From gabbawp at gmail.com Mon Jun 3 09:00:50 2013 From: gabbawp at gmail.com (Gareth Hopkins) Date: Mon, 3 Jun 2013 11:00:50 +0200 Subject: [rancid] jrancid excess revisions due to expect prompt mismatches? In-Reply-To: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> References: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> Message-ID: Off the top of my head, it could be either the shell or pager not being called correctly. When you run it manually you will be in a specific shell, but when run from cron, it will be using root's default. Can you try exporting the shell in the crontab ? Cheers, Gareth On 31 May 2013, at 2:01 AM, Chuck Liggett wrote: > While querying a Juniper SRX 650 firewall cluster from a CentOS 6.4 box running Rancid 2.3.6 (rpm from Epel), Expect 5.44.1.15, > where Rancid is run out of /etc/cron.d/rancid and scheduled every quarter hour: > > Several times a day, I get excess revisions where it looks as though a Juniper Rancid command appears in the body of the config as if more than one command is being sent in response to a prompt. > > Every time I run it manually in expect debugging mode, it does not experience the issue. > > Here's an illustration: > > Index: configs/firewall > =================================================================== > - -- configs/firewall (revision 619) > @@ -2,6 +2,7 @@ > # > # username at host.domain.com> show chassis clocks > # username at host.domain.com> show chassis environment > + # show chassis firmware > # node0: > # -------------------------------------------------------------------------- > # Class Item Status > > Sometimes, the commands are well within the body of other command output, like in this example: > > > Index: configs/firewall > =================================================================== > - -- configs/firewall (revision 604) > @@ -4,6 +4,7 @@ > # username at host.domain.com> show chassis environment > # node0: > # -------------------------------------------------------------------------- > + # show chassis firmware > # Class Item Status > # Temp Routing Engine OK > # Routing Engine CPU OK > @@ -36,6 +37,7 @@ > # FPC 0 O/S Version 11.4R6.6 by builder on 2013-01-05 1 > # FPC 2 O/S Version 11.4R6.6 by builder on 2013-01-05 1 > # FWDD O/S Version 11.4R6.6 by builder on 2013-01-05 1 > + # show chassis fpc detail > # > # node1: > # -------------------------------------------------------------------------- > @@ -46,6 +48,7 @@ > # > # {primary:node0} > # username at host.domain.com> show chassis fpc detail > + # show chassis hardware detail > # node0: > # -------------------------------------------------------------------------- > # Slot 0 information: > > Does anyone have any suggestions? > > Thank you! > > Chuck > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From chuck.liggett at mongoosemetrics.com Mon Jun 3 18:10:40 2013 From: chuck.liggett at mongoosemetrics.com (Chuck Liggett) Date: Mon, 3 Jun 2013 18:10:40 +0000 Subject: [rancid] jrancid excess revisions due to expect prompt mismatches? In-Reply-To: References: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> Message-ID: <3d607c7179734ba89e5c67bb2120026d@BY2PR07MB075.namprd07.prod.outlook.com> Gareth: Switching the shell from /bin/bash to /bin/sh appears to be looking promising. The spurious commands in the body of the config have gone away the first run after the shell change. -- Sincerely yours, Chuck Liggett From: Gareth Hopkins [mailto:gabbawp at gmail.com] Sent: Monday, June 3, 2013 05:01 To: Chuck Liggett Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] jrancid excess revisions due to expect prompt mismatches? Off the top of my head, it could be either the shell or pager not being called correctly. When you run it manually you will be in a specific shell, but when run from cron, it will be using root's default. Can you try exporting the shell in the crontab ? Cheers, Gareth On 31 May 2013, at 2:01 AM, Chuck Liggett > wrote: While querying a Juniper SRX 650 firewall cluster from a CentOS 6.4 box running Rancid 2.3.6 (rpm from Epel), Expect 5.44.1.15, where Rancid is run out of /etc/cron.d/rancid and scheduled every quarter hour: Several times a day, I get excess revisions where it looks as though a Juniper Rancid command appears in the body of the config as if more than one command is being sent in response to a prompt. Every time I run it manually in expect debugging mode, it does not experience the issue. Here's an illustration: Index: configs/firewall =================================================================== - -- configs/firewall (revision 619) @@ -2,6 +2,7 @@ # # username at host.domain.com> show chassis clocks # username at host.domain.com> show chassis environment + # show chassis firmware # node0: # -------------------------------------------------------------------------- # Class Item Status Sometimes, the commands are well within the body of other command output, like in this example: Index: configs/firewall =================================================================== - -- configs/firewall (revision 604) @@ -4,6 +4,7 @@ # username at host.domain.com> show chassis environment # node0: # -------------------------------------------------------------------------- + # show chassis firmware # Class Item Status # Temp Routing Engine OK # Routing Engine CPU OK @@ -36,6 +37,7 @@ # FPC 0 O/S Version 11.4R6.6 by builder on 2013-01-05 1 # FPC 2 O/S Version 11.4R6.6 by builder on 2013-01-05 1 # FWDD O/S Version 11.4R6.6 by builder on 2013-01-05 1 + # show chassis fpc detail # # node1: # -------------------------------------------------------------------------- @@ -46,6 +48,7 @@ # # {primary:node0} # username at host.domain.com> show chassis fpc detail + # show chassis hardware detail # node0: # -------------------------------------------------------------------------- # Slot 0 information: Does anyone have any suggestions? Thank you! Chuck _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From jzp-rancid at rsuc.gweep.net Mon Jun 3 20:29:45 2013 From: jzp-rancid at rsuc.gweep.net (Joe Provo) Date: Mon, 3 Jun 2013 16:29:45 -0400 Subject: [rancid] Rancid with A10 networks In-Reply-To: <20130523170628.GL18126@shrubbery.net> References: <4ECB25C9.6070705@antracnetworks.com> <20111123220655.GA22760@srv03.cluenet.de> <20130523164400.GA56278@gweep.net> <20130523170628.GL18126@shrubbery.net> Message-ID: <20130603202944.GA76620@gweep.net> On Thu, May 23, 2013 at 05:06:28PM +0000, heasley wrote: > Thu, May 23, 2013 at 12:44:00PM -0400, Joe Provo: > > On Wed, Nov 23, 2011 at 11:06:55PM +0100, Daniel Roesen wrote: > > > On Mon, Nov 21, 2011 at 08:32:09PM -0800, Patty Luxton wrote: > > > > Has anybody written any modifications to Rancid for A10 Load Balancer > > > > devices? > > > > > > Yes, A10. :-) Ask them about it - IIRC they slightly modified the > > > fnrancid script. > > > > Seems like it could use some optimization - any reason it hasn't been > > folded into the main distro? > > i havent seem them, but we dont have A10s either - in which case, to try > to keep our support effort low, we would like to see a few folks use and > confirm that it works, before adding it. We're using it currently with some minor issues we've had to massage. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NANOG From heas at shrubbery.net Mon Jun 3 23:34:19 2013 From: heas at shrubbery.net (heasley) Date: Mon, 3 Jun 2013 23:34:19 +0000 Subject: [rancid] Rancid with A10 networks In-Reply-To: <20130603202944.GA76620@gweep.net> References: <4ECB25C9.6070705@antracnetworks.com> <20111123220655.GA22760@srv03.cluenet.de> <20130523164400.GA56278@gweep.net> <20130523170628.GL18126@shrubbery.net> <20130603202944.GA76620@gweep.net> Message-ID: <20130603233419.GP74473@shrubbery.net> Mon, Jun 03, 2013 at 04:29:45PM -0400, Joe Provo: > On Thu, May 23, 2013 at 05:06:28PM +0000, heasley wrote: > > Thu, May 23, 2013 at 12:44:00PM -0400, Joe Provo: > > > On Wed, Nov 23, 2011 at 11:06:55PM +0100, Daniel Roesen wrote: > > > > On Mon, Nov 21, 2011 at 08:32:09PM -0800, Patty Luxton wrote: > > > > > Has anybody written any modifications to Rancid for A10 Load Balancer > > > > > devices? > > > > > > > > Yes, A10. :-) Ask them about it - IIRC they slightly modified the > > > > fnrancid script. > > > > > > Seems like it could use some optimization - any reason it hasn't been > > > folded into the main distro? > > > > i havent seem them, but we dont have A10s either - in which case, to try > > to keep our support effort low, we would like to see a few folks use and > > confirm that it works, before adding it. > > We're using it currently with some minor issues we've had to massage. thanks; what were the minor issues? From jcbuitrago at edatel.com.co Tue Jun 4 14:28:35 2013 From: jcbuitrago at edatel.com.co (Juan Carlos Buitrago Zapata) Date: Tue, 4 Jun 2013 09:28:35 -0500 Subject: [rancid] Support Switch Huawei Quidway S5328 In-Reply-To: References: <4E1C4F9611985D459D0120612854BD90040D71E829@EDATEL-MBX-01.edatel.com.co> Message-ID: <4E1C4F9611985D459D0120612854BD90040D75A5FA@EDATEL-MBX-01.edatel.com.co> Thank you Bob, but I don't know exactly what you mean. I'm not an expert in expect. Could you do more clear in your explanation? Regards, EDATEL, te acerca JUAN CARLOS BUITRAGO ZAPATA Ingeniero Operaci?n Plataformas EDATEL S.A. E.S.P. Tel?fono: (574) 3846508 Fax: (574) 3846500 jcbuitrago at edatel.com.co www.edatel.com.co Medell?n - Colombia [cid:image001.png at 01CE6105.917137D0] De: bob watson [mailto:bobthebaritone at gmail.com] Enviado el: viernes, 31 de mayo de 2013 06:21 p.m. Para: Juan Carlos Buitrago Zapata CC: Rancid-discuss at shrubbery.net Asunto: Re: [rancid] Support Switch Huawei Quidway S5328 Juan, Should there be a space between the parameter -c and the argument? Always try to run your login with exp_internal parameter. Then you can see with what expect is having a problem. See http://www.cotse.com/dlf/man/expect/exp_internal.htm. Cheers Bob Watson BAppSci, MACS, CP View Robert Watson's profile on LinkedIn On 1 June 2013 07:28, Juan Carlos Buitrago Zapata > wrote: Hello, I've tried to use rancid for our switch Huawei Quidway S5328, the commands are the same to our Switch 3Com, Although the backup isn't working. I would like to know if I have to do something additional to support this new brand. # h3crancid -d sw-acceso-frontino defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line 121. (Maybe you should just omit the defined()?) executing h3clogin -t 20 -c"screen-length 0 temporary;display version;display boot-loader;display ip routing-table;display current-configuration" sw-acceso-frontino sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' position. sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' position. sw-acceso-frontino: clean_run=0 found_end=0 sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version sw-acceso-frontino: End of run not found sw-acceso-frontino: End of run not found ------------ With the same Switch : #env NOPIPE=YES PATH=${PATH}:/usr/local/libexec/rancid/ h3crancid -d 192.168.40.61 defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line 121. (Maybe you should just omit the defined()?) executing h3clogin -t 20 -c"screen-length 0 temporary;display version;display boot-loader;display ip routing-table;display current-configuration" 192.168.40.61 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. 192.168.40.61: clean_run=0 found_end=0 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version 192.168.40.61: End of run not found 192.168.40.61: End of run not found ! This Execution generate this file: 192.168.40.61.raw and this file has all commands results as shown on next. [rancid at mde-costal ~/Switch]$ cat 192.168.40.61.raw 192.168.40.61 spawn telnet 192.168.40.61 Trying 192.168.40.61... Connected to sw-acceso-frontino. Escape character is '^]'. Login authentication Username:rancid Password: Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. super Now user privilege is 3 level, and only those commands whose level is equal to or less than this level can be used. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE undo terminal monitor Info: Current terminal monitor is off. screen-length disable ^ Error: Wrong parameter found at '^' position. screen-length 0 temporary Info: The configuration takes effect on the current user terminal interface only. display version Huawei Versatile Routing Platform Software VRP (R) software, Version 5.70 (S5300 V100R005C01SPC100) Copyright (C) 2000-2011 HUAWEI TECH CO., LTD Quidway S5328C-EI-24S Routing Switch uptime is 30 weeks, 2 days, 8 hours, 44 minutes EFGF 0(Master) : uptime is 30 weeks, 2 days, 8 hours, 43 minutes 256M bytes DDR Memory 32M bytes FLASH Pcb Version : VER B Basic BOOTROM Version : 107 Compiled at Jan 18 2011, 22:52:53 CPLD Version : 69 Software Version : VRP (R) Software, Version 5.70 (S5300 V100R005C01SPC100) HINDCARD information Pcb Version : CX22ETPC VER B FANCARD information Pcb Version : FAN VER B PWRCARD I information Pcb Version : PWR VER A PWRCARD II information Pcb Version : PWR VER A display boot-loader ^ Error: Unrecognized command found at '^' position. display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.50.50.0/24 Direct 0 0 D 10.50.50.50 Vlanif1945 10.50.50.50/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.90.90.0/24 Direct 0 0 D 10.90.90.90 Vlanif1941 10.90.90.90/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.40.0/23 Direct 0 0 D 192.168.40.61 Vlanif40 192.168.40.61/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.35.33.7/32 Static 60 0 RD 192.168.40.1 Vlanif40 200.35.33.13/32 Static 60 0 RD 192.168.40.1 Vlanif40 display current-configuration # !Software Version V100R005C01SPC100 sysname SW-ACCESO-FRONTINO # vlan batch 40 49 to 50 69 90 98 225 227 434 456 706 vlan batch 824 909 to 910 1539 1614 1769 1781 1941 1945 2034 2344 vlan batch 2415 2514 2737 2838 to 2839 # domain edatel domain edatel admin # undo cluster enable undo ntdp enable undo ndp enable # undo http server enable # hwtacacs-server template edatel hwtacacs-server authentication hwtacacs-server authorization hwtacacs-server accounting hwtacacs-server shared-key cipher AA")[K_!5\1%`DJL.:OE)Q!! undo hwtacacs-server user-name domain-included # acl name AZTECA-BW 4999 description [BW-CONTROL-AZTECA] rule 5 permit vlan-id 1945 rule 6 permit vlan-id 1941 # vlan description NODO.B_REP.EL.TOYO_ZTE # ................... Omitted output # interface NULL0 # user-interface con 0 authentication-mode aaa user privilege level 15 user-interface vty 0 4 authentication-mode aaa user privilege level 15 # return quit Info: The max number of VTY users is 5, and the number of current VTY users on line is 0.Connection closed by foreign host. Thank you in adavance!! Regards, JUAN CARLOS BUITRAGO ZAPATA ________________________________ Este mensaje y/o sus anexos son para uso exclusivo de su destinatario intencional y puede contener informaci?n legalmente protegida por ser confidencial. Si usted no es el destinatario intencional del mensaje por favor inf?rmenos de inmediato y elim?nelo, as? como sus anexos. Igualmente, le comunicamos que cualquier retenci?n, revisi?n no autorizada, distribuci?n, divulgaci?n, reenv?o, copia, impresi?n, reproducci?n, o uso indebido de este mensaje y/o sus anexos, est? estrictamente prohibida y sancionada legalmente. EDATEL S.A. no se hace responsable en ning?n caso por da?os derivados de la recepci?n del presente mensaje. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ________________________________ Este mensaje y/o sus anexos son para uso exclusivo de su destinatario intencional y puede contener informaci?n legalmente protegida por ser confidencial. Si usted no es el destinatario intencional del mensaje por favor inf?rmenos de inmediato y elim?nelo, as? como sus anexos. Igualmente, le comunicamos que cualquier retenci?n, revisi?n no autorizada, distribuci?n, divulgaci?n, reenv?o, copia, impresi?n, reproducci?n, o uso indebido de este mensaje y/o sus anexos, est? estrictamente prohibida y sancionada legalmente. EDATEL S.A. no se hace responsable en ning?n caso por da?os derivados de la recepci?n del presente mensaje. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 80546 bytes Desc: image001.png URL: From GILYA at cellcom.co.il Tue Jun 4 14:45:10 2013 From: GILYA at cellcom.co.il (Gil Yaacoby) Date: Tue, 4 Jun 2013 14:45:10 +0000 Subject: [rancid] mrvlogin Message-ID: Hi , I created a new file rancid with commands for mrv Os-9xx When I try : [rancid at nms-rancid bin]mrvlogin cust-52428-os912dc2-1 The process is fine ... cust-52428-os912dc2-1 spawn telnet cust-52428-os912dc2-1 Trying 172.20.101.16... Connected to cust-52428-os912dc2-1. Escape character is '^]'. ************************************************ *you are connection to CUST-CL52428-OS912DC2-sw-1* *unauthorized access is strictly prohibited **** ************************************************ CUST-CL52428-OS912DC2-sw-1 login: admin Password: Last login: Tue Jun 4 17:29:27 2013 on pts/0 ATTENTION: LOGOUT timeout is set to 20 min. CUST-CL52428-OS912DC2-sw-1> In this stage when I need to enter a command there is no response !!! CUST-CL52428-OS912DC2-sw-1>show clock (nothing happened) sh sdfgsdfg gdgdfg hfghfgh fghfh ^C or Error: TIMEOUT reached Do someone familiar with this problem ? Any ideas ? --------------------------------------------------------------------------------------------------------------- This e-mail message may contain confidential, commercial and privileged information or data that constitute proprietary information of Cellcom Israel Ltd. Any review or distribution by others is strictly prohibited. If you are not the intended recipient you are hereby notified that any use of this information or data by any other person is absolutely prohibited. If you are not the intended recipient, please delete all copies. Thank You. http://www.cellcom.co.il -------------- next part -------------- An HTML attachment was scrubbed... URL: From kl at vsen.dk Tue Jun 4 14:57:33 2013 From: kl at vsen.dk (Klavs Klavsen) Date: Tue, 04 Jun 2013 16:57:33 +0200 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails Message-ID: <51AE005D.2050109@vsen.dk> I am trying to backup a hp procurve 2520. using rancid 2.3.6 (I tried updating hlogin to v2.3.8). When running: /usr/libexec/rancid/hlogin -c "show version;show flash;show system-information;show system information;show module;show stack;write term" 10.10.15.96 it seems to work fine. It logs in, runs the commands, and after a few seconds (and a lot of output :) - it writes exit etc. and gets out just fine. When I then run rancid-run - I see it has spawned that exact command, but there it appearently fails - because the log says: Trying to get all of the configs. 10.10.15.96: End of run not found ; ===================================== Getting missed routers: round 1. 10.10.15.96: End of run not found ; ===================================== Getting missed routers: round 2. 10.10.15.96: End of run not found ; ===================================== Getting missed routers: round 3. 10.10.15.96: End of run not found ; ===================================== Getting missed routers: round 4. 10.10.15.96: End of run not found Any ideas as to what I could do, to try to debug it? -- Regards, Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer From gilya at cellcom.co.il Tue Jun 4 14:51:19 2013 From: gilya at cellcom.co.il (Gil) Date: Tue, 4 Jun 2013 14:51:19 +0000 (UTC) Subject: [rancid] Custom Device Login File (mrvlogin) References: <0F7A1ECA510FCF4BA876AB43D9BC3A1847CA69@PTGEXCHANGE01.ptg-domain.com> <20090708174415.GM1443@shrubbery.net> Message-ID: john heasley shrubbery.net> writes: > > > expect: does "" (spawn_id exp6) match regular expression "^[^\n\r > > *]*InReach:0 ([^#>\r\n]+)?>(\([^)\r\n]+\))?"? no > > > > "[\n\r]+"? no > > > > expect: read eof > > > > expect: set expect_out(spawn_id) "exp6" > > > > expect: set expect_out(buffer) "" > > > > write() failed to write anything - will sleep(1) and retry... > > > > you've tried to write to a dead/closed pty. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > Hi , I created a new file rancid with commands for mrv Os-9xx When I try : [rancid at nms-rancid bin]mrvlogin cust-52428-os912dc2-1 The process is fine ? cust-52428-os912dc2-1 spawn telnet cust-52428-os912dc2-1 Trying 172.20.101.16... Connected to cust-52428-os912dc2-1. Escape character is '^]'. ************************************************ *you are connection to CUST-CL52428-OS912DC2-sw-1* *unauthorized access is strictly prohibited **** ************************************************ CUST-CL52428-OS912DC2-sw-1 login: admin Password: Last login: Tue Jun 4 17:29:27 2013 on pts/0 ATTENTION: LOGOUT timeout is set to 20 min. CUST-CL52428-OS912DC2-sw-1> In this stage when I need to enter a command there is no response !!! CUST-CL52428-OS912DC2-sw-1>show clock (nothing happened) sh sdfgsdfg gdgdfg hfghfgh fghfh ^C or Error: TIMEOUT reached Do someone familiar with this problem ? Any ideas ? From kl at vsen.dk Tue Jun 4 17:21:55 2013 From: kl at vsen.dk (Klavs Klavsen) Date: Tue, 04 Jun 2013 19:21:55 +0200 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails In-Reply-To: <20130604152058.GF10417@shrubbery.net> References: <51AE005D.2050109@vsen.dk> <20130604152058.GF10417@shrubbery.net> Message-ID: <51AE2233.5030507@vsen.dk> heasley said the following on 06/04/2013 05:20 PM: > Tue, Jun 04, 2013 at 04:57:33PM +0200, Klavs Klavsen: >> I am trying to backup a hp procurve 2520. >> >> using rancid 2.3.6 (I tried updating hlogin to v2.3.8). > are you using linux? if so, would you try the hpuifilter from 3.0a2? Yes - I'll gladly test that. >> When running: >> /usr/libexec/rancid/hlogin -c "show version;show flash;show >> system-information;show system information;show module;show stack;write >> term" 10.10.15.96 >> >> it seems to work fine. It logs in, runs the commands, and after a few >> seconds (and a lot of output :) - it writes exit etc. and gets out just >> fine. >> >> When I then run rancid-run - I see it has spawned that exact command, >> but there it appearently fails - because the log says: >> Trying to get all of the configs. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 1. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 2. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 3. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 4. >> 10.10.15.96: End of run not found >> >> Any ideas as to what I could do, to try to debug it? > This is rare, a failure w/o some indication of why, but is difficult to > debug. start by trying the debugging with the PATH from rancid.conf. Typical - rare failures.. gr8 :) What do you mean? I don't believe there's any PATH set in rancid.conf. I am home from work now - and it's national holiday tomorrow - but thursday, I'll try hpuifilter 3.0.2a and I figured I'd try to insert some debugging output in rancid-run - around where it calls hlogin (or is it rancid-control that calls hlogin.. I don't remember right now..) p.s. router db contains: 10.10.15.96:hp:up -- Regards, Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer From kl at vsen.dk Tue Jun 4 17:23:00 2013 From: kl at vsen.dk (Klavs Klavsen) Date: Tue, 04 Jun 2013 19:23:00 +0200 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails In-Reply-To: <51AE061E.90507@gmail.com> References: <51AE005D.2050109@vsen.dk> <51AE061E.90507@gmail.com> Message-ID: <51AE2274.8040309@vsen.dk> Alan McKinnon said the following on 06/04/2013 05:22 PM: [CUT] > What do you have in router.db for that device? 10.10.15.96:hp:up I have a cisco device as well - and that works just fine. -- Regards, Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer From peo at chalmers.se Tue Jun 4 19:18:30 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Tue, 4 Jun 2013 21:18:30 +0200 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails In-Reply-To: <51AE005D.2050109@vsen.dk> References: <51AE005D.2050109@vsen.dk> Message-ID: <51AE3D86.2030404@chalmers.se> Klavs Klavsen skrev 2013-06-04 16:57: > I am trying to backup a hp procurve 2520. > > using rancid 2.3.6 (I tried updating hlogin to v2.3.8). Don't just update hlogin! Try to use hrancid and hlogin form about the same version. I think there is an update in 2.3.7 to make "save config on exit" to work. It changing "exit" to "logout". If hrancid 2.3.6 match for "exit" at end, and get "logout" from hlogin 2.3.8 it will not find "End of run" Test "hrancid -d 10.10.15.96" and see if it gives any info. > > When running: > /usr/libexec/rancid/hlogin -c "show version;show flash;show system-information;show system information;show module;show > stack;write term" 10.10.15.96 > > it seems to work fine. It logs in, runs the commands, and after a few seconds (and a lot of output :) - it writes exit etc. and > gets out just fine. > > When I then run rancid-run - I see it has spawned that exact command, but there it appearently fails - because the log says: > Trying to get all of the configs. > 10.10.15.96: End of run not found > ; > ===================================== > Getting missed routers: round 1. > 10.10.15.96: End of run not found > ; > ===================================== > Getting missed routers: round 2. > 10.10.15.96: End of run not found > ; > ===================================== > Getting missed routers: round 3. > 10.10.15.96: End of run not found > ; > ===================================== > Getting missed routers: round 4. > 10.10.15.96: End of run not found > > Any ideas as to what I could do, to try to debug it? > /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From alan.mckinnon at gmail.com Tue Jun 4 19:49:32 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 04 Jun 2013 21:49:32 +0200 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails In-Reply-To: <51AE2274.8040309@vsen.dk> References: <51AE005D.2050109@vsen.dk> <51AE061E.90507@gmail.com> <51AE2274.8040309@vsen.dk> Message-ID: <51AE44CC.105@gmail.com> On 04/06/2013 19:23, Klavs Klavsen wrote: > > > Alan McKinnon said the following on 06/04/2013 05:22 PM: > [CUT] >> What do you have in router.db for that device? > > 10.10.15.96:hp:up > > I have a cisco device as well - and that works just fine. I don't have any procurves myself and so have no experience with that code. The method I use in such cases is to first look carefully at the logs for clues, then run "hrancid -d " and inspect the .new file it produces. Per-Olof's reply looks liek the one with the real solution in it though -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Tue Jun 4 23:30:59 2013 From: heas at shrubbery.net (heasley) Date: Tue, 4 Jun 2013 23:30:59 +0000 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails In-Reply-To: <51AE44CC.105@gmail.com> References: <51AE005D.2050109@vsen.dk> <51AE061E.90507@gmail.com> <51AE2274.8040309@vsen.dk> <51AE44CC.105@gmail.com> Message-ID: <20130604233059.GH25395@shrubbery.net> Tue, Jun 04, 2013 at 09:49:32PM +0200, Alan McKinnon: > On 04/06/2013 19:23, Klavs Klavsen wrote: > > > > > > Alan McKinnon said the following on 06/04/2013 05:22 PM: > > [CUT] > >> What do you have in router.db for that device? > > > > 10.10.15.96:hp:up > > > > I have a cisco device as well - and that works just fine. > > > > I don't have any procurves myself and so have no experience with that code. > > The method I use in such cases is to first look carefully at the logs > for clues, then run "hrancid -d " and inspect the .new file > it produces. problem is that he had the problem only with rancid_run, while hrancid worked, which is odd and more difficult to debug. > Per-Olof's reply looks liek the one with the real solution in it though Per-olof does make a good point. From bobthebaritone at gmail.com Tue Jun 4 23:16:30 2013 From: bobthebaritone at gmail.com (bob watson) Date: Wed, 5 Jun 2013 09:16:30 +1000 Subject: [rancid] Support Switch Huawei Quidway S5328 In-Reply-To: <4E1C4F9611985D459D0120612854BD90040D75A5FA@EDATEL-MBX-01.edatel.com.co> References: <4E1C4F9611985D459D0120612854BD90040D71E829@EDATEL-MBX-01.edatel.com.co> <4E1C4F9611985D459D0120612854BD90040D75A5FA@EDATEL-MBX-01.edatel.com.co> Message-ID: Juan, The issue seems to be around your parsing of the response from the switch. Debugging using expect we must get the characters actually sent. We do this by using the command exp_internal. A full explanation is beyond the scope of an email. I've found on google book and example of using exp_internal. http://books.google.com.au/books?id=t8C4pEDQ8s0C&pg=PA171&lpg=PA171&dq=exp_internal&source=bl&ots=n6HS0c_7So&sig=BzbLGjOwLGKOSDDr6Rvihjro2KU&hl=en&sa=X&ei=unSuUYWMLOrPiAfJhIDYDg&ved=0CFEQ6AEwBQ#v=onepage&q=exp_internal&f=false Note you can always start the expect program in debug mode. Cheers, Bob Watson BAppSci, MACS, CP View Robert Watson's profile on LinkedIn On 5 June 2013 00:28, Juan Carlos Buitrago Zapata wrote: > Thank you Bob, but I don?t know exactly what you mean. I?m not an > expert in expect. Could you do more clear in your explanation?**** > > ** ** > > Regards,**** > > ** ** > > *EDATEL, te acerca > > JUAN CARLOS BUITRAGO ZAPATA > *Ingeniero Operaci?n Plataformas > EDATEL S.A. E.S.P. > Tel?fono: (574) 3846508 Fax: (574) 3846500 > jcbuitrago at edatel.com.co > www.edatel.com.co > Medell?n ? Colombia > [image: Descripci?n: Descripci?n: Descripci?n: cabezote]**** > > ** ** > > *De:* bob watson [mailto:bobthebaritone at gmail.com] > *Enviado el:* viernes, 31 de mayo de 2013 06:21 p.m. > *Para:* Juan Carlos Buitrago Zapata > *CC:* Rancid-discuss at shrubbery.net > *Asunto:* Re: [rancid] Support Switch Huawei Quidway S5328**** > > ** ** > > Juan,**** > > ** ** > > Should there be a space between the parameter -c and the argument?**** > > ** ** > > Always try to run your login with exp_internal parameter. Then you can see > with what expect is having a problem. See > http://www.cotse.com/dlf/man/expect/exp_internal.htm.**** > > ** ** > > Cheers**** > > > **** > > Bob Watson**** > > BAppSci, MACS, CP**** > > ** ** > > **** > > **** > > height="33" border="0" alt="View Robert Watson's profile on LinkedIn">**** > > **** > > **** > > ** ** > > On 1 June 2013 07:28, Juan Carlos Buitrago Zapata < > jcbuitrago at edatel.com.co> wrote:**** > > Hello,**** > > **** > > I?ve tried to use rancid for our switch Huawei Quidway S5328, the > commands are the same to our Switch 3Com, Although the backup isn?t working. > **** > > **** > > I would like to know if I have to do something additional to support this > new brand.**** > > **** > > # h3crancid -d sw-acceso-frontino**** > > **** > > defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line > 121.**** > > (Maybe you should just omit the defined()?)**** > > executing h3clogin -t 20 -c"screen-length 0 temporary;display > version;display boot-loader;display ip routing-table;display > current-configuration" sw-acceso-frontino**** > > sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' > position.**** > > sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' > position.**** > > sw-acceso-frontino: clean_run=0 found_end=0**** > > sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > sw-acceso-frontino: End of run not found**** > > sw-acceso-frontino: End of run not found**** > > **** > > ------------**** > > With the same Switch :**** > > **** > > #env NOPIPE=YES PATH=${PATH}:/usr/local/libexec/rancid/ h3crancid -d > 192.168.40.61**** > > **** > > defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line > 121.**** > > (Maybe you should just omit the defined()?)**** > > executing h3clogin -t 20 -c"screen-length 0 temporary;display > version;display boot-loader;display ip routing-table;display > current-configuration" 192.168.40.61**** > > 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. > **** > > 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. > **** > > 192.168.40.61: clean_run=0 found_end=0**** > > 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > 192.168.40.61: End of run not found**** > > 192.168.40.61: End of run not found**** > > !**** > > **** > > This Execution generate this file: 192.168.40.61.raw and this file has all > commands results as shown on next.**** > > **** > > [rancid at mde-costal ~/Switch]$ cat 192.168.40.61.raw**** > > 192.168.40.61**** > > spawn telnet 192.168.40.61**** > > Trying 192.168.40.61...**** > > Connected to sw-acceso-frontino.**** > > Escape character is '^]'.**** > > **** > > **** > > Login authentication**** > > **** > > **** > > Username:rancid**** > > Password:**** > > Info: The max number of VTY users is 5, and the number**** > > of current VTY users on line is 1.**** > > super**** > > Now user privilege is 3 level, and only those commands whose level is > equal to or less than this level can be used.**** > > Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE**** > > **** > > undo terminal monitor**** > > Info: Current terminal monitor is off.**** > > screen-length disable**** > > ^**** > > Error: Wrong parameter found at '^' position.**** > > screen-length 0 temporary**** > > Info: The configuration takes effect on the current user terminal > interface only.**** > > display version**** > > Huawei Versatile Routing Platform Software**** > > VRP (R) software, Version 5.70 (S5300 V100R005C01SPC100)**** > > Copyright (C) 2000-2011 HUAWEI TECH CO., LTD**** > > Quidway S5328C-EI-24S Routing Switch uptime is 30 weeks, 2 days, 8 hours, > 44 minutes**** > > **** > > EFGF 0(Master) : uptime is 30 weeks, 2 days, 8 hours, 43 minutes**** > > 256M bytes DDR Memory**** > > 32M bytes FLASH**** > > Pcb Version : VER B**** > > Basic BOOTROM Version : 107 Compiled at Jan 18 2011, 22:52:53**** > > CPLD Version : 69**** > > Software Version : VRP (R) Software, Version 5.70 (S5300 V100R005C01SPC100) > **** > > HINDCARD information**** > > Pcb Version : CX22ETPC VER B**** > > FANCARD information**** > > Pcb Version : FAN VER B**** > > PWRCARD I information**** > > Pcb Version : PWR VER A**** > > PWRCARD II information**** > > Pcb Version : PWR VER A**** > > **** > > display boot-loader**** > > ^**** > > Error: Unrecognized command found at '^' position.**** > > display ip routing-table**** > > Route Flags: R - relay, D - download to fib**** > > > ------------------------------------------------------------------------------ > **** > > Routing Tables: Public**** > > Destinations : 10 Routes : 10**** > > **** > > Destination/Mask Proto Pre Cost Flags NextHop Interface > **** > > **** > > 10.50.50.0/24 Direct 0 0 D 10.50.50.50 > Vlanif1945**** > > 10.50.50.50/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 10.90.90.0/24 Direct 0 0 D 10.90.90.90 > Vlanif1941**** > > 10.90.90.90/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 127.0.0.0/8 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 127.0.0.1/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 192.168.40.0/23 Direct 0 0 D 192.168.40.61 Vlanif40* > *** > > 192.168.40.61/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 200.35.33.7/32 Static 60 0 RD 192.168.40.1 Vlanif40* > *** > > 200.35.33.13/32 Static 60 0 RD 192.168.40.1 Vlanif40* > *** > > **** > > display current-configuration**** > > #**** > > !Software Version V100R005C01SPC100**** > > sysname SW-ACCESO-FRONTINO**** > > #**** > > vlan batch 40 49 to 50 69 90 98 225 227 434 456 706**** > > vlan batch 824 909 to 910 1539 1614 1769 1781 1941 1945 2034 2344**** > > vlan batch 2415 2514 2737 2838 to 2839**** > > #**** > > domain edatel**** > > domain edatel admin**** > > #**** > > undo cluster enable**** > > undo ntdp enable**** > > undo ndp enable**** > > #**** > > undo http server enable**** > > #**** > > hwtacacs-server template edatel**** > > hwtacacs-server authentication **** > > hwtacacs-server authorization **** > > hwtacacs-server accounting **** > > hwtacacs-server shared-key cipher AA")[K_!5\1%`DJL.:OE)Q!!**** > > undo hwtacacs-server user-name domain-included**** > > #**** > > acl name AZTECA-BW 4999**** > > description [BW-CONTROL-AZTECA]**** > > rule 5 permit vlan-id 1945**** > > rule 6 permit vlan-id 1941**** > > #**** > > vlan **** > > description NODO.B_REP.EL.TOYO_ZTE**** > > #**** > > ??????. Omitted output**** > > #**** > > interface NULL0**** > > #**** > > user-interface con 0**** > > authentication-mode aaa**** > > user privilege level 15**** > > user-interface vty 0 4**** > > authentication-mode aaa**** > > user privilege level 15**** > > #**** > > return**** > > quit**** > > Info: The max number of VTY users is 5, and the number**** > > of current VTY users on line is 0.Connection closed by foreign host. > **** > > **** > > Thank you in adavance!!**** > > **** > > Regards,**** > > **** > > **** > > *JUAN CARLOS BUITRAGO ZAPATA > > ***** > > **** > > ** ** > ------------------------------ > > Este mensaje y/o sus anexos son para uso exclusivo de su destinatario > intencional y puede contener informaci?n legalmente protegida por ser > confidencial. Si usted no es el destinatario intencional del mensaje por > favor inf?rmenos de inmediato y elim?nelo, as? como sus anexos. Igualmente, > le comunicamos que cualquier retenci?n, revisi?n no autorizada, > distribuci?n, divulgaci?n, reenv?o, copia, impresi?n, reproducci?n, o uso > indebido de este mensaje y/o sus anexos, est? estrictamente prohibida y > sancionada legalmente. EDATEL S.A. no se hace responsable en ning?n caso > por da?os derivados de la recepci?n del presente mensaje.**** > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** > > ** ** > > ------------------------------ > Este mensaje y/o sus anexos son para uso exclusivo de su destinatario > intencional y puede contener informaci?n legalmente protegida por ser > confidencial. Si usted no es el destinatario intencional del mensaje por > favor inf?rmenos de inmediato y elim?nelo, as? como sus anexos. Igualmente, > le comunicamos que cualquier retenci?n, revisi?n no autorizada, > distribuci?n, divulgaci?n, reenv?o, copia, impresi?n, reproducci?n, o uso > indebido de este mensaje y/o sus anexos, est? estrictamente prohibida y > sancionada legalmente. EDATEL S.A. no se hace responsable en ning?n caso > por da?os derivados de la recepci?n del presente mensaje. > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 80546 bytes Desc: not available URL: From Richard.Savage at newnet.co.uk Wed Jun 5 12:45:03 2013 From: Richard.Savage at newnet.co.uk (Richard Savage) Date: Wed, 5 Jun 2013 12:45:03 +0000 Subject: [rancid] Rancid / Fortigate Message-ID: <51AF32CF.3080407@newnet.co.uk> Hi I am currently running rancid 2.3.8-3 on a debian server. I am backing up 3 fortinet firewalls and everytime rancid runs it produces a diff against various things changing. This happens on every run even if no config changes have been made to the firewall: @@ -2538,7 +2538,7 @@ end config system autoupdate tunneling set address '' - set password ENC 7rz3NZFEnq39bkDpQoOq1xFb9S+pQwBXZedGObWBC7hC/QYQBMnsGbxKvbtSLtmBELRLqU631S6JPt8jsr0qKo2r10Vv5UzYddzby6Q3tWIls1IC + set password ENC 51lWQzr6MmALlpq9n4uTbPbGcL9XHTvXmQ4kMLcz3u2Ua8yt9tkanbZp0J5uaKsiLqgLqEIKnQQFQYKoh+qNcGSeDMsFhHk/H18pPn4nuBQ0IxMq set port 0 set status disable set username '' @@ -7474,23 +7474,23 @@ end config vpn certificate local edit "Fortinet_Factory" - set password ENC NNWSYkoMA+edjwo5LVP2a1M6K20cxS0iN/wkGwA6F39glvzYWmk3z9KoN7L//UR86M3u+8+d7Kk0k79NYf63wkLtpZnxRYWrLPTLeunMQLD5Rz2f + set password ENC 0QNWT3omKlWgl1dROK2zvJDEdmhmrOQcre178jDza1qcDDJ4ROArDrJ2mWi5qIFFS6cZs8rIa9rUv34zvfmC/8U/xorbn6g/c1/jKfoCNo5KTP1E set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED - DEK-Info: DES-EDE3-CBC,A8B9D863C86CD1F9 - 8+cZant/s9PvQE2cK0010WPxMAXo7cp8BnmhCBpjvo7wEKXux+5yasNhe1ZxDcZm - j7PmNrqqO+J6qG5Whd90Hp9BCJ8eNYQJojW0IfB2RPYocD058bk+kjZ7MPov/JBz - QgDhnzoP9qFjPzA2GGMQ+1JFMJZI63VlRGUhKnN8xc0X1B9oHnb7U3/d3wipSekM - eSKd4Sy6kcZJc726OV273pr6ftJyob1tDmIGXZzMRgAzUehFO1w+2u39hPsTOcq/ - IyF/RKTcfXoLilPFwZQvpDzIlurzCCv1ySsxhpFCKLScPaCwaTY6g8qz03VTMC6h + DEK-Info: DES-EDE3-CBC,39706AFBAD7CE8DF + 9KJ7kMJlzqKVFwS8dChmvlalrMbIKd0AxSo9VU/Wa1MSPo6HN8IjCAUtcM9zvbSX + E7aCk75D8vglifkuRqa+wtCcT8xVrEdwnHXpkvc9RH2JPs4JRhOyrYUAsnCMkQp3 + rLS0OditRHWbxG8M5xo5V2dIs7L6wkN7wJ9Rdrj+AKf49bsLayIdTkF4ruG0tBXR + ugQDLe6G6lCq2CW3y0m6SA5fQE2bXQy0YztDrHSZzzm5wXHhfpEUzmAU9gR1kl/s + V1+fzVRhIXw2sf8CoH83DLvON0wiNOE/J9BhUgvxq9SzbRPhXrUS/58S1cdr7Wz -----END RSA PRIVATE KEY-----" I have looked back through the archives and found something similar back in 2010 but would assume that the patch has been integrated into the latest version. Could any one suggest a fix for this as its getting slightly annoying getting a diff everytime there is a backup. Many thanks Richard This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. From GM-Douglas at wiu.edu Wed Jun 5 14:22:29 2013 From: GM-Douglas at wiu.edu (Gary Douglas) Date: Wed, 5 Jun 2013 09:22:29 -0500 Subject: [rancid] End of run not found on telnet Message-ID: <5690A63E-FB9A-4878-AA80-54A5D595E801@wiu.edu> I have rancid 2.3.6 up an running on Ubuntu server. All devices are Cisco. SSH is working fine. When I try run rancid on switches that only support telnet, I get the following error. switch: missed cmd(s): write term,show running-config switch: End of run not found clogin works great to these switches. I though it might be the expect problem. I downloaded and installed expect-5.43.0_hack.tar.bz2 and tcl8.4.18-src.tar.gz from the ftp site. This did not resolve the problem. Any ideas on what or where I need to look. Thank you Gary Douglas -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainer.hartwig.schubert at gmail.com Wed Jun 5 09:36:45 2013 From: rainer.hartwig.schubert at gmail.com (Rainer Schubert) Date: Wed, 5 Jun 2013 11:36:45 +0200 Subject: [rancid] hp procurve 2510 stack commander Message-ID: Hi all, I'm using rancid to backup my configs. Now I have colocation with a hp-procurve stack-membership. the current patch: http://www.shrubbery.net/pipermail/rancid-discuss/2011-January/005456.html is not working for me. hlogin hangs always at *Enter switch number to connect to or :* It's not possible to enter any character at the hlogin trials. Is there anything else to do? best regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Jun 5 14:48:32 2013 From: heas at shrubbery.net (heasley) Date: Wed, 5 Jun 2013 14:48:32 +0000 Subject: [rancid] Rancid / Fortigate In-Reply-To: <51AF32CF.3080407@newnet.co.uk> References: <51AF32CF.3080407@newnet.co.uk> Message-ID: <20130605144832.GD50571@shrubbery.net> Wed, Jun 05, 2013 at 12:45:03PM +0000, Richard Savage: > Hi > > I am currently running rancid 2.3.8-3 on a debian server. ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.p4.gz > I am backing up 3 fortinet firewalls and everytime rancid runs it produces a diff against various things changing. This > happens on every run even if no config changes have been made to the firewall: > > @@ -2538,7 +2538,7 @@ > end > config system autoupdate tunneling > set address '' > - set password ENC 7rz3NZFEnq39bkDpQoOq1xFb9S+pQwBXZedGObWBC7hC/QYQBMnsGbxKvbtSLtmBELRLqU631S6JPt8jsr0qKo2r10Vv5UzYddzby6Q3tWIls1IC > + set password ENC 51lWQzr6MmALlpq9n4uTbPbGcL9XHTvXmQ4kMLcz3u2Ua8yt9tkanbZp0J5uaKsiLqgLqEIKnQQFQYKoh+qNcGSeDMsFhHk/H18pPn4nuBQ0IxMq > set port 0 > set status disable > set username '' > > > @@ -7474,23 +7474,23 @@ > end > config vpn certificate local > edit "Fortinet_Factory" > - set password ENC NNWSYkoMA+edjwo5LVP2a1M6K20cxS0iN/wkGwA6F39glvzYWmk3z9KoN7L//UR86M3u+8+d7Kk0k79NYf63wkLtpZnxRYWrLPTLeunMQLD5Rz2f > + set password ENC 0QNWT3omKlWgl1dROK2zvJDEdmhmrOQcre178jDza1qcDDJ4ROArDrJ2mWi5qIFFS6cZs8rIa9rUv34zvfmC/8U/xorbn6g/c1/jKfoCNo5KTP1E > set private-key "-----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > - DEK-Info: DES-EDE3-CBC,A8B9D863C86CD1F9 > - 8+cZant/s9PvQE2cK0010WPxMAXo7cp8BnmhCBpjvo7wEKXux+5yasNhe1ZxDcZm > - j7PmNrqqO+J6qG5Whd90Hp9BCJ8eNYQJojW0IfB2RPYocD058bk+kjZ7MPov/JBz > - QgDhnzoP9qFjPzA2GGMQ+1JFMJZI63VlRGUhKnN8xc0X1B9oHnb7U3/d3wipSekM > - eSKd4Sy6kcZJc726OV273pr6ftJyob1tDmIGXZzMRgAzUehFO1w+2u39hPsTOcq/ > - IyF/RKTcfXoLilPFwZQvpDzIlurzCCv1ySsxhpFCKLScPaCwaTY6g8qz03VTMC6h > + DEK-Info: DES-EDE3-CBC,39706AFBAD7CE8DF > + 9KJ7kMJlzqKVFwS8dChmvlalrMbIKd0AxSo9VU/Wa1MSPo6HN8IjCAUtcM9zvbSX > + E7aCk75D8vglifkuRqa+wtCcT8xVrEdwnHXpkvc9RH2JPs4JRhOyrYUAsnCMkQp3 > + rLS0OditRHWbxG8M5xo5V2dIs7L6wkN7wJ9Rdrj+AKf49bsLayIdTkF4ruG0tBXR > + ugQDLe6G6lCq2CW3y0m6SA5fQE2bXQy0YztDrHSZzzm5wXHhfpEUzmAU9gR1kl/s > + V1+fzVRhIXw2sf8CoH83DLvON0wiNOE/J9BhUgvxq9SzbRPhXrUS/58S1cdr7Wz > > -----END RSA PRIVATE KEY-----" > > > I have looked back through the archives and found something similar back in 2010 but would assume that the patch has > been integrated into the latest version. > > Could any one suggest a fix for this as its getting slightly annoying getting a diff everytime there is a backup. > > Many thanks > > Richard > This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From kl at vsen.dk Thu Jun 6 07:25:56 2013 From: kl at vsen.dk (Klavs Klavsen) Date: Thu, 06 Jun 2013 09:25:56 +0200 Subject: [rancid] hp procurve problem - hlogin works - rancid-run fails In-Reply-To: <51AE3D86.2030404@chalmers.se> References: <51AE005D.2050109@vsen.dk> <51AE3D86.2030404@chalmers.se> Message-ID: <51B03984.1040608@vsen.dk> I fetched the .src.rpm for 2.3.6 for CentOS, realized the Makefile patch (disabling -g00 CFLAGS) was unnecessary, and created an updated patch for config - to get rancid home to /var/rancid and logs in /var/log/rancid - and installed a complete 2.3.8. It now works like a charm. Thank you for all your tips Per-Olof Olsson said the following on 06/04/2013 09:18 PM: > Klavs Klavsen skrev 2013-06-04 16:57: >> I am trying to backup a hp procurve 2520. >> >> using rancid 2.3.6 (I tried updating hlogin to v2.3.8). > > Don't just update hlogin! Try to use hrancid and hlogin form about the > same version. > > I think there is an update in 2.3.7 to make "save config on exit" to > work. It changing "exit" to "logout". > If hrancid 2.3.6 match for "exit" at end, and get "logout" from hlogin > 2.3.8 > it will not find "End of run" > > Test "hrancid -d 10.10.15.96" and see if it gives any info. > > >> >> When running: >> /usr/libexec/rancid/hlogin -c "show version;show flash;show >> system-information;show system information;show module;show >> stack;write term" 10.10.15.96 >> >> it seems to work fine. It logs in, runs the commands, and after a few >> seconds (and a lot of output :) - it writes exit etc. and >> gets out just fine. >> >> When I then run rancid-run - I see it has spawned that exact command, >> but there it appearently fails - because the log says: >> Trying to get all of the configs. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 1. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 2. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 3. >> 10.10.15.96: End of run not found >> ; >> ===================================== >> Getting missed routers: round 4. >> 10.10.15.96: End of run not found >> >> Any ideas as to what I could do, to try to debug it? >> > > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > H?rsalsv?gen 5 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8680 > ---------------------------------------------------------- -- Regards, Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer From Richard.Savage at newnet.co.uk Thu Jun 6 08:04:19 2013 From: Richard.Savage at newnet.co.uk (Richard Savage) Date: Thu, 6 Jun 2013 08:04:19 +0000 Subject: [rancid] Rancid / Fortigate In-Reply-To: <20130605144832.GD50571@shrubbery.net> References: <51AF32CF.3080407@newnet.co.uk> <20130605144832.GD50571@shrubbery.net> Message-ID: <51B04283.4040300@newnet.co.uk> Many thanks for the patch, that works a treat on the Certificates. We are still seeing password chainging everytime though. - set password ENC SWXEIX34s+aUBMlwZvFECK4DvTETIr70Kt61g9OaLoDwqjIHop/isuc8ICAmMyeRI9YwXn7FLBpe7UnVfzQa90R447az26V4TpJQKtg6JshN9aM1 + set password ENC 60VIeppXE7a/GFxdxOriZ2tWsUKhXD19qT6XAth3vnLP/6tuZk9p9+gSZ2YAHJNCAbKCWcziCI9LFfyRuL2UgumBU+0MHBTFXyC4PZW0S4GkZNI8 Is there something to prevent this? Thanks Rich On 05/06/13 15:48, heasley wrote: > Wed, Jun 05, 2013 at 12:45:03PM +0000, Richard Savage: >> Hi >> >> I am currently running rancid 2.3.8-3 on a debian server. > ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.p4.gz > >> I am backing up 3 fortinet firewalls and everytime rancid runs it produces a diff against various things changing. This >> happens on every run even if no config changes have been made to the firewall: >> >> @@ -2538,7 +2538,7 @@ >> end >> config system autoupdate tunneling >> set address '' >> - set password ENC 7rz3NZFEnq39bkDpQoOq1xFb9S+pQwBXZedGObWBC7hC/QYQBMnsGbxKvbtSLtmBELRLqU631S6JPt8jsr0qKo2r10Vv5UzYddzby6Q3tWIls1IC >> + set password ENC 51lWQzr6MmALlpq9n4uTbPbGcL9XHTvXmQ4kMLcz3u2Ua8yt9tkanbZp0J5uaKsiLqgLqEIKnQQFQYKoh+qNcGSeDMsFhHk/H18pPn4nuBQ0IxMq >> set port 0 >> set status disable >> set username '' >> >> >> @@ -7474,23 +7474,23 @@ >> end >> config vpn certificate local >> edit "Fortinet_Factory" >> - set password ENC NNWSYkoMA+edjwo5LVP2a1M6K20cxS0iN/wkGwA6F39glvzYWmk3z9KoN7L//UR86M3u+8+d7Kk0k79NYf63wkLtpZnxRYWrLPTLeunMQLD5Rz2f >> + set password ENC 0QNWT3omKlWgl1dROK2zvJDEdmhmrOQcre178jDza1qcDDJ4ROArDrJ2mWi5qIFFS6cZs8rIa9rUv34zvfmC/8U/xorbn6g/c1/jKfoCNo5KTP1E >> set private-key "-----BEGIN RSA PRIVATE KEY----- >> Proc-Type: 4,ENCRYPTED >> - DEK-Info: DES-EDE3-CBC,A8B9D863C86CD1F9 >> - 8+cZant/s9PvQE2cK0010WPxMAXo7cp8BnmhCBpjvo7wEKXux+5yasNhe1ZxDcZm >> - j7PmNrqqO+J6qG5Whd90Hp9BCJ8eNYQJojW0IfB2RPYocD058bk+kjZ7MPov/JBz >> - QgDhnzoP9qFjPzA2GGMQ+1JFMJZI63VlRGUhKnN8xc0X1B9oHnb7U3/d3wipSekM >> - eSKd4Sy6kcZJc726OV273pr6ftJyob1tDmIGXZzMRgAzUehFO1w+2u39hPsTOcq/ >> - IyF/RKTcfXoLilPFwZQvpDzIlurzCCv1ySsxhpFCKLScPaCwaTY6g8qz03VTMC6h >> + DEK-Info: DES-EDE3-CBC,39706AFBAD7CE8DF >> + 9KJ7kMJlzqKVFwS8dChmvlalrMbIKd0AxSo9VU/Wa1MSPo6HN8IjCAUtcM9zvbSX >> + E7aCk75D8vglifkuRqa+wtCcT8xVrEdwnHXpkvc9RH2JPs4JRhOyrYUAsnCMkQp3 >> + rLS0OditRHWbxG8M5xo5V2dIs7L6wkN7wJ9Rdrj+AKf49bsLayIdTkF4ruG0tBXR >> + ugQDLe6G6lCq2CW3y0m6SA5fQE2bXQy0YztDrHSZzzm5wXHhfpEUzmAU9gR1kl/s >> + V1+fzVRhIXw2sf8CoH83DLvON0wiNOE/J9BhUgvxq9SzbRPhXrUS/58S1cdr7Wz >> >> -----END RSA PRIVATE KEY-----" >> >> >> I have looked back through the archives and found something similar back in 2010 but would assume that the patch has >> been integrated into the latest version. >> >> Could any one suggest a fix for this as its getting slightly annoying getting a diff everytime there is a backup. >> This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. From rhyse at redblade.co.uk Thu Jun 6 08:52:00 2013 From: rhyse at redblade.co.uk (Rhys Evans) Date: Thu, 6 Jun 2013 08:52:00 +0000 Subject: [rancid] hp procurve 2510 stack commander In-Reply-To: References: Message-ID: <6255E337EB514643BB5953FA011E63DC6DE813AC@S-EXMBX01.Services.local> Hi I have this in my cloginrc for our Hp stacks #HP Devices add autoenable HP.local 0 add enableprompt HP.local {Enter switch number to connect to or :} add password k HP.local ManageM3Now 0 if needed ill dig out the hlogin we use, I cant remember if I changed that Thanks Rhys Evans Technical Consultant | Redblade Ltd | Tel: +44 (0)845 094 2389 | Fax: +44 (0)20 7735 1555 | Southbank House, Vauxhall | www.redblade.co.uk | From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Rainer Schubert Sent: 05 June 2013 10:37 To: rancid-discuss at shrubbery.net Subject: [rancid] hp procurve 2510 stack commander Hi all, I'm using rancid to backup my configs. Now I have colocation with a hp-procurve stack-membership. the current patch: http://www.shrubbery.net/pipermail/rancid-discuss/2011-January/005456.html is not working for me. hlogin hangs always at Enter switch number to connect to or : It's not possible to enter any character at the hlogin trials. Is there anything else to do? best regards Redblade Ltd is a Company Limited by Guarantee, registered in England, no: 5821834 Registered Office: Southbank House, Black Prince Road, Vauxhall, London, SE1 7SJ This email and its content are subject to the disclaimer as displayed at the following link http://www.redblade.co.uk/disclaimer.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: From rhyse at redblade.co.uk Thu Jun 6 14:04:45 2013 From: rhyse at redblade.co.uk (Rhys Evans) Date: Thu, 6 Jun 2013 14:04:45 +0000 Subject: [rancid] hp procurve 2510 stack commander In-Reply-To: References: <6255E337EB514643BB5953FA011E63DC6DE813AC@S-EXMBX01.Services.local> Message-ID: <6255E337EB514643BB5953FA011E63DC6DE82CF4@S-EXMBX01.Services.local> HI Please find attached Thanks Rhys Evans Technical Consultant | Redblade Ltd | Tel: +44 (0)845 094 2389 | Fax: +44 (0)20 7735 1555 | Southbank House, Vauxhall | www.redblade.co.uk | From: Rainer Schubert [mailto:rainer.hartwig.schubert at gmail.com] Sent: 06 June 2013 14:25 To: Rhys Evans Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] hp procurve 2510 stack commander Hi, clogin seems to working, but hlogin hangs still at the same point. Could have a look at your hlogin, if there was made any changes? thanks in advance 2013/6/6 Rhys Evans > Hi I have this in my cloginrc for our Hp stacks #HP Devices add autoenable HP.local 0 add enableprompt HP.local {Enter switch number to connect to or :} add password k HP.local ManageM3Now 0 if needed ill dig out the hlogin we use, I cant remember if I changed that Thanks Rhys Evans Technical Consultant | Redblade Ltd | Tel: +44 (0)845 094 2389 | Fax: +44 (0)20 7735 1555 | Southbank House, Vauxhall | www.redblade.co.uk | From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Rainer Schubert Sent: 05 June 2013 10:37 To: rancid-discuss at shrubbery.net Subject: [rancid] hp procurve 2510 stack commander Hi all, I'm using rancid to backup my configs. Now I have colocation with a hp-procurve stack-membership. the current patch: http://www.shrubbery.net/pipermail/rancid-discuss/2011-January/005456.html is not working for me. hlogin hangs always at Enter switch number to connect to or : It's not possible to enter any character at the hlogin trials. Is there anything else to do? best regards Redblade Ltd is a Company Limited by Guarantee, registered in England, no: 5821834 Registered Office: Southbank House, Black Prince Road, Vauxhall, London, SE1 7SJ This email and its content are subject to the disclaimer as displayed at the following link http://www.redblade.co.uk/disclaimer.htm Redblade Ltd is a Company Limited by Guarantee, registered in England, no: 5821834 Registered Office: Southbank House, Black Prince Road, Vauxhall, London, SE1 7SJ This email and its content are subject to the disclaimer as displayed at the following link http://www.redblade.co.uk/disclaimer.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hlogin Type: application/octet-stream Size: 22312 bytes Desc: hlogin URL: From rainer.hartwig.schubert at gmail.com Thu Jun 6 13:24:55 2013 From: rainer.hartwig.schubert at gmail.com (Rainer Schubert) Date: Thu, 6 Jun 2013 15:24:55 +0200 Subject: [rancid] hp procurve 2510 stack commander In-Reply-To: <6255E337EB514643BB5953FA011E63DC6DE813AC@S-EXMBX01.Services.local> References: <6255E337EB514643BB5953FA011E63DC6DE813AC@S-EXMBX01.Services.local> Message-ID: Hi, clogin seems to working, but hlogin hangs still at the same point. Could have a look at your hlogin, if there was made any changes? thanks in advance 2013/6/6 Rhys Evans > Hi > > > > I have this in my cloginrc for our Hp stacks > > > > #HP Devices > > add autoenable HP.local 0 > > add enableprompt HP.local {Enter switch number to connect to or :} > > add password k HP.local ManageM3Now 0 > > > > > > if needed ill dig out the hlogin we use, I cant remember if I changed that > > > > > > Thanks > > *Rhys Evans* > > *Technical Consultant* > > > > | *Redblade** Ltd** *| *Tel:* +44 (0)845 094 2389 | *Fax:* +44 (0)20 7735 > 1555 | *Southbank* House, Vauxhall |* **www*.redblade.co.uk |** > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Rainer Schubert > *Sent:* 05 June 2013 10:37 > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] hp procurve 2510 stack commander > > > > Hi all, > > > > I'm using rancid to backup my configs. Now I have colocation with a > hp-procurve stack-membership. the current patch: > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2011-January/005456.html > > > > is not working for me. hlogin hangs always at > > > > *Enter switch number to connect to or :* > > > > It's not possible to enter any character at the hlogin trials. > > > > Is there anything else to do? > > > > best regards > > > > > Redblade Ltd is a Company Limited by Guarantee, registered in England, > no: 5821834 Registered Office: Southbank House, Black Prince Road, > Vauxhall, London, SE1 7SJ This email and its content are subject to the > disclaimer as displayed at the following link > http://www.redblade.co.uk/disclaimer.htm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthew at walster.org Thu Jun 6 14:45:09 2013 From: matthew at walster.org (Matthew Walster) Date: Thu, 6 Jun 2013 15:45:09 +0100 Subject: [rancid] Checking for root Message-ID: More often than not, people are coming to me with RANCID issues that have arisen because someone has been impatient and decided to run rancid-run manually rather than letting the next run initiate manually. The only problem with that is that they tend to run it as "root" rather than the rancid user. Would it be worth putting a check in so that rancid-run script won't run unless it's as a non-privileged user (or even better, build it into the automake run to discover the intended final user). Simple code sample: if [[ $EUID -eq 0 && $force -ne 1 ]] then echo "Run this as the RANCID user!" exit 1 fi There's a "force" option there, just in case you really did run it as root, which seems like bad practice to me... Just a thought! Matthew Walster -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainer.hartwig.schubert at gmail.com Thu Jun 6 14:27:31 2013 From: rainer.hartwig.schubert at gmail.com (Rainer Schubert) Date: Thu, 6 Jun 2013 16:27:31 +0200 Subject: [rancid] hp procurve 2510 stack commander In-Reply-To: <6255E337EB514643BB5953FA011E63DC6DE82CF4@S-EXMBX01.Services.local> References: <6255E337EB514643BB5953FA011E63DC6DE813AC@S-EXMBX01.Services.local> <6255E337EB514643BB5953FA011E63DC6DE82CF4@S-EXMBX01.Services.local> Message-ID: Hi, thank you for the file, but my problem is still the same. I have activated the following option in my hlogin: set avautoenable 1 It works perfect for the main swichtes, but the commander hangs. 2013/6/6 Rhys Evans > HI > > > > Please find attached > > > > Thanks > > > > *Rhys Evans* > > *Technical Consultant* > > > > | *Redblade** Ltd** *| *Tel:* +44 (0)845 094 2389 | *Fax:* +44 (0)20 7735 > 1555 | *Southbank* House, Vauxhall |* **www*.redblade.co.uk |** > > > > *From:* Rainer Schubert [mailto:rainer.hartwig.schubert at gmail.com] > *Sent:* 06 June 2013 14:25 > *To:* Rhys Evans > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] hp procurve 2510 stack commander > > > > Hi, > > > > clogin seems to working, but hlogin hangs still at the same point. Could > have a look at your hlogin, if there was made any changes? > > > > thanks in advance > > > > > > > > 2013/6/6 Rhys Evans > > Hi > > > > I have this in my cloginrc for our Hp stacks > > > > #HP Devices > > add autoenable HP.local 0 > > add enableprompt HP.local {Enter switch number to connect to or :} > > add password k HP.local ManageM3Now 0 > > > > > > if needed ill dig out the hlogin we use, I cant remember if I changed that > > > > > > Thanks > > *Rhys Evans* > > *Technical Consultant* > > > > | *Redblade** Ltd** *| *Tel:* +44 (0)845 094 2389 | *Fax:* +44 (0)20 7735 > 1555 | *Southbank* House, Vauxhall |* **www*.redblade.co.uk | > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Rainer Schubert > *Sent:* 05 June 2013 10:37 > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] hp procurve 2510 stack commander > > > > Hi all, > > > > I'm using rancid to backup my configs. Now I have colocation with a > hp-procurve stack-membership. the current patch: > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2011-January/005456.html > > > > is not working for me. hlogin hangs always at > > > > *Enter switch number to connect to or :* > > > > It's not possible to enter any character at the hlogin trials. > > > > Is there anything else to do? > > > > best regards > > > > > > Redblade Ltd is a Company Limited by Guarantee, registered in England, no: > 5821834 Registered Office: Southbank House, Black Prince Road, Vauxhall, > London, SE1 7SJ This email and its content are subject to the disclaimer as > displayed at the following link http://www.redblade.co.uk/disclaimer.htm > > > Redblade Ltd is a Company Limited by Guarantee, registered in England, > no: 5821834 Registered Office: Southbank House, Black Prince Road, > Vauxhall, London, SE1 7SJ This email and its content are subject to the > disclaimer as displayed at the following link > http://www.redblade.co.uk/disclaimer.htm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Jun 6 15:20:34 2013 From: heas at shrubbery.net (heasley) Date: Thu, 6 Jun 2013 15:20:34 +0000 Subject: [rancid] Rancid / Fortigate In-Reply-To: <51B04283.4040300@newnet.co.uk> References: <51AF32CF.3080407@newnet.co.uk> <20130605144832.GD50571@shrubbery.net> <51B04283.4040300@newnet.co.uk> Message-ID: <20130606152034.GD87638@shrubbery.net> Thu, Jun 06, 2013 at 08:04:19AM +0000, Richard Savage: > Many thanks for the patch, that works a treat on the Certificates. We are still seeing password chainging everytime though. > > > - set password ENC SWXEIX34s+aUBMlwZvFECK4DvTETIr70Kt61g9OaLoDwqjIHop/isuc8ICAmMyeRI9YwXn7FLBpe7UnVfzQa90R447az26V4TpJQKtg6JshN9aM1 > + set password ENC 60VIeppXE7a/GFxdxOriZ2tWsUKhXD19qT6XAth3vnLP/6tuZk9p9+gSZ2YAHJNCAbKCWcziCI9LFfyRuL2UgumBU+0MHBTFXyC4PZW0S4GkZNI8 > > Is there something to prevent this? The code only filters this if FILTER_PWDS is set. Is this a new problem with the fortigate? ie: did the mfg change the code and cause this issue. If so, I'd ask that you complain to the mfg and leave the code until its known if they'll fