorrow so I can contribute if there is still a need. -- Miles Lott - mlott at gie.com Gulf Interstate Engineering ofc +1 713 375-4489 cel +1 713 899-4329 -------------------------------------------------------------------------------- Privileged, Proprietary and/or Confidential Information may be contained in this electronic message. If you are not the intended recipient, you should not copy it, re-transmit it, use it or disclose its contents, but should kindly return to the sender immediately and delete your copy from your system. Gulf Interstate Engineering Company does not accept responsibility for changes made to this electronic message or its attachments. From rancid at ale.cx Fri Sep 9 08:50:28 2011 From: rancid at ale.cx (Alex DEKKER) Date: Fri, 09 Sep 2011 09:50:28 +0100 Subject: [rancid] Linksys switches In-Reply-To: <4E693834.6030603@gie.com> References: <4E693834.6030603@gie.com> Message-ID: On Thu, 08 Sep 2011 16:48:36 -0500, Miles Lott wrote: > I have a hacked-up version of hlogin and hrancid called llogin and > lrancid. I should be close to finishing these up by tomorrow so I > can > contribute if there is still a need. I can test this and let you know if they work with SFE2xxx switches. alexd From peo at chalmers.se Fri Sep 9 09:47:35 2011 From: peo at chalmers.se (Per-Olof Olsson) Date: Fri, 9 Sep 2011 11:47:35 +0200 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: References: Message-ID: <4E69E0B7.2020508@chalmers.se> Not running any ASA but IOS and nexus switches. Have done some tests to extend width to max, by set width it multiple times in clogin script. Just now running clogin using width 500 (nexus max 512) or "no wrap" for IOS switches supporting "terminal width 0". If you not set width in scripts you will get 80 when running from cron ("default vt100") or current window width from where you run command by hand. In later versions of clogin width set to 80 Diff from my running version of clogin.in (rancid 2.3.6) ------------------------------------------------------ > diff -c clogin.in.ORG clogin.in *** clogin.in.ORG Wed Oct 6 22:31:24 2010 --- clogin.in Wed Jan 19 12:18:57 2011 *************** *** 622,627 **** --- 622,629 ---- set command "set logging session disable;$command" } else { send "terminal length 0\r" + # More ugly code to turn of line wrap /Peo + set command "terminal width 0;$command" } # match cisco config mode prompts too, such as router(config-if)#, # but catalyst does not change in this fashion. *************** *** 921,927 **** } else { send "terminal length 0\r" expect -re $prompt {} ! send "terminal width 80\r" } expect -re $prompt {} source $sfile --- 923,934 ---- } else { send "terminal length 0\r" expect -re $prompt {} ! # send "terminal width 80\r" ! # Set long lines for NEXUS ! # and no line wrap on IOS /Peo ! send "set width 500\r" ! expect -re $prompt {} ! send "set width 0\r" } expect -re $prompt {} source $sfile ----------------------------------- P C skrev 2011-09-08 18:26: > How is the terminal width communicated to the Cisco security appliance > by rancid-run when kicked off via crontab? I am getting output in my > alerts like this, almost like it's cutting off at ~60-70 characters or > so. When viewing through a shell via SSH, the output is the width of > the window without issue and is not truncated. > > Is this some sort of variable I can set so the output does not get > kicked to the next line like this? > > Or perhaps is this happening after the SSH session, and during the > e-mail/CVS diff process? > > I have also considered terminal width xxx Cisco ASA side, but this is > a permanent configuration command (config) mode and not a per-session > exec command, so it's probably better just to send the right width to > it in the first place via the SSH/terminal negotiation, however this > may be done. > > + access-list myaclname extended permit ip host 10.100.100.100 > + object-group MY_OBJECT log warnings interval 10 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From alex_dragon at inbox.ru Fri Sep 9 09:55:44 2011 From: alex_dragon at inbox.ru (=?UTF-8?B?QWxleCBEcmFnb24=?=) Date: Fri, 09 Sep 2011 13:55:44 +0400 Subject: [rancid] =?utf-8?q?clogin_error=3A_Error=3A_can=27t_read_=22t=22?= =?utf-8?q?=3A_no_such_variable?= Message-ID: Trying to get all of the configs. 10.93.1.3 clogin error: Error: can't read "t": no such variable 10.93.1.3: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,show variables boot,show boot,dir /all slavedisk1:,show env all,show module,show controllers,show diagbus,dir /all slavedisk0:,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show redundancy secondary,show running-config,show c7200,dir /all slot1: 10.93.1.3: End of run not found ! -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Sep 9 14:53:11 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 9 Sep 2011 14:53:11 +0000 Subject: [rancid] clogin error: Error: can't read "t": no such variable In-Reply-To: References: Message-ID: <20110909145311.GZ19421@shrubbery.net> Fri, Sep 09, 2011 at 01:55:44PM +0400, Alex Dragon: > Trying to get all of the configs. > 10.93.1.3 clogin error: Error: can't read "t": no such variable my guess is that you have a password with $t in it. see cloginrc(5) about escaping. From Vincent.Loupien at upmf-grenoble.fr Fri Sep 9 15:03:06 2011 From: Vincent.Loupien at upmf-grenoble.fr (Vincent LOUPIEN) Date: Fri, 9 Sep 2011 17:03:06 +0200 (CEST) Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <21861899.17341.1315579453566.JavaMail.root@zim.upmf-grenoble.fr> Message-ID: <767329787.17383.1315580586799.JavaMail.root@zim.upmf-grenoble.fr> Hi all, We replaced the old good HP Procurve 2650 by more resent HP Procurve 2910 and since, rancid refuse to backup theirs configurations, while this was going very well with 2650. All the parameters seem correct (telnet / ssh, password ...) and are becoming the same as for 2650. Debugging using clogin works very well but with the use of rancid-run in crond, it creates problems without messages/errors. I tried also use Foundry group in place of HP to operate but with no success. Same rancid backup Cisco switchs/routers with no problem. Do you have an idea where this problem come from or "search paths". Debian version of rancid = 2.3.2~a8-4 HP Procurve 2910 firmware = W.14.49. Regards, -- ____________________________________________________________ Vincent LOUPIEN - Direction des Systemes d'Information Batiment Langues, Nouvelles Technologies - Bureau 37 Universite Pierre Mendes France - Domaine Universitaire 79, rue des Universites - BP 47 - F-38040 Grenoble Cedex 9 Tel : (+33).04.76.82.57.58 - Fax : (+33).04.76.82.83.13 ____________________________________________________________ From heas at shrubbery.net Fri Sep 9 15:53:14 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 9 Sep 2011 15:53:14 +0000 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: <4E69E0B7.2020508@chalmers.se> References: <4E69E0B7.2020508@chalmers.se> Message-ID: <20110909155314.GE19421@shrubbery.net> Fri, Sep 09, 2011 at 11:47:35AM +0200, Per-Olof Olsson: > Not running any ASA but IOS and nexus switches. > > Have done some tests to extend width to max, by set width > it multiple times in clogin script. > > Just now running clogin using width 500 (nexus max 512) or > "no wrap" for IOS switches supporting "terminal width 0". > > If you not set width in scripts you will get > 80 when running from cron ("default vt100") or > current window width from where you run command by hand. crons vary; you might get the device's default. > In later versions of clogin width set to 80 i changed that to 132 for clogin [-s|-c], but this was to stop a few show commands from oscillating, particularly show vlan. but, i've not seen the device wrap other lines as thread is implying for nexus and ASA, of which I have none. is this perhaps driven by some other variable on these devices, such as terminal type? ie: particular types have or lack some capability. 500 seems like it would not be strictly portable. > ! # send "terminal width 80\r" > ! # Set long lines for NEXUS > ! # and no line wrap on IOS /Peo > ! send "set width 500\r" > ! expect -re $prompt {} > ! send "set width 0\r" > expect -re $prompt {} > source $sfile > ----------------------------------- > > P C skrev 2011-09-08 18:26: > >How is the terminal width communicated to the Cisco security appliance > >by rancid-run when kicked off via crontab? I am getting output in my > >alerts like this, almost like it's cutting off at ~60-70 characters or > >so. When viewing through a shell via SSH, the output is the width of > >the window without issue and is not truncated. > > > >Is this some sort of variable I can set so the output does not get > >kicked to the next line like this? > > > >Or perhaps is this happening after the SSH session, and during the > >e-mail/CVS diff process? > > > >I have also considered terminal width xxx Cisco ASA side, but this is > >a permanent configuration command (config) mode and not a per-session > >exec command, so it's probably better just to send the right width to > >it in the first place via the SSH/terminal negotiation, however this > >may be done. > > > >+ access-list myaclname extended permit ip host 10.100.100.100 > >+ object-group MY_OBJECT log warnings interval 10 ^ due to the + on the second line; i think its occuring at the device. the truncation is odd though; i'd guess that its doing that annoying "line shifting" (or lack of a term) that IOS does to prevent lines from wrapping. we'd have to look at expect debug output to know if thats the case. if term size can only be communicated via telnet/ssh/rsh, then it has to be set on the pty. From cgauthier at mapscu.com Fri Sep 9 15:52:41 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 9 Sep 2011 08:52:41 -0700 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: <4E69E0B7.2020508@chalmers.se> References: <4E69E0B7.2020508@chalmers.se> Message-ID: Here is an excerpt of the emails I get sometimes. They are stored correctly in the repository, though. I am running rancid 2.3.2 on Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed to protect the names of the innocent, as well as my job. ;) Index: configs/172.16.0.2 =================================================================== retrieving revision 1.393 diff -U 4 -r1.393 172.16.0.2 @@ -898,8 +898,11 @@ access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 10.119.17.0 255.255.255.0 access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip 192.168.100.0 255.255.255.0 172.16.6.0 255.255.255.248 + access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0 + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list + nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0 + 255.255.255.248 access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 192.168.254.0 255.255.255.0 access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 10.16.0.0 255.255.0.0 access-list static_nat_vendor1 extended permit ip 192.168.100.0 255.255.255.0 host 172.30.255.1 access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host 10.0.1.2 @@ -1103,8 +1106,10 @@ access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0 access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 10.0.0.0 255.0.0.0 access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 172.16.0.0 255.240.0.0 access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 192.168.0.0 255.255.0.0 + access-list vendor3 extended permit ip host 172.16.6.3 host + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3 + host 172.16.0.2 no pager logging enable logging timestamp logging asdm-buffer-size 200 --Chris > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Per-Olof Olsson > Sent: Friday, September 09, 2011 2:48 AM > To: P C > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] terminal width on Cisco ASA > > Not running any ASA but IOS and nexus switches. > > Have done some tests to extend width to max, by set width > it multiple times in clogin script. > > Just now running clogin using width 500 (nexus max 512) or > "no wrap" for IOS switches supporting "terminal width 0". > > If you not set width in scripts you will get > 80 when running from cron ("default vt100") or > current window width from where you run command by hand. > > In later versions of clogin width set to 80 > > Diff from my running version of clogin.in (rancid 2.3.6) > ------------------------------------------------------ > > diff -c clogin.in.ORG clogin.in > > *** clogin.in.ORG Wed Oct 6 22:31:24 2010 > --- clogin.in Wed Jan 19 12:18:57 2011 > *************** > *** 622,627 **** > --- 622,629 ---- > set command "set logging session disable;$command" > } else { > send "terminal length 0\r" > + # More ugly code to turn of line wrap /Peo > + set command "terminal width 0;$command" > } > # match cisco config mode prompts too, such as router(config-if)#, > # but catalyst does not change in this fashion. > *************** > *** 921,927 **** > } else { > send "terminal length 0\r" > expect -re $prompt {} > ! send "terminal width 80\r" > } > expect -re $prompt {} > source $sfile > --- 923,934 ---- > } else { > send "terminal length 0\r" > expect -re $prompt {} > ! # send "terminal width 80\r" > ! # Set long lines for NEXUS > ! # and no line wrap on IOS /Peo > ! send "set width 500\r" > ! expect -re $prompt {} > ! send "set width 0\r" > } > expect -re $prompt {} > source $sfile > ----------------------------------- > > P C skrev 2011-09-08 18:26: > > How is the terminal width communicated to the Cisco security appliance > > by rancid-run when kicked off via crontab? I am getting output in my > > alerts like this, almost like it's cutting off at ~60-70 characters or > > so. When viewing through a shell via SSH, the output is the width of > > the window without issue and is not truncated. > > > > Is this some sort of variable I can set so the output does not get > > kicked to the next line like this? > > > > Or perhaps is this happening after the SSH session, and during the > > e-mail/CVS diff process? > > > > I have also considered terminal width xxx Cisco ASA side, but this is > > a permanent configuration command (config) mode and not a per-session > > exec command, so it's probably better just to send the right width to > > it in the first place via the SSH/terminal negotiation, however this > > may be done. > > > > + access-list myaclname extended permit ip host 10.100.100.100 > > + object-group MY_OBJECT log warnings interval 10 > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8680 > ---------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From heas at shrubbery.net Fri Sep 9 16:02:27 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 9 Sep 2011 16:02:27 +0000 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: References: <4E69E0B7.2020508@chalmers.se> Message-ID: <20110909160227.GG19421@shrubbery.net> Fri, Sep 09, 2011 at 08:52:41AM -0700, Chris Gauthier: > Here is an excerpt of the emails I get sometimes. They are stored correctly in the repository, though. I am running rancid 2.3.2 on Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed to protect the names of the innocent, as well as my job. ;) is this IOS, PIX, ASA, or ?? > Index: configs/172.16.0.2 > =================================================================== > retrieving revision 1.393 > diff -U 4 -r1.393 172.16.0.2 > @@ -898,8 +898,11 @@ > access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 10.119.17.0 255.255.255.0 > access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 172.16.6.0 255.255.255.248 > access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 172.16.6.0 255.255.255.248 > access-list nat0_inside extended permit ip 192.168.100.0 255.255.255.0 172.16.6.0 255.255.255.248 > + access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0 > + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip > + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list > + nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0 > + 255.255.255.248 > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 192.168.254.0 255.255.255.0 > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 10.16.0.0 255.255.0.0 > access-list static_nat_vendor1 extended permit ip 192.168.100.0 255.255.255.0 host 172.30.255.1 > access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host 10.0.1.2 @@ -1103,8 +1106,10 @@ > access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0 > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 10.0.0.0 255.0.0.0 > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 172.16.0.0 255.240.0.0 > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 192.168.0.0 255.255.0.0 > + access-list vendor3 extended permit ip host 172.16.6.3 host > + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3 > + host 172.16.0.2 > no pager > logging enable > logging timestamp > logging asdm-buffer-size 200 > > > --Chris > > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > bounces at shrubbery.net] On Behalf Of Per-Olof Olsson > > Sent: Friday, September 09, 2011 2:48 AM > > To: P C > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] terminal width on Cisco ASA > > > > Not running any ASA but IOS and nexus switches. > > > > Have done some tests to extend width to max, by set width > > it multiple times in clogin script. > > > > Just now running clogin using width 500 (nexus max 512) or > > "no wrap" for IOS switches supporting "terminal width 0". > > > > If you not set width in scripts you will get > > 80 when running from cron ("default vt100") or > > current window width from where you run command by hand. > > > > In later versions of clogin width set to 80 > > > > Diff from my running version of clogin.in (rancid 2.3.6) > > ------------------------------------------------------ > > > diff -c clogin.in.ORG clogin.in > > > > *** clogin.in.ORG Wed Oct 6 22:31:24 2010 > > --- clogin.in Wed Jan 19 12:18:57 2011 > > *************** > > *** 622,627 **** > > --- 622,629 ---- > > set command "set logging session disable;$command" > > } else { > > send "terminal length 0\r" > > + # More ugly code to turn of line wrap /Peo > > + set command "terminal width 0;$command" > > } > > # match cisco config mode prompts too, such as router(config-if)#, > > # but catalyst does not change in this fashion. > > *************** > > *** 921,927 **** > > } else { > > send "terminal length 0\r" > > expect -re $prompt {} > > ! send "terminal width 80\r" > > } > > expect -re $prompt {} > > source $sfile > > --- 923,934 ---- > > } else { > > send "terminal length 0\r" > > expect -re $prompt {} > > ! # send "terminal width 80\r" > > ! # Set long lines for NEXUS > > ! # and no line wrap on IOS /Peo > > ! send "set width 500\r" > > ! expect -re $prompt {} > > ! send "set width 0\r" > > } > > expect -re $prompt {} > > source $sfile > > ----------------------------------- > > > > P C skrev 2011-09-08 18:26: > > > How is the terminal width communicated to the Cisco security appliance > > > by rancid-run when kicked off via crontab? I am getting output in my > > > alerts like this, almost like it's cutting off at ~60-70 characters or > > > so. When viewing through a shell via SSH, the output is the width of > > > the window without issue and is not truncated. > > > > > > Is this some sort of variable I can set so the output does not get > > > kicked to the next line like this? > > > > > > Or perhaps is this happening after the SSH session, and during the > > > e-mail/CVS diff process? > > > > > > I have also considered terminal width xxx Cisco ASA side, but this is > > > a permanent configuration command (config) mode and not a per-session > > > exec command, so it's probably better just to send the right width to > > > it in the first place via the SSH/terminal negotiation, however this > > > may be done. > > > > > > + access-list myaclname extended permit ip host 10.100.100.100 > > > + object-group MY_OBJECT log warnings interval 10 > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > /Peo > > ---------------------------------------------------------- > > Per-Olof Olsson Email: peo at chalmers.se > > Chalmers tekniska h?gskola IT-service > > H?rsalsv?gen 5 412 96 G?teborg > > Tel: 031/772 6738 Fax: 031/772 8680 > > ---------------------------------------------------------- > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > CONFIDENTIALITY NOTICE > Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Sep 9 16:07:06 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 9 Sep 2011 16:07:06 +0000 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: <20110909155314.GE19421@shrubbery.net> References: <4E69E0B7.2020508@chalmers.se> <20110909155314.GE19421@shrubbery.net> Message-ID: <20110909160706.GH19421@shrubbery.net> Fri, Sep 09, 2011 at 03:53:14PM +0000, john heasley: > > In later versions of clogin width set to 80 > > i changed that to 132 for clogin [-s|-c], but this was to stop a few > show commands from oscillating, particularly show vlan. but, i've not > seen the device wrap other lines as thread is implying for nexus and > ASA, of which I have none. is this perhaps driven by some other variable > on these devices, such as terminal type? ie: particular types have or > lack some capability. 500 seems like it would not be strictly portable. fwiw, the desired effect from my PoV is that the device do no screen manipulation in any manner what so ever for -c or -s (command or script) mode of the login scripts. no line length handling, no line shifting, no bolding, refreshing, etc etc. From cgauthier at mapscu.com Fri Sep 9 16:12:37 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 9 Sep 2011 09:12:37 -0700 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: <20110909160227.GG19421@shrubbery.net> References: <4E69E0B7.2020508@chalmers.se> <20110909160227.GG19421@shrubbery.net> Message-ID: > Fri, Sep 09, 2011 at 08:52:41AM -0700, Chris Gauthier: > > Here is an excerpt of the emails I get sometimes. They are stored > > correctly in the repository, though. I am running rancid 2.3.2 on > > Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed > > to protect the names of the innocent, as well as my job. ;) > > is this IOS, PIX, ASA, or ?? Sorry, ASA 5520 running v8.2(2.17) > > > Index: configs/172.16.0.2 > > > ============================================================= > ====== > > retrieving revision 1.393 > > diff -U 4 -r1.393 172.16.0.2 > > @@ -898,8 +898,11 @@ > > access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 > 10.119.17.0 255.255.255.0 > > access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 > 172.16.6.0 255.255.255.248 > > access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 > 172.16.6.0 255.255.255.248 > > access-list nat0_inside extended permit ip 192.168.100.0 > > 255.255.255.0 172.16.6.0 255.255.255.248 > > + access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0 > > + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit > > + ip > > + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list > > + nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0 > > + 255.255.255.248 > > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 > 192.168.254.0 255.255.255.0 > > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 > 10.16.0.0 255.255.0.0 > > access-list static_nat_vendor1 extended permit ip 192.168.100.0 > 255.255.255.0 host 172.30.255.1 > > access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host > 10.0.1.2 @@ -1103,8 +1106,10 @@ > > access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0 > > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 > 10.0.0.0 255.0.0.0 > > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 > 172.16.0.0 255.240.0.0 > > access-list nat0_vendor3 extended permit ip 172.16.6.0 > > 255.255.255.248 192.168.0.0 255.255.0.0 > > + access-list vendor3 extended permit ip host 172.16.6.3 host > > + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3 > > + host 172.16.0.2 > > no pager > > logging enable > > logging timestamp > > logging asdm-buffer-size 200 > > > > > > --Chris > > > > > > > -----Original Message----- > > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > > bounces at shrubbery.net] On Behalf Of Per-Olof Olsson > > > Sent: Friday, September 09, 2011 2:48 AM > > > To: P C > > > Cc: rancid-discuss at shrubbery.net > > > Subject: Re: [rancid] terminal width on Cisco ASA > > > > > > Not running any ASA but IOS and nexus switches. > > > > > > Have done some tests to extend width to max, by set width it > > > multiple times in clogin script. > > > > > > Just now running clogin using width 500 (nexus max 512) or "no wrap" > > > for IOS switches supporting "terminal width 0". > > > > > > If you not set width in scripts you will get > > > 80 when running from cron ("default vt100") or current window width > > > from where you run command by hand. > > > > > > In later versions of clogin width set to 80 > > > > > > Diff from my running version of clogin.in (rancid 2.3.6) > > > ------------------------------------------------------ > > > > diff -c clogin.in.ORG clogin.in > > > > > > *** clogin.in.ORG Wed Oct 6 22:31:24 2010 > > > --- clogin.in Wed Jan 19 12:18:57 2011 > > > *************** > > > *** 622,627 **** > > > --- 622,629 ---- > > > set command "set logging session disable;$command" > > > } else { > > > send "terminal length 0\r" > > > + # More ugly code to turn of line wrap /Peo set command "terminal > > > + width 0;$command" > > > } > > > # match cisco config mode prompts too, such as router(config-if)#, > > > # but catalyst does not change in this fashion. > > > *************** > > > *** 921,927 **** > > > } else { > > > send "terminal length 0\r" > > > expect -re $prompt {} > > > ! send "terminal width 80\r" > > > } > > > expect -re $prompt {} > > > source $sfile > > > --- 923,934 ---- > > > } else { > > > send "terminal length 0\r" > > > expect -re $prompt {} > > > ! # send "terminal width 80\r" > > > ! # Set long lines for NEXUS > > > ! # and no line wrap on IOS /Peo > > > ! send "set width 500\r" > > > ! expect -re $prompt {} > > > ! send "set width 0\r" > > > } > > > expect -re $prompt {} > > > source $sfile > > > ----------------------------------- > > > > > > P C skrev 2011-09-08 18:26: > > > > How is the terminal width communicated to the Cisco security > > > > appliance by rancid-run when kicked off via crontab? I am getting > > > > output in my alerts like this, almost like it's cutting off at > > > > ~60-70 characters or so. When viewing through a shell via SSH, > > > > the output is the width of the window without issue and is not truncated. > > > > > > > > Is this some sort of variable I can set so the output does not get > > > > kicked to the next line like this? > > > > > > > > Or perhaps is this happening after the SSH session, and during the > > > > e-mail/CVS diff process? > > > > > > > > I have also considered terminal width xxx Cisco ASA side, but this > > > > is a permanent configuration command (config) mode and not a > > > > per-session exec command, so it's probably better just to send the > > > > right width to it in the first place via the SSH/terminal > > > > negotiation, however this may be done. > > > > > > > > + access-list myaclname extended permit ip host 10.100.100.100 > > > > + object-group MY_OBJECT log warnings interval 10 > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > /Peo > > > ---------------------------------------------------------- > > > Per-Olof Olsson Email: peo at chalmers.se > > > Chalmers tekniska h?gskola IT-service > > > H?rsalsv?gen 5 412 96 G?teborg > > > Tel: 031/772 6738 Fax: 031/772 8680 > > > ---------------------------------------------------------- > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > CONFIDENTIALITY NOTICE > > Attention: The information contained in this email and/or attachments is > intended only for the person or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon, this > information by persons or entities other than the intended recipient is > prohibited. If you received this in error, please contact the sender and delete the > material from any system and destroy any copies. > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From weeve3 at gmail.com Fri Sep 9 19:17:24 2011 From: weeve3 at gmail.com (Jason Wever) Date: Fri, 9 Sep 2011 15:17:24 -0400 Subject: [rancid] Linksys switches In-Reply-To: <4E693834.6030603@gie.com> References: <4E693834.6030603@gie.com> Message-ID: On Thu, Sep 8, 2011 at 5:48 PM, Miles Lott wrote: > I wanted to respond to the following thread about fetching configs from > Linksys switches. > http://www.shrubbery.net/pipermail/rancid-discuss/2010-March/004750.html > > I have a hacked-up version of hlogin and hrancid called llogin and lrancid. > ?I should be close to finishing these up by tomorrow so I can contribute if > there is still a need. (Re-sending so it goes to the list this time) I'd love to play with a copy of these if you make them available. I have an SRW2048 and several SRW2024s that I've been hoping to get working with RANCID. Thanks, -- Jason Wever From mlott at gie.com Fri Sep 9 19:32:24 2011 From: mlott at gie.com (Miles Lott) Date: Fri, 09 Sep 2011 14:32:24 -0500 Subject: [rancid] Linksys switches In-Reply-To: References: <4E693834.6030603@gie.com> Message-ID: <4E6A69C8.5060803@gie.com> An HTML attachment was scrubbed... URL: From ler762 at gmail.com Sat Sep 10 02:01:20 2011 From: ler762 at gmail.com (Lee) Date: Fri, 9 Sep 2011 22:01:20 -0400 Subject: [rancid] rancid 2.3.6: clogin with multiple devices fails... ($autologin not defined) In-Reply-To: References: Message-ID: On 9/6/11, P C wrote: > Has any determined the best solution for this? I don't know if it's "best" but it's probably "easiest" OK, how 'bout a proposed fix? Starting at my line 756 in clogin it's: set enable 0 foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. Fix is to move the "set enable 0" line after the "foreach router [..." line. Can you try it & report back if it works or not for you? Regards, Lee > I just upgraded from > version 2.3.1_3 to 2.3.6 and now I'm having this problem too. > > I used to do clogin -c "show inventory" `cat all_routers.txt` and it > would return said command for the routers listed in all_routers.txt, > with one router entry per line. > > Now, the first routers runs fine, but each subsequent one gives this: > > can't read "autoenable": no such variable > while executing > "if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } > { > send_user -- "\nError: no enable password for $router in > $password_file...." > ("foreach" body line 28) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "/usr/local/rancid/bin/clogin" line 743) > > > On Wed, Jul 13, 2011 at 6:57 PM, Jon Peatfield > wrote: >> On Wed, 13 Jul 2011, Lee wrote: >> >>>> I can see a number of possible fixes to the current clogin code but >>>> would >>>> prefer an expert to take a look at it... >>> >>> ... crickets ... >>> >>> OK, how 'bout a proposed fix? Starting at my line 756 in clogin it's: >>> set enable 0 >>> foreach router [lrange $argv $i end] { >>> set router [string tolower $router] >>> # attempt at platform switching. >>> >>> Fix is to move the "set enable 0" line after the "foreach router [..." >>> line. >> >> Which does seem to fix it, or at least hide the underlying problems... >> >> My worry is that the code is testing $enable in the loop before it can be >> set other than to 0, so either the testing of $enable code is wrong, or it >> really is intended to be the value of $enable from the *previous* time >> round >> the loop, in which case the fix may break something subtle... >> >> Then there is the use of $autoenable itself, which I assume was left when >> the variable was renamed, but it isn't obvious (to me) if that should be >> $avautoenable or $ae since I don't understand what the test is meant to be >> doing... >> >> So we have (in the unfixed 2.3.6): >> >> ... >> set enable 0 >> foreach router [lrange $argv $i end] { >> ... >> # look for noenable option in .cloginrc >> if { [find noenable $router] == "1" } { >> set enable 0 >> } >> ... >> if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] >> < >> 2 } { >> send_user -- "\nError: no enable password for $router in >> $password_file.\n" >> continue >> } >> ... >> >> ... >> } >> >> so maybe that test of $enable just needs to be moved after the places >> where >> enable is set... >> >> I clearly don't understand the code. >> >> -- Jon >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From nkkrishnan at gmail.com Sun Sep 11 14:58:35 2011 From: nkkrishnan at gmail.com (N K Krishnan) Date: Sun, 11 Sep 2011 07:58:35 -0700 Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <767329787.17383.1315580586799.JavaMail.root@zim.upmf-grenoble.fr> References: <21861899.17341.1315579453566.JavaMail.root@zim.upmf-grenoble.fr> <767329787.17383.1315580586799.JavaMail.root@zim.upmf-grenoble.fr> Message-ID: hlogin/hrancid seems to work with the 2910al-48G with W.14.49 and rancid 2.3.2a8. one relatively trivial change in hrancid - more than likely unrelated to our 2910al-48G acquisition. 206c206 < # This routine parses "show system-information" --- > # This routine parses "show system" 464c464 < {'show system-information' => 'ShowSystem'}, --- > {'show system' => 'ShowSystem'}, On Fri, Sep 9, 2011 at 8:03 AM, Vincent LOUPIEN < Vincent.Loupien at upmf-grenoble.fr> wrote: > Hi all, > > We replaced the old good HP Procurve 2650 by more resent HP Procurve 2910 > and since, rancid refuse to backup theirs configurations, while this was > going very well with 2650. All the parameters seem correct (telnet / ssh, > password ...) and are becoming the same as for 2650. > > Debugging using clogin works very well but with the use of rancid-run in > crond, it creates problems without messages/errors. > I tried also use Foundry group in place of HP to operate but with no > success. Same rancid backup Cisco switchs/routers with no problem. > > Do you have an idea where this problem come from or "search paths". > > Debian version of rancid = 2.3.2~a8-4 > HP Procurve 2910 firmware = W.14.49. > > Regards, > > -- > ____________________________________________________________ > Vincent LOUPIEN - Direction des Systemes d'Information > Batiment Langues, Nouvelles Technologies - Bureau 37 > Universite Pierre Mendes France - Domaine Universitaire > 79, rue des Universites - BP 47 - F-38040 Grenoble Cedex 9 > Tel : (+33).04.76.82.57.58 - Fax : (+33).04.76.82.83.13 > ____________________________________________________________ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Sun Sep 11 18:53:07 2011 From: heas at shrubbery.net (john heasley) Date: Sun, 11 Sep 2011 18:53:07 +0000 Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: References: <21861899.17341.1315579453566.JavaMail.root@zim.upmf-grenoble.fr> <767329787.17383.1315580586799.JavaMail.root@zim.upmf-grenoble.fr> Message-ID: <20110911185307.GA22211@shrubbery.net> Sun, Sep 11, 2011 at 07:58:35AM -0700, N K Krishnan: > hlogin/hrancid seems to work with the 2910al-48G with W.14.49 and rancid > 2.3.2a8. > > one relatively trivial change in hrancid - more than likely unrelated to our > 2910al-48G acquisition. > > 206c206 > < # This routine parses "show system-information" > --- > > # This routine parses "show system" > 464c464 > < {'show system-information' => 'ShowSystem'}, > --- > > {'show system' => 'ShowSystem'}, does 'show system information' work? you may just need to upgrade rancid. From nkkrishnan at gmail.com Sun Sep 11 19:11:45 2011 From: nkkrishnan at gmail.com (N K Krishnan) Date: Sun, 11 Sep 2011 12:11:45 -0700 Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <20110911185307.GA22211@shrubbery.net> References: <21861899.17341.1315579453566.JavaMail.root@zim.upmf-grenoble.fr> <767329787.17383.1315580586799.JavaMail.root@zim.upmf-grenoble.fr> <20110911185307.GA22211@shrubbery.net> Message-ID: yes, `show system information' does work. since the setup is working so well for so long (many thanks are due) there is little motivation to change. we will catch up at the next problem or underlying system transition. cheers. On Sun, Sep 11, 2011 at 11:53 AM, john heasley wrote: > Sun, Sep 11, 2011 at 07:58:35AM -0700, N K Krishnan: > > hlogin/hrancid seems to work with the 2910al-48G with W.14.49 and rancid > > 2.3.2a8. > > > > one relatively trivial change in hrancid - more than likely unrelated to > our > > 2910al-48G acquisition. > > > > 206c206 > > < # This routine parses "show system-information" > > --- > > > # This routine parses "show system" > > 464c464 > > < {'show system-information' => 'ShowSystem'}, > > --- > > > {'show system' => 'ShowSystem'}, > > does 'show system information' work? you may just need to upgrade rancid. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam.korab at gmail.com Mon Sep 12 16:22:46 2011 From: adam.korab at gmail.com (Adam Korab) Date: Mon, 12 Sep 2011 11:22:46 -0500 Subject: [rancid] ExtremeXOS clogin problems In-Reply-To: References: <20110907203558.GK2400@shrubbery.net> <20110908045436.GC11127@shrubbery.net> Message-ID: Oops. CCing list too. On Mon, Sep 12, 2011 at 11:22 AM, Adam Korab wrote: > On Wed, Sep 7, 2011 at 11:54 PM, john heasley wrote: >> >> the effing thing echos the login line back. ?this is a newer extreme box, >> yes? > > Yes. ?New ExtremeXOS 12.5.2.6 code on several variants of the > SummitStack X-series. > > Same thing happens with ExtremeXOS 12.6.1.3 which is the newest code > as far as I'm aware. > > That said...we just had a maintenance window and it appears this > problem only occurs when using telnet to login -- ssh works just fine, > the first time. > > --Adam > From heas at shrubbery.net Mon Sep 12 17:42:42 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 12 Sep 2011 17:42:42 +0000 Subject: [rancid] ExtremeXOS clogin problems In-Reply-To: References: <20110907203558.GK2400@shrubbery.net> <20110908045436.GC11127@shrubbery.net> Message-ID: <20110912174242.GN28747@shrubbery.net> Mon, Sep 12, 2011 at 11:22:46AM -0500, Adam Korab: > Oops. CCing list too. > > On Mon, Sep 12, 2011 at 11:22 AM, Adam Korab wrote: > > On Wed, Sep 7, 2011 at 11:54 PM, john heasley wrote: > >> > >> the effing thing echos the login line back. ?this is a newer extreme box, > >> yes? > > > > Yes. ?New ExtremeXOS 12.5.2.6 code on several variants of the > > SummitStack X-series. > > > > Same thing happens with ExtremeXOS 12.6.1.3 which is the newest code > > as far as I'm aware. > > > > That said...we just had a maintenance window and it appears this > > problem only occurs when using telnet to login -- ssh works just fine, > > the first time. thanks, very useful info. From adam.korab at gmail.com Mon Sep 12 18:02:04 2011 From: adam.korab at gmail.com (Adam Korab) Date: Mon, 12 Sep 2011 13:02:04 -0500 Subject: [rancid] ExtremeXOS clogin problems In-Reply-To: <20110912174242.GN28747@shrubbery.net> References: <20110907203558.GK2400@shrubbery.net> <20110908045436.GC11127@shrubbery.net> <20110912174242.GN28747@shrubbery.net> Message-ID: On Mon, Sep 12, 2011 at 12:42 PM, john heasley wrote: > > thanks, very useful info. Glad it's helpful. Can you elaborate more about the expect bug you referenced a few months ago?[0] How does it present itself, and has there been any traction on a workaround? --Adam [0] http://www.gossamer-threads.com/lists/rancid/users/5813 From heas at shrubbery.net Mon Sep 12 18:49:24 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 12 Sep 2011 18:49:24 +0000 Subject: [rancid] ExtremeXOS clogin problems In-Reply-To: References: <20110907203558.GK2400@shrubbery.net> <20110908045436.GC11127@shrubbery.net> <20110912174242.GN28747@shrubbery.net> Message-ID: <20110912184924.GQ28747@shrubbery.net> Mon, Sep 12, 2011 at 01:02:04PM -0500, Adam Korab: > On Mon, Sep 12, 2011 at 12:42 PM, john heasley wrote: > > > > thanks, very useful info. > > Glad it's helpful. > > Can you elaborate more about the expect bug you referenced a few > months ago?[0] How does it present itself, and has there been any > traction on a workaround? i dont recall; I have to re-evaluate it. we were trying to get it to work and had problems, then i had to concentrate on other work and its been too long. > --Adam > > [0] http://www.gossamer-threads.com/lists/rancid/users/5813 From tensai at zmonkey.org Thu Sep 15 15:52:33 2011 From: tensai at zmonkey.org (Corey Edwards) Date: Thu, 15 Sep 2011 09:52:33 -0600 Subject: [rancid] duplicated characters In-Reply-To: <20110903200819.GR143@shrubbery.net> References: <4E5FEA9E.5060707@zmonkey.org> <20110903200819.GR143@shrubbery.net> Message-ID: <4E721F41.8020908@zmonkey.org> On 09/03/2011 02:08 PM, john heasley wrote: > Thu, Sep 01, 2011 at 02:27:10PM -0600, Corey Edwards: >> After a recent upgrade from Debian 5.0 to 6.0 I began seeing duplicate >> characters in config diffs. Here's an example: >> >> - access-list 102 deny udp any any eq 135 >> + access-list 102 denny udp any any eq 135 >> - access-list 110 deny tcp any any eq 445 log >> + access-list 110 deny tcp any any eq 445 log >> >> I found this thread from 2004 which hinted at it being an issue with the >> telnet client. The OP eventually switched to ssh which in this case >> isn't an option. >> >> http://www.gossamer-threads.com/lists/rancid/users/720 > > i dont know what the fbsd fix was for this, but they fixed it somehow in > their tcl or expect port. > > perhaps its related to a problem that came up in rancid 2.3.5 something > changed in debian's libc that caused problems with string handling > functions, which i believe was related to internationalization. > > or could be a bug in buffer handling in expect or tcl. I moved the RANCID install to a separate server running Debian 6.0 and it's working just fine, so it appears to be something left over from the upgrade from 5.0. I just can't imagine what it is. > either way, if you can capture clogin -d -c 'show running' o/p where this > occurs, it should at least reveal where the bug is. I captured this output, but unfortunately it was rife with passwords. I trimmed it down to what I hope is still a useful summary. In this example the duplicated character showed up in the word "permitt". http://pastebin.com/epUCPr2p > you can also try rebuilding tcl and expect w/o internationalization. I could not find any way to do this. Corey From Vincent.Loupien at upmf-grenoble.fr Fri Sep 16 14:33:39 2011 From: Vincent.Loupien at upmf-grenoble.fr (Vincent LOUPIEN) Date: Fri, 16 Sep 2011 16:33:39 +0200 (CEST) Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <20110909150901.GA19421@shrubbery.net> Message-ID: <1563634703.23046.1316183619459.JavaMail.root@zim.upmf-grenoble.fr> Hello John, ----- Mail original ----- > Fri, Sep 09, 2011 at 05:03:06PM +0200, Vincent LOUPIEN: > > Hi all, > > > > We replaced the old good HP Procurve 2650 by more resent HP Procurve > > 2910 and since, rancid refuse to backup theirs configurations, while > > this was going very well with 2650. All the parameters seem correct > > (telnet / ssh, password ...) and are becoming the same as for 2650. > > > > Debugging using clogin works very well but with the use of > > rancid-run in crond, it creates problems without messages/errors. > > hlogin is for hp switches with the hp o/s, which i think began as > procurve. test with that. else, look for errors in the group's log > file. When i execute hlogin (telnet connexion without user) , this is what i get (but no trace in the log in "/var/log/rancid/") : linux:/var/lib/rancid/bin# ./hlogin -c "show version" hp2910 hp2910 spawn hpuifilter -- telnet hp2910 Error: telnet failed: couldn't execute "hpuifilter": no such file or directory ... And when i execute clogin, this is what i get (but still no trace) : linux:/var/lib/rancid/bin# ./clogin -c "show version" hp2910 hp2910 spawn telnet hp2910 Trying xxx.xxx.xxx.xxx... Connected to hp2910 Escape character is '^]'. Password: hp2910# couldn't compile regular expression pattern: parentheses () not balanced while executing "expect -nobrace -re { [55;1H([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[ ]+} { exp_continue }" invoked from within "expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } }" (procedure "run_commands" line 23) invoked from within "run_commands $prompt $command" ("foreach" body line 171) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "./clogin" line 769) Do you have an idea where this problem will come again ? Regards, -- ____________________________________________________________ Vincent LOUPIEN - Direction des Systemes d'Information Batiment Langues, Nouvelles Technologies - Bureau 37 Universite Pierre Mendes France - Domaine Universitaire 79, rue des Universites - BP 47 - F-38040 Grenoble Cedex 9 Tel : (+33).04.76.82.57.58 - Fax : (+33).04.76.82.83.13 ____________________________________________________________ From peo at chalmers.se Fri Sep 16 18:14:17 2011 From: peo at chalmers.se (Per-Olof Olsson) Date: Fri, 16 Sep 2011 20:14:17 +0200 Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <1563634703.23046.1316183619459.JavaMail.root@zim.upmf-grenoble.fr> References: <1563634703.23046.1316183619459.JavaMail.root@zim.upmf-grenoble.fr> Message-ID: <4E7391F9.70108@chalmers.se> Vincent LOUPIEN skrev 2011-09-16 16:33: > Hello John, > > ----- Mail original ----- >> Fri, Sep 09, 2011 at 05:03:06PM +0200, Vincent LOUPIEN: >>> Hi all, >>> >>> We replaced the old good HP Procurve 2650 by more resent HP Procurve >>> 2910 and since, rancid refuse to backup theirs configurations, while >>> this was going very well with 2650. All the parameters seem correct >>> (telnet / ssh, password ...) and are becoming the same as for 2650. >>> >>> Debugging using clogin works very well but with the use of >>> rancid-run in crond, it creates problems without messages/errors. >> >> hlogin is for hp switches with the hp o/s, which i think began as >> procurve. test with that. else, look for errors in the group's log >> file. > When i execute hlogin (telnet connexion without user) , this is what i get (but no trace in the log in "/var/log/rancid/") : > linux:/var/lib/rancid/bin# ./hlogin -c "show version" hp2910 > hp2910 > spawn hpuifilter -- telnet hp2910 > > Error: telnet failed: couldn't execute "hpuifilter": no such file or directory > Is it the problem with stacking enabled on hp2910 switches? 1. Looks like you run rancid command as root. Don't! You will end up with files not owned by your ranciduser and get more trouble. 2. If you are running as rancid-user I thing you get correct path settings to find hpuifiler. hpuifiler and hlogin is proper installed in your "rancid/bin"-dir if it's work for 2650's. 3. clogin don't use hpuifiler so it will not work to with Procurve switches. 4. There is a new prompt on hp2910, if you have "stacking" enabled. Test to turn off stacking and run hlogin/rancid-run as you do with 2650's. If you start using ssh to login, you can find a patch for ssh login to 2910 switch stack member 0, posted pevious on this list. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- > > ... And when i execute clogin, this is what i get (but still no trace) : > linux:/var/lib/rancid/bin# ./clogin -c "show version" hp2910 > hp2910 > spawn telnet hp2910 > Trying xxx.xxx.xxx.xxx... > Connected to hp2910 > Escape character is '^]'. > > Password: > > hp2910# couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect -nobrace -re { [55;1H([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[ > ]+} { exp_continue }" > invoked from within > "expect { > -re $reprompt {} > -re "\[\n\r]+" { exp_continue } > }" > (procedure "run_commands" line 23) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 171) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "./clogin" line 769) > > > Do you have an idea where this problem will come again ? > > Regards, > From cgauthier at mapscu.com Fri Sep 16 18:21:12 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 16 Sep 2011 11:21:12 -0700 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: References: <4E69E0B7.2020508@chalmers.se> <20110909160227.GG19421@shrubbery.net> Message-ID: Did anyone ever figure out the line wrapping at all? It seems to be in the post-processing and not in the ASA. > > Fri, Sep 09, 2011 at 08:52:41AM -0700, Chris Gauthier: > > > Here is an excerpt of the emails I get sometimes. They are stored > > > correctly in the repository, though. I am running rancid 2.3.2 on > > > Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been > > > changed to protect the names of the innocent, as well as my job. ;) > > > > is this IOS, PIX, ASA, or ?? > > Sorry, ASA 5520 running v8.2(2.17) > > > > > > Index: configs/172.16.0.2 > > > > > > ============================================================= > > ====== > > > retrieving revision 1.393 > > > diff -U 4 -r1.393 172.16.0.2 > > > @@ -898,8 +898,11 @@ > > > access-list nat0_inside extended permit ip 192.168.124.0 > > > 255.255.255.0 > > 10.119.17.0 255.255.255.0 > > > access-list nat0_inside extended permit ip 192.168.123.0 > > > 255.255.255.0 > > 172.16.6.0 255.255.255.248 > > > access-list nat0_inside extended permit ip 192.168.4.0 > > > 255.255.255.0 > > 172.16.6.0 255.255.255.248 > > > access-list nat0_inside extended permit ip 192.168.100.0 > > > 255.255.255.0 172.16.6.0 255.255.255.248 > > > + access-list nat0_inside extended permit ip 192.168.0.0 > > > + 255.255.255.0 > > > + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit > > > + ip > > > + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list > > > + nat0_inside extended permit ip 172.16.0.0 255.255.255.240 > > > + 172.16.6.0 > > > + 255.255.255.248 > > > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 > > 192.168.254.0 255.255.255.0 > > > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 > > 10.16.0.0 255.255.0.0 > > > access-list static_nat_vendor1 extended permit ip 192.168.100.0 > > 255.255.255.0 host 172.30.255.1 > > > access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 > > > host > > 10.0.1.2 @@ -1103,8 +1106,10 @@ > > > access-list outside_access_out extended deny ip any 172.16.0.0 > 255.240.0.0 > > > access-list nat0_vendor3 extended permit ip 172.16.6.0 > > > 255.255.255.248 > > 10.0.0.0 255.0.0.0 > > > access-list nat0_vendor3 extended permit ip 172.16.6.0 > > > 255.255.255.248 > > 172.16.0.0 255.240.0.0 > > > access-list nat0_vendor3 extended permit ip 172.16.6.0 > > > 255.255.255.248 192.168.0.0 255.255.0.0 > > > + access-list vendor3 extended permit ip host 172.16.6.3 host > > > + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3 > > > + host 172.16.0.2 > > > no pager > > > logging enable > > > logging timestamp > > > logging asdm-buffer-size 200 > > > > > > > > > --Chris > > > > > > > > > > -----Original Message----- > > > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > > > bounces at shrubbery.net] On Behalf Of Per-Olof Olsson > > > > Sent: Friday, September 09, 2011 2:48 AM > > > > To: P C > > > > Cc: rancid-discuss at shrubbery.net > > > > Subject: Re: [rancid] terminal width on Cisco ASA > > > > > > > > Not running any ASA but IOS and nexus switches. > > > > > > > > Have done some tests to extend width to max, by set width it > > > > multiple times in clogin script. > > > > > > > > Just now running clogin using width 500 (nexus max 512) or "no wrap" > > > > for IOS switches supporting "terminal width 0". > > > > > > > > If you not set width in scripts you will get > > > > 80 when running from cron ("default vt100") or current window > > > > width from where you run command by hand. > > > > > > > > In later versions of clogin width set to 80 > > > > > > > > Diff from my running version of clogin.in (rancid 2.3.6) > > > > ------------------------------------------------------ > > > > > diff -c clogin.in.ORG clogin.in > > > > > > > > *** clogin.in.ORG Wed Oct 6 22:31:24 2010 > > > > --- clogin.in Wed Jan 19 12:18:57 2011 > > > > *************** > > > > *** 622,627 **** > > > > --- 622,629 ---- > > > > set command "set logging session disable;$command" > > > > } else { > > > > send "terminal length 0\r" > > > > + # More ugly code to turn of line wrap /Peo set command "terminal > > > > + width 0;$command" > > > > } > > > > # match cisco config mode prompts too, such as router(config-if)#, > > > > # but catalyst does not change in this fashion. > > > > *************** > > > > *** 921,927 **** > > > > } else { > > > > send "terminal length 0\r" > > > > expect -re $prompt {} > > > > ! send "terminal width 80\r" > > > > } > > > > expect -re $prompt {} > > > > source $sfile > > > > --- 923,934 ---- > > > > } else { > > > > send "terminal length 0\r" > > > > expect -re $prompt {} > > > > ! # send "terminal width 80\r" > > > > ! # Set long lines for NEXUS > > > > ! # and no line wrap on IOS /Peo > > > > ! send "set width 500\r" > > > > ! expect -re $prompt {} > > > > ! send "set width 0\r" > > > > } > > > > expect -re $prompt {} > > > > source $sfile > > > > ----------------------------------- > > > > > > > > P C skrev 2011-09-08 18:26: > > > > > How is the terminal width communicated to the Cisco security > > > > > appliance by rancid-run when kicked off via crontab? I am > > > > > getting output in my alerts like this, almost like it's cutting > > > > > off at > > > > > ~60-70 characters or so. When viewing through a shell via SSH, > > > > > the output is the width of the window without issue and is not truncated. > > > > > > > > > > Is this some sort of variable I can set so the output does not > > > > > get kicked to the next line like this? > > > > > > > > > > Or perhaps is this happening after the SSH session, and during > > > > > the e-mail/CVS diff process? > > > > > > > > > > I have also considered terminal width xxx Cisco ASA side, but > > > > > this is a permanent configuration command (config) mode and not > > > > > a per-session exec command, so it's probably better just to send > > > > > the right width to it in the first place via the SSH/terminal > > > > > negotiation, however this may be done. > > > > > > > > > > + access-list myaclname extended permit ip host 10.100.100.100 > > > > > + object-group MY_OBJECT log warnings interval 10 > > > > > _______________________________________________ > > > > > Rancid-discuss mailing list > > > > > Rancid-discuss at shrubbery.net > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > > > > > > /Peo > > > > ---------------------------------------------------------- > > > > Per-Olof Olsson Email: peo at chalmers.se > > > > Chalmers tekniska h?gskola IT-service > > > > H?rsalsv?gen 5 412 96 G?teborg > > > > Tel: 031/772 6738 Fax: 031/772 8680 > > > > ---------------------------------------------------------- > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > -------------------------------------------------------------------- > > > -- > > > -------------------------------------------------------------------- > > > -- > > > -------------------------------------------------------------------- > > > -- > > > CONFIDENTIALITY NOTICE > > > Attention: The information contained in this email and/or > > > attachments is > > intended only for the person or entity to which it is addressed and > > may contain confidential and/or privileged material. Any review, > > retransmission, dissemination or other use of, or taking of any action > > in reliance upon, this information by persons or entities other than > > the intended recipient is prohibited. If you received this in error, > > please contact the sender and delete the material from any system and > destroy any copies. > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------------ > ------ > CONFIDENTIALITY NOTICE > Attention: The information contained in this email and/or attachments is > intended only for the person or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon, this > information by persons or entities other than the intended recipient is > prohibited. If you received this in error, please contact the sender and delete the > material from any system and destroy any copies. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From peo at chalmers.se Sat Sep 17 08:20:56 2011 From: peo at chalmers.se (Per-Olof Olsson) Date: Sat, 17 Sep 2011 10:20:56 +0200 Subject: [rancid] terminal width on Cisco ASA In-Reply-To: <20110909160706.GH19421@shrubbery.net> References: <4E69E0B7.2020508@chalmers.se> <20110909155314.GE19421@shrubbery.net> <20110909160706.GH19421@shrubbery.net> Message-ID: <4E745868.8080507@chalmers.se> john heasley skrev 2011-09-09 18:07: > Fri, Sep 09, 2011 at 03:53:14PM +0000, john heasley: >>> In later versions of clogin width set to 80 >> >> i changed that to 132 for clogin [-s|-c], but this was to stop a few >> show commands from oscillating, particularly show vlan. but, i've not >> seen the device wrap other lines as thread is implying for nexus and >> ASA, of which I have none. is this perhaps driven by some other variable >> on these devices, such as terminal type? ie: particular types have or >> lack some capability. 500 seems like it would not be strictly portable. > > fwiw, the desired effect from my PoV is that the device do no screen > manipulation in any manner what so ever for -c or -s (command or script) > mode of the login scripts. no line length handling, no line shifting, > no bolding, refreshing, etc etc. Sorry. Some days, most get wrong. 1. First nexus that fooled me. After some test I find out that turning of pager also turn off wrapping. (Nexus 5000 running version 4.2(1)N2(1a) ) Can't find any notes of this in Nexus manuals. Only ACE manual have a note about terminal length settings: "A value of 0 instructs the ACE to scroll continuously (no pausing) and overrides the terminal width command." For NX-os it looks like "terminal length 0" is what needed for initial terminal settings to rancid. 2. Thanks for the note. I have installed the wrong version when I updated clogin.in Rewrite it one more time to make i easy to read and use the same lines for command and script. I still like to ad "terminal width 0" to one of ours 6500. The output from show vlan is 600+ character long! And it's easier to post process one liners from rancid. -x_test----------------------- show terminal exit -eof-------------------------- -s_test----------------------- send "\r" expect -re $prompt {} send "show terminal\r" expect -re $prompt {} send_user $expect_out(buffer) send "exit\r" -eof-------------------------- /115-> clogin -x x_test cisco_6500 cisco_6500 spawn ssh -c 3des -x -l rancid cisco_6500 cisco_6500>enable Password: cisco_6500# cisco_6500#terminal width 0 cisco_6500#terminal length 0 cisco_6500#show terminal Line 1, Location: "", Type: "xterm" Length: 0 lines, Width: 0 columns Baud rate (TX/RX) is 9600/9600 ... /116-> clogin -s s_test cisco_6500 cisco_6500 show terminal Line 1, Location: "", Type: "xterm" Length: 0 lines, Width: 0 columns Baud rate (TX/RX) is 9600/9600 /117-> clogin -x x_test nx-5000 nx-5000 spawn ssh -i .ssh/Rancid-to-Nexus -c 3des -x -l rancid nx_5000 Nexus 5000 Switch ... nx-5000# nx-5000# terminal width 0 ^ % Invalid number, range is (24:511) at '^' marker. nx-5000# terminal length 0 nx-5000# show terminal TTY: /dev/pts/2 Type: "xterm" Length: 0 lines, Width: 81 columns Session Timeout: 30 minutes ... /118-> clogin -s s_test nx_5000 nx_5000 show terminal TTY: /dev/pts/2 Type: "xterm" Length: 0 lines, Width: 81 columns Session Timeout: 30 minutes ... After install new patch I test to run it on our site with a mix of 2950,2960,3750, 3560, 6500 and nx-5010's. My new patch--------------------------------------------- *** clogin.in.ORG Wed Oct 6 22:31:24 2010 --- clogin.in Thu Sep 15 05:20:01 2011 *************** *** 621,626 **** --- 621,634 ---- # subsequent expects to handle everything as normal. set command "set logging session disable;$command" } else { + # To prevent diffs from some IOS "show vlan" output + # use fixed line width + # send "terminal width 80\r" + # expect -re $prompt {} + # some IOS "no wrap" + send "terminal width 0\r" + expect -re $prompt {} + # send "terminal length 0\r" } # match cisco config mode prompts too, such as router(config-if)#, *************** *** 919,927 **** expect -re $prompt {} send "set logging session disable\r" } else { ! send "terminal length 0\r" expect -re $prompt {} ! send "terminal width 80\r" } expect -re $prompt {} source $sfile --- 927,940 ---- expect -re $prompt {} send "set logging session disable\r" } else { ! # use fixed line width ! # send "terminal width 80\r" ! # expect -re $prompt {} ! # some ios "no wrap" ! send "terminal width 0\r" expect -re $prompt {} ! # ! send "terminal length 0\r" } expect -re $prompt {} source $sfile -end of patch------------------------------------ Notes: 1. I can't test extreme switches but it look lite clogin skip initial terminal settings only for commands ? if { [ string compare "extreme" "$platform" ] } {? not for scripts! 2. Is there any dist of clogin having ?terminal width? for commands? clogin 2.3.6 only have it for scripts! /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From danielc at vmware.com Sat Sep 17 11:56:04 2011 From: danielc at vmware.com (danielc at vmware.com) Date: Sat, 17 Sep 2011 04:56:04 -0700 (PDT) Subject: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory In-Reply-To: Message-ID: I hacked fnlogin/fnrancid pair to do some EMC VNX commands on their RHAT/Linux shell, but the only a portion of the output is not being checked into the configs directory. I have done the following: NOPIPE=yes;export NOPIPE vnxrancid -d vnx01 I get the two files: vnx01.raw and vnx01.new But if I do just: rancid-run -r vnx01 testing The .../var/testing/configs/vnx01 file only has saved some lines like: !RANCID-CONTENT-TYPE: vnxrancid The contents of the vnx01.new file looks perfect (in my opinion) I noticed that the end of the vnx01.raw file still have lots of control characters, is this interfering with the rancid-run ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ exit^M logout^M ^[[H^[[2JConnection to vnx01 closed.^M^M whereas an UCS, N7K, Vyatta device the .raw file is much cleaner. exit^M r2845-n6k-B#exit^M Connection to r2845-n6k02 closed.^M^M commit^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ ^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ exit^M logout^M Connection to hub-las01-fw01b closed.^M^M ^M Thanks, Daniel Chen From danielc at vmware.com Sat Sep 17 12:35:38 2011 From: danielc at vmware.com (danielc at vmware.com) Date: Sat, 17 Sep 2011 05:35:38 -0700 (PDT) Subject: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory In-Reply-To: Message-ID: <2effc2b8-9d49-4000-b134-07f6e2cda154@mozyits-MacBook-Pro.local> Nevermind. I used ProcessHistory("","","","","!field:$_"); so all the lines in the .new are practically comments as there is no "configuration" to capture as such. I think that would be it. Trying now. Sorry, Daniel Chen ----- Original Message ----- From: danielc at vmware.com To: rancid-discuss at shrubbery.net Sent: Saturday, September 17, 2011 7:56:04 AM Subject: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory I hacked fnlogin/fnrancid pair to do some EMC VNX commands on their RHAT/Linux shell, but the only a portion of the output is not being checked into the configs directory. I have done the following: NOPIPE=yes;export NOPIPE vnxrancid -d vnx01 I get the two files: vnx01.raw and vnx01.new But if I do just: rancid-run -r vnx01 testing The .../var/testing/configs/vnx01 file only has saved some lines like: !RANCID-CONTENT-TYPE: vnxrancid The contents of the vnx01.new file looks perfect (in my opinion) I noticed that the end of the vnx01.raw file still have lots of control characters, is this interfering with the rancid-run ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ exit^M logout^M ^[[H^[[2JConnection to vnx01 closed.^M^M whereas an UCS, N7K, Vyatta device the .raw file is much cleaner. exit^M r2845-n6k-B#exit^M Connection to r2845-n6k02 closed.^M^M commit^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ ^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ exit^M logout^M Connection to hub-las01-fw01b closed.^M^M ^M Thanks, Daniel Chen _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From danielc at vmware.com Sat Sep 17 17:43:59 2011 From: danielc at vmware.com (danielc at vmware.com) Date: Sat, 17 Sep 2011 10:43:59 -0700 (PDT) Subject: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory In-Reply-To: <2effc2b8-9d49-4000-b134-07f6e2cda154@mozyits-MacBook-Pro.local> Message-ID: I backtracked my changes to which part of the changes caused the rancid-run to fail. I think I broke my variation of the fnrancid when I attempted to get the prompt to be recognized. As stand-alone, vnxrancid -d vnx01 appear to be able to generate the vnx01.raw and vnx01.new files when NOPIPE=yes was engaged. The prompt looks like the following during a ssh: [nasadmin at r2778-vnx01cs0 ~]$ In looking at the .raw file, it looks like a there is an escape sequence: ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ ^M while (/^.+(#|\$)\s*($cmds_regexp)\s*$/) { $cmd = $2; # - FortiGate prompts end with either '#' or '$'. Further, they may # be prepended with a '~' if the hostname is too long. Therefore, # we need to figure out what our prompt really is. # if (!defined($prompt)) { # if ($_ =~ m/^.+\~\$/) { # $prompt = '\~\$ .*'; # } else { # if ($_ =~ m/^.+\$/) { # $prompt = ' \$ .*'; # } else { # if ($_ =~ m/^.+\~#/) { # $prompt = '\~# .*'; # } else { # if ($_ =~ m/^.+#/) { # $prompt = ' # .*'; # } # } # } # } # } print STDERR ("line:$_\ncmd:$2\n") if ($debug); if (!defined($prompt)) { print STDERR ("PROMPT0 MATCH: $1\n") if ($debug); # $prompt = ($_ =~ /^([^#]+#)/)[0]; $prompt = ($_ =~ /^([^\$]+\$)/)[0]; print STDERR ("PROMPT1 MATCH: $prompt\n") if ($debug); # $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT2 MATCH: $prompt\n") if ($debug); # $prompt =~ s/[\$]//g; print STDERR ("PROMPT3 MATCH: $prompt\n") if ($debug); } Regards, Daniel Chen ----- Original Message ----- From: danielc at vmware.com To: rancid-discuss at shrubbery.net Sent: Saturday, September 17, 2011 8:35:38 AM Subject: Re: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory Nevermind. I used ProcessHistory("","","","","!field:$_"); so all the lines in the .new are practically comments as there is no "configuration" to capture as such. I think that would be it. Trying now. Sorry, Daniel Chen ----- Original Message ----- From: danielc at vmware.com To: rancid-discuss at shrubbery.net Sent: Saturday, September 17, 2011 7:56:04 AM Subject: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory I hacked fnlogin/fnrancid pair to do some EMC VNX commands on their RHAT/Linux shell, but the only a portion of the output is not being checked into the configs directory. I have done the following: NOPIPE=yes;export NOPIPE vnxrancid -d vnx01 I get the two files: vnx01.raw and vnx01.new But if I do just: rancid-run -r vnx01 testing The .../var/testing/configs/vnx01 file only has saved some lines like: !RANCID-CONTENT-TYPE: vnxrancid The contents of the vnx01.new file looks perfect (in my opinion) I noticed that the end of the vnx01.raw file still have lots of control characters, is this interfering with the rancid-run ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ exit^M logout^M ^[[H^[[2JConnection to vnx01 closed.^M^M whereas an UCS, N7K, Vyatta device the .raw file is much cleaner. exit^M r2845-n6k-B#exit^M Connection to r2845-n6k02 closed.^M^M commit^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ ^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ exit^M logout^M Connection to hub-las01-fw01b closed.^M^M ^M Thanks, Daniel Chen _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From danielc at vmware.com Sun Sep 18 02:27:42 2011 From: danielc at vmware.com (danielc at vmware.com) Date: Sat, 17 Sep 2011 19:27:42 -0700 (PDT) Subject: [rancid] I got it working Re: help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory In-Reply-To: Message-ID: <20e5cb77-0367-4636-834a-14cdfdb6e26c@mozyits-MacBook-Pro.local> Nevermind again. I was working backwards. I should have started with the fnlogin equivalent first, then work on the fnrancid equivalent second. I have some minor clean-up to program vnxrancid to ignore certain run-time statistics. I made a new copy of fnlogin and made a few changes: 1) # FortiOS 2.x prompts can end in either '#' or '$' # set prompt "\[#\\$] " # VNX prompt looks like [nasadmin at r2778-vnx01cs0 ~]$ set prompt "\[~.\\$] " 2) some of the expect during the proc run_command to match more closely to a linux workstation I made a new copy of fnrancid and made some more changes to the prompt processing there: while (/^.+(#|\$)\s*($cmds_regexp)\s*$/) { $cmd = $2; # - FortiGate prompts end with either '#' or '$'. Further, they may # be prepended with a '~' if the hostname is too long. Therefore, # we need to figure out what our prompt really is. # if (!defined($prompt)) { # if ($_ =~ m/^.+\~\$/) { # $prompt = '\~\$ .*'; # print STDERR ("line0:$_\nprompt:$prompt\n") if ($debug); # } else { # if ($_ =~ m/^.+\$/) { # $prompt = ' \$ .*'; # print STDERR ("line1:$_\nprompt:$prompt\n") if ($debug); # } else { # if ($_ =~ m/^.+\~#/) { # $prompt = '\~# .*'; # print STDERR ("linei2:$_\nprompt:$prompt\n") if ($debug); # } else { # if ($_ =~ m/^.+#/) { # $prompt = ' # .*'; # print STDERR ("linei3:$_\nprompt:$prompt\n") if ($debug); # } # } # } # } # } print STDERR ("line:$_\ncmd:$2\n") if ($debug); if (!defined($prompt)) { print STDERR ("PROMPT0 MATCH: $1\n") if ($debug); # $prompt = ($_ =~ /^([^#]+#)/)[0]; # $prompt = ($_ =~ /\a([^\$]+\$)/)[0]; # $prompt = ($_ =~ /\a(.+\b)/)[0]; $prompt = ($_ =~ /\a(.+\b)/)[1]; print STDERR ("PROMPT1 MATCH: $prompt\n") if ($debug); # $prompt =~ s/([][}{)(\\])/\\$1/g; # $prompt =~ s/([][}{)(\\])//g; print STDERR ("PROMPT2 MATCH: $prompt\n") if ($debug); # $prompt =~ s/[\$]//g; print STDERR ("PROMPT3 MATCH: $prompt\n") if ($debug); } Daniel Chen ----- Original Message ----- From: danielc at vmware.com To: rancid-discuss at shrubbery.net Sent: Saturday, September 17, 2011 1:43:59 PM Subject: Re: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory I backtracked my changes to which part of the changes caused the rancid-run to fail. I think I broke my variation of the fnrancid when I attempted to get the prompt to be recognized. As stand-alone, vnxrancid -d vnx01 appear to be able to generate the vnx01.raw and vnx01.new files when NOPIPE=yes was engaged. The prompt looks like the following during a ssh: [nasadmin at r2778-vnx01cs0 ~]$ In looking at the .raw file, it looks like a there is an escape sequence: ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ ^M while (/^.+(#|\$)\s*($cmds_regexp)\s*$/) { $cmd = $2; # - FortiGate prompts end with either '#' or '$'. Further, they may # be prepended with a '~' if the hostname is too long. Therefore, # we need to figure out what our prompt really is. # if (!defined($prompt)) { # if ($_ =~ m/^.+\~\$/) { # $prompt = '\~\$ .*'; # } else { # if ($_ =~ m/^.+\$/) { # $prompt = ' \$ .*'; # } else { # if ($_ =~ m/^.+\~#/) { # $prompt = '\~# .*'; # } else { # if ($_ =~ m/^.+#/) { # $prompt = ' # .*'; # } # } # } # } # } print STDERR ("line:$_\ncmd:$2\n") if ($debug); if (!defined($prompt)) { print STDERR ("PROMPT0 MATCH: $1\n") if ($debug); # $prompt = ($_ =~ /^([^#]+#)/)[0]; $prompt = ($_ =~ /^([^\$]+\$)/)[0]; print STDERR ("PROMPT1 MATCH: $prompt\n") if ($debug); # $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT2 MATCH: $prompt\n") if ($debug); # $prompt =~ s/[\$]//g; print STDERR ("PROMPT3 MATCH: $prompt\n") if ($debug); } Regards, Daniel Chen ----- Original Message ----- From: danielc at vmware.com To: rancid-discuss at shrubbery.net Sent: Saturday, September 17, 2011 8:35:38 AM Subject: Re: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory Nevermind. I used ProcessHistory("","","","","!field:$_"); so all the lines in the .new are practically comments as there is no "configuration" to capture as such. I think that would be it. Trying now. Sorry, Daniel Chen ----- Original Message ----- From: danielc at vmware.com To: rancid-discuss at shrubbery.net Sent: Saturday, September 17, 2011 7:56:04 AM Subject: [rancid] help request after I developed new module 'vnxrancid', but it don't save output properly to configs directory I hacked fnlogin/fnrancid pair to do some EMC VNX commands on their RHAT/Linux shell, but the only a portion of the output is not being checked into the configs directory. I have done the following: NOPIPE=yes;export NOPIPE vnxrancid -d vnx01 I get the two files: vnx01.raw and vnx01.new But if I do just: rancid-run -r vnx01 testing The .../var/testing/configs/vnx01 file only has saved some lines like: !RANCID-CONTENT-TYPE: vnxrancid The contents of the vnx01.new file looks perfect (in my opinion) I noticed that the end of the vnx01.raw file still have lots of control characters, is this interfering with the rancid-run ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ ^M ^[]0;nasadmin at r2778-vnx01cs0:~^G[nasadmin at r2778-vnx01cs0 ~]$ exit^M logout^M ^[[H^[[2JConnection to vnx01 closed.^M^M whereas an UCS, N7K, Vyatta device the .raw file is much cleaner. exit^M r2845-n6k-B#exit^M Connection to r2845-n6k02 closed.^M^M commit^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ ^M ^[]0;rancidnms at hub-las01-fw01b: ~^G^[[01;32mrancidnms at hub-las01-fw01b^[[00m:^[[01;34m~^[[00m$ exit^M logout^M Connection to hub-las01-fw01b closed.^M^M ^M Thanks, Daniel Chen _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Drikus.Brits at vodacom.co.za Mon Sep 19 17:27:05 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Mon, 19 Sep 2011 17:27:05 +0000 Subject: [rancid] fnrancid -- to ignore Fortigate certificate Message-ID: <6581768FDA03C94BB585650903B4F1EB055D7425@ZAMDC02101.vodacom.corp> HI all, Any idea how I can get fnrancid to ignore the whole certificate section from the full configuration it pulls. Every hour I get stuck with the certificate being removed , and re-added due to changed characters. I was hoping to use something similar to below, but not sure how to get it to ignore only a certain section. next if (/^conf_file_ver=/); any ideas ? Thanks Drikus. This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " -------------- next part -------------- An HTML attachment was scrubbed... URL: From Drikus.Brits at vodacom.co.za Mon Sep 19 17:30:37 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Mon, 19 Sep 2011 17:30:37 +0000 Subject: [rancid] fnrancid -- to ignore Fortigate certificate In-Reply-To: <6581768FDA03C94BB585650903B4F1EB055D7425@ZAMDC02101.vodacom.corp> References: <6581768FDA03C94BB585650903B4F1EB055D7425@ZAMDC02101.vodacom.corp> Message-ID: <6581768FDA03C94BB585650903B4F1EB055D7438@ZAMDC02101.vodacom.corp> Ignore for now - might have found a solution on the archive. d. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Drikus Brits Sent: Monday, September 19, 2011 7:27 PM To: rancid-discuss at shrubbery.net Subject: [rancid] fnrancid -- to ignore Fortigate certificate HI all, Any idea how I can get fnrancid to ignore the whole certificate section from the full configuration it pulls. Every hour I get stuck with the certificate being removed , and re-added due to changed characters. I was hoping to use something similar to below, but not sure how to get it to ignore only a certain section. next if (/^conf_file_ver=/); any ideas ? Thanks Drikus. This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. "This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/vodacom/terms+and+conditions " "This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/vodacom/terms+and+conditions " ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Sep 19 20:04:16 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 19 Sep 2011 20:04:16 +0000 Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <1563634703.23046.1316183619459.JavaMail.root@zim.upmf-grenoble.fr> References: <20110909150901.GA19421@shrubbery.net> <1563634703.23046.1316183619459.JavaMail.root@zim.upmf-grenoble.fr> Message-ID: <20110919200415.GU27653@shrubbery.net> Fri, Sep 16, 2011 at 04:33:39PM +0200, Vincent LOUPIEN: > Hello John, > > ----- Mail original ----- > > Fri, Sep 09, 2011 at 05:03:06PM +0200, Vincent LOUPIEN: > > > Hi all, > > > > > > We replaced the old good HP Procurve 2650 by more resent HP Procurve > > > 2910 and since, rancid refuse to backup theirs configurations, while > > > this was going very well with 2650. All the parameters seem correct > > > (telnet / ssh, password ...) and are becoming the same as for 2650. > > > > > > Debugging using clogin works very well but with the use of > > > rancid-run in crond, it creates problems without messages/errors. > > > > hlogin is for hp switches with the hp o/s, which i think began as > > procurve. test with that. else, look for errors in the group's log > > file. > When i execute hlogin (telnet connexion without user) , this is what i get (but no trace in the log in "/var/log/rancid/") : > linux:/var/lib/rancid/bin# ./hlogin -c "show version" hp2910 > hp2910 > spawn hpuifilter -- telnet hp2910 > > Error: telnet failed: couldn't execute "hpuifilter": no such file or directory hlogin inherits the PATH of whomever executes it. add the location of hpuifilter to your PATH and try again. > "expect -nobrace -re { [55;1H([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[ ^^^^^^ implies to me that hlogin will work. From heas at shrubbery.net Mon Sep 19 20:07:50 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 19 Sep 2011 20:07:50 +0000 Subject: [rancid] Malfunction between rancid and HP 2910. In-Reply-To: <4E7391F9.70108@chalmers.se> References: <1563634703.23046.1316183619459.JavaMail.root@zim.upmf-grenoble.fr> <4E7391F9.70108@chalmers.se> Message-ID: <20110919200750.GV27653@shrubbery.net> Fri, Sep 16, 2011 at 08:14:17PM +0200, Per-Olof Olsson: > 1. Looks like you run rancid command as root. Don't! You will end up > with files not owned by your ranciduser and get more trouble. yes, dont run rancid-run as any user but the ranciduser or whomever owns the rancid repository (/var/rancid). you can run clogin, rancid, hrancid, etc as any user, but not in the respository. > 2. If you are running as rancid-user I thing you get correct path > settings to find hpuifiler. hpuifiler and hlogin is proper installed > in your "rancid/bin"-dir if it's work for 2650's. not necessarily; rancid.conf adjusts the PATH based on the configure results. > 3. clogin don't use hpuifiler so it will not work to with Procurve switches. right; flogin will work with some procurves, those which are foundry OEMs From Amanda.Lalli-Cafini at navitas.com Tue Sep 20 02:43:07 2011 From: Amanda.Lalli-Cafini at navitas.com (Amanda Lalli-Cafini) Date: Tue, 20 Sep 2011 10:43:07 +0800 Subject: [rancid] getting Rancid to run automatically after a user changes the configuraiton Message-ID: <76AC765B97A56140BF2D1CCA27D8EA721F43C2F47B@exchange-01.navitas.local> Good Day All, We have rancid running on a server that is also running TACACS+ We have rancid running every 4 hours using crontab. I have been asked to get it running in response to a user making a change to the configuration. I found some help in the FAQ about this, but I am not exactally sure where to get started. I suppose the first thing I need to do is to see if I have syslog on the TACACS server. I was wondering if anyone could expand on the FAQ a bit and give me a little more idea of how to get this going please? thanks in advance for any assistance regards Amanda Q. I'd like to have RANCID automatically begin collection when someone finishes configuring a router. How can I do this? A. Using a syslog watcher script, one can trigger RANCID from the syslog line emitted by, for example, an IOS router after configuration mode is ended. Here's a simple example using the Simple Event Correlator: (http://simple-evcorr.sourceforge.net/) If the syslog line in your logs looks like this (wrapped for readability): Apr 5 09:56:52 acc1.geo269.example.com 72: 000069: *Mar 6 21:40:13.466 \ AEDT: %SYS-5-CONFIG_I: Configured from console by gwbush on vty0 (10.1.1.1) You would use a SEC configuration stanza like this: # example rancid trigger # type=SingleWithSuppress ptype=RegExp pattern=\s\S+:\S+\S+\s(\S+)\.example\.com.*SYS-5-CONFIG_I action=shellcmd /opt/rancid/bin/do-diffs -r $1 window=1800 This will execute the command '/opt/rancid/bin/do-diffs -r acc1.geo269' when it is fed a line like that syslog line. The command will be run at most once every 1800 seconds. If you do not get hostnames in your log lines that match your router.db entries, either fix your reverse DNS or remove the '-r $1' part. -------------- next part -------------- An HTML attachment was scrubbed... URL: From imd at acens.com Tue Sep 20 06:44:18 2011 From: imd at acens.com (=?iso-8859-1?Q?I=F1aki_Mart=EDnez_D=EDez?=) Date: Tue, 20 Sep 2011 08:44:18 +0200 Subject: [rancid] getting Rancid to run automatically after a user changes the configuraiton In-Reply-To: <76AC765B97A56140BF2D1CCA27D8EA721F43C2F47B@exchange-01.navitas.local> Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: acens_mail_g.gif Type: image/gif Size: 5621 bytes Desc: acens_mail_g.gif URL: From istong at costar.com Tue Sep 20 14:10:06 2011 From: istong at costar.com (Ian Stong) Date: Tue, 20 Sep 2011 10:10:06 -0400 Subject: [rancid] comparing device running config against startup config Message-ID: We are using rancid to grab the running config and look for differences over the previous running config. That works great and as advertised. I was wondering what others are doing to catch the occasional issue where someone makes a change to the running config but for whatever reason it doesn't get saved and the device crashes - hence loosing that part of the config. What suggestions do you have for ensuring the running config matches the startup config? Thanks, Ian From heas at shrubbery.net Tue Sep 20 14:30:06 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 20 Sep 2011 14:30:06 +0000 Subject: [rancid] comparing device running config against startup config In-Reply-To: References: Message-ID: <20110920143005.GB12395@shrubbery.net> Tue, Sep 20, 2011 at 10:10:06AM -0400, Ian Stong: > We are using rancid to grab the running config and look for differences > over the previous running config. That works great and as advertised. I > was wondering what others are doing to catch the occasional issue where > someone makes a change to the running config but for whatever reason it > doesn't get saved and the device crashes - hence loosing that part of > the config. > > What suggestions do you have for ensuring the running config matches the > startup config? you could use a cron job to write it periodically - clogin -c 'wr mem' foo From heas at shrubbery.net Tue Sep 20 14:41:34 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 20 Sep 2011 14:41:34 +0000 Subject: [rancid] comparing device running config against startup config In-Reply-To: References: <20110920143005.GB12395@shrubbery.net> Message-ID: <20110920144133.GC12395@shrubbery.net> Tue, Sep 20, 2011 at 10:28:47AM -0400, Ian Stong: > Quite true. Sometimes we want temporary changes to be in the running > config but not the startup config in case we need to back it out so > would rather have a way where rancid checks the running versus startup > and alerts for any changes (versus sending a periodic wr mem). IMO, get out of that habit. Junos and XR essentially don't allow that. the only case where its useful is to make a change that will be wiped on reboot. else, modify a copy of rancid to run show startup as a different device type and use a second group to collect that version. and some separate script to diff the two groups. From istong at costar.com Tue Sep 20 14:28:47 2011 From: istong at costar.com (Ian Stong) Date: Tue, 20 Sep 2011 10:28:47 -0400 Subject: [rancid] comparing device running config against startup config In-Reply-To: <20110920143005.GB12395@shrubbery.net> References: <20110920143005.GB12395@shrubbery.net> Message-ID: Quite true. Sometimes we want temporary changes to be in the running config but not the startup config in case we need to back it out so would rather have a way where rancid checks the running versus startup and alerts for any changes (versus sending a periodic wr mem). Thanks, Ian -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, September 20, 2011 10:30 AM To: Ian Stong Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] comparing device running config against startup config Tue, Sep 20, 2011 at 10:10:06AM -0400, Ian Stong: > We are using rancid to grab the running config and look for > differences over the previous running config. That works great and as > advertised. I was wondering what others are doing to catch the > occasional issue where someone makes a change to the running config > but for whatever reason it doesn't get saved and the device crashes - > hence loosing that part of the config. > > What suggestions do you have for ensuring the running config matches > the startup config? you could use a cron job to write it periodically - clogin -c 'wr mem' foo From heas at shrubbery.net Tue Sep 20 16:25:23 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 20 Sep 2011 16:25:23 +0000 Subject: [rancid] duplicated characters In-Reply-To: <4E721F41.8020908@zmonkey.org> References: <4E5FEA9E.5060707@zmonkey.org> <20110903200819.GR143@shrubbery.net> <4E721F41.8020908@zmonkey.org> Message-ID: <20110920162523.GB673@shrubbery.net> Thu, Sep 15, 2011 at 09:52:33AM -0600, Corey Edwards: > > either way, if you can capture clogin -d -c 'show running' o/p where this > > occurs, it should at least reveal where the bug is. > > I captured this output, but unfortunately it was rife with passwords. I > trimmed it down to what I hope is still a useful summary. In this > example the duplicated character showed up in the word "permitt". > > http://pastebin.com/epUCPr2p -expect: does "access-list 1 permit x.x.x.101\r\naccess-li" (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no +expect: does "access-list 1 permitt x.x.x.101\r\naccess-l" (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no its occuring inside tcl or expect. i suspect its the same problem that i had with hpuifilter when some linux users started upgrading. I dont know what the cause is, but i'd look for old versions of libc and internationization libraries that tcl or expect are linked with. > > you can also try rebuilding tcl and expect w/o internationalization. > > I could not find any way to do this. hrm, there doesnt appear to be an easy way to disable it in expect. From peo at chalmers.se Tue Sep 20 18:32:06 2011 From: peo at chalmers.se (Per-Olof Olsson) Date: Tue, 20 Sep 2011 20:32:06 +0200 Subject: [rancid] comparing device running config against startup config In-Reply-To: References: Message-ID: <4E78DC26.7080405@chalmers.se> Ian Stong skrev 2011-09-20 16:10: > We are using rancid to grab the running config and look for differences > over the previous running config. That works great and as advertised. I > was wondering what others are doing to catch the occasional issue where > someone makes a change to the running config but for whatever reason it > doesn't get saved and the device crashes - hence loosing that part of > the config. > > What suggestions do you have for ensuring the running config matches the > startup config? > Thinks there begin to be useful info for some platforms. HP procurve have on later switches "show running-config status" Not fully working on 2650! After reboot it always differ. HP support have fixed this for 2610's after I bug report it. Cisco IOS. Compare time stamp from "show running-config" Some of the first lines. Nexus. Look at output from "show running-config diff". Can't test latest version if it still generate diffs for some lines. > > Thanks, > > Ian > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From peo at chalmers.se Wed Sep 21 06:15:38 2011 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 21 Sep 2011 08:15:38 +0200 Subject: [rancid] comparing device running config against startup config In-Reply-To: <4E78DC26.7080405@chalmers.se> References: <4E78DC26.7080405@chalmers.se> Message-ID: <4E79810A.3000401@chalmers.se> Correct command for HP procurv is "show config status". Have only done some test on HP but we have to many 2650's then. No there less 2650's so I have to consider if we start using it. stats/38-> diff -c /usr/local/rancid/bin/hrancid hrancid *** /usr/local/rancid/bin/hrancid Wed Jan 26 11:30:26 2011 --- hrancid Wed Sep 21 08:03:21 2011 *************** *** 320,325 **** --- 320,344 ---- return(0); } + # This routine parses "show config status" + sub ShowConfigStatus { + print STDERR " In ShowConfigStatus: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(-1) if (/command authorization failed/i); + return(1) if /^(Invalid|Ambiguous) input:/i; + next if (/^Running configuration is same as the startup configuration.\s*$/); + + $now = localtime; + ProcessHistory("COMMENTS","keysort","H0",";$now $_"); + + } + return(0); + } + # This routine processes a "write term" sub WriteTerm { *************** *** 515,520 **** --- 534,540 ---- {'show stack' => 'ShowStack'}, {'show tech transceivers' => 'ShowTransceivers'}, {'show config files' => 'ShowConfigFiles'}, + {'show config status' => 'ShowConfigStatus'}, {'write term' => 'WriteTerm'} ); # Use an array to preserve the order of the commands and a hash for mapping ---end of diff----------------------- If you don't like "spaming mode" just comment "$now = localtime;" line. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- Per-Olof Olsson wrote: > Ian Stong skrev 2011-09-20 16:10: >> We are using rancid to grab the running config and look for differences >> over the previous running config. That works great and as advertised. I >> was wondering what others are doing to catch the occasional issue where >> someone makes a change to the running config but for whatever reason it >> doesn't get saved and the device crashes - hence loosing that part of >> the config. >> >> What suggestions do you have for ensuring the running config matches the >> startup config? >> > Thinks there begin to be useful info for some platforms. > > HP procurve have on later switches "show running-config status" > Not fully working on 2650! After reboot it always differ. > HP support have fixed this for 2610's after I bug report it. > > > Cisco IOS. Compare time stamp from "show running-config" > Some of the first lines. > > > Nexus. Look at output from "show running-config diff". > Can't test latest version if it still generate diffs for some lines. > > >> Thanks, >> >> Ian >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8680 > ---------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From tyler at tolaris.com Wed Sep 21 14:55:38 2011 From: tyler at tolaris.com (Tyler J. Wagner) Date: Wed, 21 Sep 2011 15:55:38 +0100 Subject: [rancid] Changes in "show inventory raw" every night on Cisco 6509 chassis Message-ID: <4E79FAEA.1050903@tolaris.com> Everyone, I have a problem with rancid and one of my Cisco 6509 9-slot switch chassis. I have two of them, nearly identical. One of them behaves normally with rancid. On the other, the output of "show inventory raw" changes every night. It is usually missing, some lines one night, then has them back the next. So I get emails every night with: Index: configs/switch01 =================================================================== retrieving revision 1.71 diff -u -4 -r1.71 switch01 @@ -288,8 +288,95 @@ !NAME: "Gi1/35", DESCR: "10/100/1000BaseT Gi1/35" !PID: 0x !VID: 0x !SN: 0x + !NAME: "Gi1/36", DESCR: "10/100/1000BaseT Gi1/36" + !PID: 0x + !VID: 0x + !SN: 0x + !NAME: "Gi1/37", DESCR: "10/100/1000BaseT Gi1/37" + !PID: 0x + !VID: 0x + !SN: 0x + !NAME: "Gi1/38", DESCR: "10/100/1000BaseT Gi1/38" .... + !NAME: "module 5 device-1 temperature Sensor", DESCR: "module 5 device-1 temperature Sensor" + !NAME: "module 5 device-2 temperature Sensor", DESCR: "module 5 device-2 temperature Sensor" + !NAME: "module 5 asic-1 temperature Sensor", DESCR: "module 5 asic-1 temperature Sensor" + !NAME: "module 5 asic-2 temperature Sensor", DESCR: "module 5 asic-2 temperature Sensor" The next night, the same email will have the above output with the lines missing (prefixed by - signs). The problem does not seem to happen when I run this command on console. The output is consistent. Does anyone have any ideas what is triggering, or how to solve this? Regards, Tyler -- "... jingoism, racism, fear, religious fundamentalism: these are the ways of appealing to people if you?re trying to organize a mass base of support for policies that are really intended to crush them." -- Noam Chomsky, in "Understanding Power" From heas at shrubbery.net Wed Sep 21 17:50:59 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 21 Sep 2011 17:50:59 +0000 Subject: [rancid] Changes in "show inventory raw" every night on Cisco 6509 chassis In-Reply-To: <4E79FAEA.1050903@tolaris.com> References: <4E79FAEA.1050903@tolaris.com> Message-ID: <20110921175059.GF8731@shrubbery.net> Wed, Sep 21, 2011 at 03:55:38PM +0100, Tyler J. Wagner: > Everyone, > > I have a problem with rancid and one of my Cisco 6509 9-slot switch > chassis. I have two of them, nearly identical. One of them behaves normally > with rancid. On the other, the output of "show inventory raw" changes every > night. It is usually missing, some lines one night, then has them back the > next. So I get emails every night with: > > Index: configs/switch01 > =================================================================== > retrieving revision 1.71 > diff -u -4 -r1.71 switch01 > @@ -288,8 +288,95 @@ > !NAME: "Gi1/35", DESCR: "10/100/1000BaseT Gi1/35" > !PID: 0x > !VID: 0x > !SN: 0x > + !NAME: "Gi1/36", DESCR: "10/100/1000BaseT Gi1/36" > + !PID: 0x > + !VID: 0x > + !SN: 0x > + !NAME: "Gi1/37", DESCR: "10/100/1000BaseT Gi1/37" > + !PID: 0x > + !VID: 0x > + !SN: 0x > + !NAME: "Gi1/38", DESCR: "10/100/1000BaseT Gi1/38" > .... > + !NAME: "module 5 device-1 temperature Sensor", DESCR: "module 5 device-1 > temperature Sensor" > + !NAME: "module 5 device-2 temperature Sensor", DESCR: "module 5 device-2 > temperature Sensor" > + !NAME: "module 5 asic-1 temperature Sensor", DESCR: "module 5 asic-1 > temperature Sensor" > + !NAME: "module 5 asic-2 temperature Sensor", DESCR: "module 5 asic-2 > temperature Sensor" > > > The next night, the same email will have the above output with the lines > missing (prefixed by - signs). > > The problem does not seem to happen when I run this command on console. The > output is consistent. most likely a cvs problem; look for cvs errors in the log file for the group. otherwise, the device might not be displaying those lines reliably, though you see no problem in your manual test. From Todd at equivoice.com Thu Sep 22 13:48:06 2011 From: Todd at equivoice.com (Todd Heide) Date: Thu, 22 Sep 2011 13:48:06 +0000 Subject: [rancid] Change management Message-ID: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> Hi List, is there a way to see who made changes through Rancid? We use Cisco ACS for AAA. From daniel.schmidt at wyo.gov Thu Sep 22 14:34:42 2011 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 22 Sep 2011 08:34:42 -0600 Subject: [rancid] Change management In-Reply-To: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> References: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> Message-ID: <692e1db951d3a9de66e2b7cf7d9044d3@mail.gmail.com> You'd need to search the accounting logs to find the exact user and time of change. I wrote a quick/dirty CGI to parse the accounting logs of tac_plus which works well for this purpose, but I don't know about Cisco ACS. (I find Cisco ACS cumbersome and difficult to use) Can clean up & post it as example, if anybody exhibits interest. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, September 22, 2011 7:48 AM To: 'rancid-discuss at shrubbery.net' Subject: [rancid] Change management Hi List, is there a way to see who made changes through Rancid? We use Cisco ACS for AAA. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From donovan.fourie at sai.co.za Thu Sep 22 14:49:14 2011 From: donovan.fourie at sai.co.za (Donovan Fourie) Date: Thu, 22 Sep 2011 16:49:14 +0200 Subject: [rancid] Change management In-Reply-To: <692e1db951d3a9de66e2b7cf7d9044d3@mail.gmail.com> Message-ID: Hi I know this might be counter productive but running syslogng on the same box and using that to collect all the logs from your routers makes it very easy to take a quick look at who did what when Rancid shows some unexplained changes. Regards, Donovan Fourie -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Daniel Schmidt Sent: 22 September 2011 04:35 PM To: Todd Heide; rancid-discuss at shrubbery.net Subject: Re: [rancid] Change management You'd need to search the accounting logs to find the exact user and time of change. I wrote a quick/dirty CGI to parse the accounting logs of tac_plus which works well for this purpose, but I don't know about Cisco ACS. (I find Cisco ACS cumbersome and difficult to use) Can clean up & post it as example, if anybody exhibits interest. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, September 22, 2011 7:48 AM To: 'rancid-discuss at shrubbery.net' Subject: [rancid] Change management Hi List, is there a way to see who made changes through Rancid? We use Cisco ACS for AAA. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From lists at quux.de Fri Sep 23 09:23:44 2011 From: lists at quux.de (Jens Link) Date: Fri, 23 Sep 2011 11:23:44 +0200 Subject: [rancid] Change management In-Reply-To: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> (Todd Heide's message of "Thu, 22 Sep 2011 13:48:06 +0000") References: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> Message-ID: <871uv77gtb.fsf@pc8.berlin.quux.de> Todd Heide writes: > Hi List, is there a way to see who made changes through Rancid? We use > Cisco ACS for AAA. Depends. ;-) At least some IOS version write who made a change to the configuration (When using AAA) If you log to a syslog server you can use something like SEC ( http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger RANCID to "download" the configuration when a change is logged. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From Todd at equivoice.com Fri Sep 23 12:57:27 2011 From: Todd at equivoice.com (Todd Heide) Date: Fri, 23 Sep 2011 12:57:27 +0000 Subject: [rancid] Change management In-Reply-To: <871uv77gtb.fsf@pc8.berlin.quux.de> References: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> <871uv77gtb.fsf@pc8.berlin.quux.de> Message-ID: <131740271C68B54686DEAABB8D20EB2A244A97@equi-exch.equivoice.local> Thanks, I'll check it out to see if it will work. We need a change management system for a certain "Level" IYKWIM. Since we have Rancid that has worked flawlessly for years, if I can incorporate a method for change management I get to keep it. Thanks Todd Heide Equivoice Inc. ?? CCSP CCNA CCDA 847-235-3308 ? Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: Jens Link [mailto:lists at quux.de] Sent: Friday, September 23, 2011 4:24 AM To: Todd Heide Cc: 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] Change management Todd Heide writes: > Hi List, is there a way to see who made changes through Rancid? We > use Cisco ACS for AAA. Depends. ;-) At least some IOS version write who made a change to the configuration (When using AAA) If you log to a syslog server you can use something like SEC ( http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger RANCID to "download" the configuration when a change is logged. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | | ------------------------------------------------------------------------- From cgauthier at mapscu.com Fri Sep 23 16:30:22 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 23 Sep 2011 09:30:22 -0700 Subject: [rancid] Change management In-Reply-To: <131740271C68B54686DEAABB8D20EB2A244A97@equi-exch.equivoice.local> References: <131740271C68B54686DEAABB8D20EB2A243171@equi-exch.equivoice.local> <871uv77gtb.fsf@pc8.berlin.quux.de> <131740271C68B54686DEAABB8D20EB2A244A97@equi-exch.equivoice.local> Message-ID: Be careful with that methodology, though. I use the "archive" function in more recent IOS versions and specify the archive as a TFTP location. This does not work on all device types, but for sure on some. Every time I "wr mem", it uploads a copy of the config to my TFTP server. This is in addition to RANCID. When using the "archive" functionality, you can tell the system to log commands into syslog. But, let's say you create the following: access-list 101 permit 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255 access-list 101 permit 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255 This will cause multiple syslog entries and multiple instances of rancid will be run nearly simultaneously. I foresee problems when triggering off of "User joerootuser executed the command blah blah" in situations like the one above, especially if you ever use cut & paste. Also, when the router first loads, it processes the config file and issues those syslog entries in masse. Chris > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Todd Heide > Sent: Friday, September 23, 2011 5:57 AM > To: 'Jens Link' > Cc: 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] Change management > > Thanks, I'll check it out to see if it will work. We need a change management > system for a certain "Level" IYKWIM. Since we have Rancid that has worked > flawlessly for years, if I can incorporate a method for change management I get > to keep it. > > Thanks > Todd Heide > Equivoice Inc. > > CCSP CCNA CCDA > 847-235-3308 > > Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, > Like a drop in the ocean > > > -----Original Message----- > From: Jens Link [mailto:lists at quux.de] > Sent: Friday, September 23, 2011 4:24 AM > To: Todd Heide > Cc: 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] Change management > > Todd Heide writes: > > > Hi List, is there a way to see who made changes through Rancid? We > > use Cisco ACS for AAA. > > Depends. ;-) At least some IOS version write who made a change to the > configuration (When using AAA) > > If you log to a syslog server you can use something like SEC ( > http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger > RANCID to "download" the configuration when a change is logged. > > Jens > -- > ------------------------------------------------------------------------- > | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | > | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- > | | > ------------------------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From Amanda.Lalli-Cafini at navitas.com Tue Sep 13 05:42:50 2011 From: Amanda.Lalli-Cafini at navitas.com (Amanda Lalli-Cafini) Date: Tue, 13 Sep 2011 13:42:50 +0800 Subject: [rancid] info on getting rancid to run following configuration changes Message-ID: <76AC765B97A56140BF2D1CCA27D8EA721F43C2F473@exchange-01.navitas.local> Good Day All, I was wondering if anyone had any success making RANCID run in response to configuration changes on a single device. I was thinking that we might not want to run RANCID for the whole list of routers and switches following config changes so can anyone show a way that the IP address that had the config change can make rancid run for that single device only? thanks very much for any help regards amanda -------------- next part -------------- An HTML attachment was scrubbed... URL: From s.rigby at uber.com.au Fri Sep 23 06:21:21 2011 From: s.rigby at uber.com.au (Shannon Rigby) Date: Fri, 23 Sep 2011 16:21:21 +1000 Subject: [rancid] Ironport backup Message-ID: Has anyone written a login script for Cisco ironports? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at buraglio.com Fri Sep 23 19:25:49 2011 From: nick at buraglio.com (Nick Buraglio) Date: Fri, 23 Sep 2011 14:25:49 -0500 Subject: [rancid] info on getting rancid to run following configuration changes In-Reply-To: <76AC765B97A56140BF2D1CCA27D8EA721F43C2F473@exchange-01.navitas.local> References: <76AC765B97A56140BF2D1CCA27D8EA721F43C2F473@exchange-01.navitas.local> Message-ID: We have this working based on events in syslog using SEC. It's pretty trivial to do if you have your stuff logging centrally and have access to SEC http://simple-evcorr.sourceforge.net/ nb 2011/9/13 Amanda Lalli-Cafini : > Good Day All, > > I was wondering if anyone had any success making RANCID run in response to > configuration changes on a single device. > > I was thinking that we might not want to run RANCID for the whole list of > routers and switches following config changes so can anyone show a way that > the IP address that had the config change can make rancid run for that > single device only? > > > thanks very much for any help > > regards > > amanda > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From tensai at zmonkey.org Mon Sep 26 15:48:51 2011 From: tensai at zmonkey.org (Corey Edwards) Date: Mon, 26 Sep 2011 09:48:51 -0600 Subject: [rancid] duplicated characters (SOLVED) In-Reply-To: <20110920162523.GB673@shrubbery.net> References: <4E5FEA9E.5060707@zmonkey.org> <20110903200819.GR143@shrubbery.net> <4E721F41.8020908@zmonkey.org> <20110920162523.GB673@shrubbery.net> Message-ID: <4E809EE3.4020304@zmonkey.org> On 09/20/2011 10:25 AM, john heasley wrote: > Thu, Sep 15, 2011 at 09:52:33AM -0600, Corey Edwards: >>> either way, if you can capture clogin -d -c 'show running' o/p where this >>> occurs, it should at least reveal where the bug is. >> >> I captured this output, but unfortunately it was rife with passwords. I >> trimmed it down to what I hope is still a useful summary. In this >> example the duplicated character showed up in the word "permitt". >> >> http://pastebin.com/epUCPr2p > > -expect: does "access-list 1 permit x.x.x.101\r\naccess-li" (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no > +expect: does "access-list 1 permitt x.x.x.101\r\naccess-l" (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no > > its occuring inside tcl or expect. i suspect its the same problem that i > had with hpuifilter when some linux users started upgrading. I dont know > what the cause is, but i'd look for old versions of libc and internationization > libraries that tcl or expect are linked with. I ran clogin through strace and looked at all the files that were touched. A comparison between the working server and the upgraded server revealed some kerberos packages (libkrb5-dev, krb5-config, krb5-clients). After removing those, everything is working perfectly. I guess a kerberized version of telnet must have been triggering this bug. Corey From heas at shrubbery.net Mon Sep 26 15:58:05 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 26 Sep 2011 15:58:05 +0000 Subject: [rancid] duplicated characters (SOLVED) In-Reply-To: <4E809EE3.4020304@zmonkey.org> References: <4E5FEA9E.5060707@zmonkey.org> <20110903200819.GR143@shrubbery.net> <4E721F41.8020908@zmonkey.org> <20110920162523.GB673@shrubbery.net> <4E809EE3.4020304@zmonkey.org> Message-ID: <20110926155805.GA21871@shrubbery.net> Mon, Sep 26, 2011 at 09:48:51AM -0600, Corey Edwards: > > -expect: does "access-list 1 permit x.x.x.101\r\naccess-li" (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no > > +expect: does "access-list 1 permitt x.x.x.101\r\naccess-l" (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no > > > > its occuring inside tcl or expect. i suspect its the same problem that i > > had with hpuifilter when some linux users started upgrading. I dont know > > what the cause is, but i'd look for old versions of libc and internationization > > libraries that tcl or expect are linked with. > > I ran clogin through strace and looked at all the files that were > touched. A comparison between the working server and the upgraded server > revealed some kerberos packages (libkrb5-dev, krb5-config, > krb5-clients). After removing those, everything is working perfectly. I > guess a kerberized version of telnet must have been triggering this bug. ah, there is a telnet that is installed with the heimdal package on bsd that weird stuff too; unsolicited, it prints to the controlling tty in rather random way, which confuses the login process if the timing is right. From dpacheco at unap.cl Tue Sep 27 13:30:13 2011 From: dpacheco at unap.cl (Dago Pacheco) Date: Tue, 27 Sep 2011 10:30:13 -0300 Subject: [rancid] unable to read man pages Message-ID: <4E81CFE5.605@unap.cl> Hi everybody ... I've been having problem to read man pages. I need to read man pages for 'rancid-cvs' command, but i can't, this is the output: [rancid at pintados ~]$ man -M /usr/local/rancid/man rancid-cvs No hay ninguna p?gina sobre rancid-cvs [rancid at pintados ~]$ Output translation should be "Ther is no man page about rancid-cvs". As you can see next, man dir exist. [rancid at pintados man]$ ll total 280 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 agmrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 alogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 arancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 arrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 avologin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 avorancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 blogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 brancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 cat5rancid.1 -rwxr-xr-- 1 rancid netadm 7001 sep 26 18:51 clogin.1 -rwxr-xr-- 1 rancid netadm 9405 sep 26 18:51 cloginrc.5 -rwxr-xr-- 1 rancid netadm 1345 sep 26 18:51 control_rancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 cssrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 elogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 erancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 f10rancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 f5rancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 flogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 fnrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 francid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 hlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 hrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 htlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 htrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 jerancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 jlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 jrancid.1 -rwxr-xr-- 1 rancid netadm 4888 sep 26 18:51 lg.conf.5.in -rwxr-xr-- 1 rancid netadm 2171 sep 26 18:51 lg_intro.1.in -rwxr-xr-- 1 rancid netadm 4521 sep 26 18:51 Makefile.am -rwxr-xr-- 1 rancid netadm 16599 sep 26 18:51 Makefile.in -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 mrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 mrvlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 mrvrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 nlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 nrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 nslogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 nsrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 nxrancid.1 -rwxr-xr-- 1 rancid netadm 2224 sep 26 18:51 par.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 prancid.1 -rwxr-xr-- 1 rancid netadm 2945 sep 26 18:51 rancid.1 -rwxr-xr-- 1 rancid netadm 7332 sep 26 18:51 rancid.conf.5.in -rwxr-xr-- 1 rancid netadm 1415 sep 26 18:51 rancid-cvs.1 -rwxr-xr-- 1 rancid netadm 4142 sep 26 18:51 rancid_intro.1 -rwxr-xr-- 1 rancid netadm 3211 sep 26 18:51 rancid-run.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 rivlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 rivrancid.1 -rwxr-xr-- 1 rancid netadm 4419 sep 26 18:51 router.db.5 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 rrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 srancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 tlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 tntlogin.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 tntrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 trancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 xrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 xrrancid.1 -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 zrancid.1 For rancid installation I followed this guide (http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid) and when I finished there where no man dir in rancid home folder (/usr/local/rancid) so i copied it from the rancid installation tar file. Hope you can help me couse I want to read documentation about rancid-cvs command. Thanks -- Dago Pacheco Bravo Administrador de Infraestructura y Servicios Unidad de Inform?tica y Comunicaciones Anexo: 2388 - Fono: (57) 394388 - Cel: 88059332 Universidad Arturo Prat - Sede Iquique -------------- next part -------------- An HTML attachment was scrubbed... URL: From Drikus.Brits at vodacom.co.za Tue Sep 27 14:49:24 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Tue, 27 Sep 2011 14:49:24 +0000 Subject: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config Message-ID: <6581768FDA03C94BB585650903B4F1EB055E1B4B@ZAMDC02101.vodacom.corp> Hi All, I recently added about 5 - 10 devices, and also added a statement into the "rancid" file to filter a specific line out of the config. Since then Rancid , or more CVS I believe seems to be stuck on comparing configs from a week ago to the latest hourly config. I have removed the line of config to exclude the specific line of config , and the results stays the same... I tried to have a look at the rancid repository, any help will be appreciated. Example : 1 Hour before ! - !Mon Sep 26 13:01:31.823 GMT + !Tue Sep 27 16:01:29.993 GMT !NAME: "0/0/CPU0", DESCR: "Cisco 12000 Series Performance Route Processor 2" !PID: PRP-2 !VID: V09 !SN: @@ -565,12 +569,12 @@ !NAME: "temperatures 0/3/CPU0", DESCR: "host__HotTemp" !VID: N/A ! ! - !DEBUG: Mon Sep 26 13:01:34.741 GMT + !DEBUG: Tue Sep 27 16:01:32.877 GMT ! config-register 0x2102 - Mon Sep 26 13:01:35.159 GMT + Tue Sep 27 16:01:33.299 GMT && 2 Hours before. ! - !Mon Sep 26 13:01:31.823 GMT + !Tue Sep 27 15:01:27.673 GMT !NAME: "0/0/CPU0", DESCR: "Cisco 12000 Series Performance Route Processor 2" !PID: PRP-2 !VID: V09 !SN: @@ -565,12 +569,12 @@ !NAME: "temperatures 0/3/CPU0", DESCR: "host__HotTemp" !VID: N/A ! ! - !DEBUG: Mon Sep 26 13:01:34.741 GMT + !DEBUG: Tue Sep 27 15:01:30.528 GMT ! config-register 0x2102 - Mon Sep 26 13:01:35.159 GMT + Tue Sep 27 15:01:30.965 GMT Drikus This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " -------------- next part -------------- An HTML attachment was scrubbed... URL: From brez at brezworks.com Tue Sep 27 15:47:47 2011 From: brez at brezworks.com (Jeremy Bresley) Date: Tue, 27 Sep 2011 10:47:47 -0500 Subject: [rancid] unable to read man pages In-Reply-To: <4E81CFE5.605@unap.cl> References: <4E81CFE5.605@unap.cl> Message-ID: <4E81F023.2020002@brezworks.com> On 9/27/2011 8:30 AM, Dago Pacheco wrote: > Hi everybody ... I've been having problem to read man pages. I need > to read man pages for 'rancid-cvs' command, but i can't, this is the > output: > > [rancid at pintados ~]$ man -M /usr/local/rancid/man rancid-cvs > No hay ninguna p?gina sobre rancid-cvs > [rancid at pintados ~]$ > > Output translation should be "Ther is no man page about rancid-cvs". > As you can see next, man dir exist. > > [rancid at pintados man]$ ll > total 280 > -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 agmrancid.1 > -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 alogin.1 > -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 arancid.1 > Check your MANPATH variable in your shell. Or for system-wide settings, look at /etc/manpath.config (Debian, other distros should have something similar). If the RANCID man pages are installed in /usr/local/rancid/man/man*, adding /usr/local/rancid/man to your MANPATH will fix this. By default man in Debian looks for man pages in: /usr/man /usr/share/man /usr/local/man /usr/local/share/man /usr/X11R6/man /opt/man (Edit your .profile/.bash_profile to set MANPATH or edit the system files to fix it for everyone.) Good luck. Jeremy -------------- next part -------------- An HTML attachment was scrubbed... URL: From Drikus.Brits at vodacom.co.za Tue Sep 27 17:10:55 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Tue, 27 Sep 2011 17:10:55 +0000 Subject: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config In-Reply-To: References: <6581768FDA03C94BB585650903B4F1EB055E1B4B@ZAMDC02101.vodacom.corp> Message-ID: <6581768FDA03C94BB585650903B4F1EB055E1C63@ZAMDC02101.vodacom.corp> HI, Checked for any lock file, none present. Also note that I have 7 different groups , and only getting the duplicates for 1 specific group that I added more devices to. d. -----Original Message----- From: james machado [mailto:hvgeekwtrvl at gmail.com] Sent: Tuesday, September 27, 2011 6:45 PM To: Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config 2011/9/27 Drikus Brits : > Hi All, > > > > I recently added about 5 - 10 devices, and also added a statement into the > "rancid" file to filter a specific line out of the config. > > > > Since then Rancid , or more CVS I believe seems to be stuck on comparing > configs from a week ago to the latest hourly config. > last time this happened to me it was a locking issue with CVS/SVN. It had not released the lock and could not updated the files. stop your rancid and CVS/SVN then find the lock files for CVS/SVN and clear those out then restart the apps again. james This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " From hvgeekwtrvl at gmail.com Tue Sep 27 16:44:49 2011 From: hvgeekwtrvl at gmail.com (james machado) Date: Tue, 27 Sep 2011 09:44:49 -0700 Subject: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config In-Reply-To: <6581768FDA03C94BB585650903B4F1EB055E1B4B@ZAMDC02101.vodacom.corp> References: <6581768FDA03C94BB585650903B4F1EB055E1B4B@ZAMDC02101.vodacom.corp> Message-ID: 2011/9/27 Drikus Brits : > Hi All, > > > > I recently added about 5 ? 10 devices, and also added a statement into the > ?rancid? file to filter a specific line out of the config. > > > > Since then Rancid , or more CVS I believe seems to be stuck on comparing > configs from a week ago to the latest hourly config. > last time this happened to me it was a locking issue with CVS/SVN. It had not released the lock and could not updated the files. stop your rancid and CVS/SVN then find the lock files for CVS/SVN and clear those out then restart the apps again. james From gabbawp at gmail.com Tue Sep 27 19:24:10 2011 From: gabbawp at gmail.com (Gareth Hopkins) Date: Tue, 27 Sep 2011 21:24:10 +0200 Subject: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config In-Reply-To: <6581768FDA03C94BB585650903B4F1EB055E1C63@ZAMDC02101.vodacom.corp> References: <6581768FDA03C94BB585650903B4F1EB055E1B4B@ZAMDC02101.vodacom.corp> <6581768FDA03C94BB585650903B4F1EB055E1C63@ZAMDC02101.vodacom.corp> Message-ID: <1377B133-FB4E-4CD0-975F-AF8441D80C6C@gmail.com> Hi, Run a manual cvs update in the group directory that's giving the issues (cvs update -PdA) and check for any modified (M) or conflict (C) files. Cheers, Gareth On 27 Sep 2011, at 7:10 PM, Drikus Brits wrote: > HI, > > Checked for any lock file, none present. Also note that I have 7 different groups , and only getting the duplicates for 1 specific group that I added more devices to. > > d. > > -----Original Message----- > From: james machado [mailto:hvgeekwtrvl at gmail.com] > Sent: Tuesday, September 27, 2011 6:45 PM > To: Drikus Brits > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config > > 2011/9/27 Drikus Brits : >> Hi All, >> >> >> >> I recently added about 5 - 10 devices, and also added a statement into the >> "rancid" file to filter a specific line out of the config. >> >> >> >> Since then Rancid , or more CVS I believe seems to be stuck on comparing >> configs from a week ago to the latest hourly config. >> > > last time this happened to me it was a locking issue with CVS/SVN. It > had not released the lock and could not updated the files. stop your > rancid and CVS/SVN then find the lock files for CVS/SVN and clear > those out then restart the apps again. > > james > This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. > ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From tvirath at gmail.com Tue Sep 27 18:42:21 2011 From: tvirath at gmail.com (Tony) Date: Tue, 27 Sep 2011 18:42:21 +0000 (UTC) Subject: [rancid] RiverBed configuration backup Message-ID: Everyone, Does anyone know how we can use Rancid to backup the configuration for the Riverbed Steelhead model Riverbed 8150 CMC (Central Management Console), Riverbed 6050 SteelHead, and Riverbed 8650 SMC (SteelHead Mobile Controller. From dpacheco at unap.cl Tue Sep 27 21:20:40 2011 From: dpacheco at unap.cl (Dago Pacheco) Date: Tue, 27 Sep 2011 18:20:40 -0300 Subject: [rancid] unable to read man pages In-Reply-To: <4E81F023.2020002@brezworks.com> References: <4E81CFE5.605@unap.cl> <4E81F023.2020002@brezworks.com> Message-ID: <4E823E28.3000106@unap.cl> ok... problem solved. Thanks very much Dago Pacheco Bravo Administrador de Infraestructura y Servicios Unidad de Inform?tica y Comunicaciones Anexo: 2388 - Fono: (57) 394388 - Cel: 88059332 Universidad Arturo Prat - Sede Iquique El 27/09/11 12:47, Jeremy Bresley escribi?: > On 9/27/2011 8:30 AM, Dago Pacheco wrote: >> Hi everybody ... I've been having problem to read man pages. I need >> to read man pages for 'rancid-cvs' command, but i can't, this is the >> output: >> >> [rancid at pintados ~]$ man -M /usr/local/rancid/man rancid-cvs >> No hay ninguna p?gina sobre rancid-cvs >> [rancid at pintados ~]$ >> >> Output translation should be "Ther is no man page about rancid-cvs". >> As you can see next, man dir exist. >> >> [rancid at pintados man]$ ll >> total 280 >> -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 agmrancid.1 >> -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 alogin.1 >> -rwxr-xr-- 1 rancid netadm 18 sep 26 18:51 arancid.1 >> > Check your MANPATH variable in your shell. Or for system-wide > settings, look at /etc/manpath.config (Debian, other distros should > have something similar). If the RANCID man pages are installed in > /usr/local/rancid/man/man*, adding /usr/local/rancid/man to your > MANPATH will fix this. By default man in Debian looks for man pages in: > /usr/man > /usr/share/man > /usr/local/man > /usr/local/share/man > /usr/X11R6/man > /opt/man > > (Edit your .profile/.bash_profile to set MANPATH or edit the system > files to fix it for everyone.) > > Good luck. > > Jeremy > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Drikus.Brits at vodacom.co.za Wed Sep 28 15:38:59 2011 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Wed, 28 Sep 2011 15:38:59 +0000 Subject: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config In-Reply-To: <1377B133-FB4E-4CD0-975F-AF8441D80C6C@gmail.com> References: <6581768FDA03C94BB585650903B4F1EB055E1B4B@ZAMDC02101.vodacom.corp> <6581768FDA03C94BB585650903B4F1EB055E1C63@ZAMDC02101.vodacom.corp> <1377B133-FB4E-4CD0-975F-AF8441D80C6C@gmail.com> Message-ID: <6581768FDA03C94BB585650903B4F1EB055E2911@ZAMDC02101.vodacom.corp> Hi, Thanks it worked. CVS picked up an error in the router.db file. Once fixed the problem disappeared Thx again, d. -----Original Message----- From: Gareth Hopkins [mailto:gabbawp at gmail.com] Sent: Tuesday, September 27, 2011 9:24 PM To: Drikus Brits Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config Hi, Run a manual cvs update in the group directory that's giving the issues (cvs update -PdA) and check for any modified (M) or conflict (C) files. Cheers, Gareth On 27 Sep 2011, at 7:10 PM, Drikus Brits wrote: > HI, > > Checked for any lock file, none present. Also note that I have 7 different groups , and only getting the duplicates for 1 specific group that I added more devices to. > > d. > > -----Original Message----- > From: james machado [mailto:hvgeekwtrvl at gmail.com] > Sent: Tuesday, September 27, 2011 6:45 PM > To: Drikus Brits > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid/cvs stuck on providing diffs from config a week old with latest hourly config > > 2011/9/27 Drikus Brits : >> Hi All, >> >> >> >> I recently added about 5 - 10 devices, and also added a statement into the >> "rancid" file to filter a specific line out of the config. >> >> >> >> Since then Rancid , or more CVS I believe seems to be stuck on comparing >> configs from a week ago to the latest hourly config. >> > > last time this happened to me it was a locking issue with CVS/SVN. It > had not released the lock and could not updated the files. stop your > rancid and CVS/SVN then find the lock files for CVS/SVN and clear > those out then restart the apps again. > > james > This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. > "This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions " From xiayang at gmail.com Fri Sep 30 05:31:16 2011 From: xiayang at gmail.com (Yang Xia) Date: Thu, 29 Sep 2011 22:31:16 -0700 Subject: [rancid] Cisco/Tandberg VCS Message-ID: Currently I have a small expect script to login the VCS more for convenience. I wonder if anyone has tried using RANCID to backup VCS configuration. Regards, -Yang -------------- next part -------------- An HTML attachment was scrubbed... URL: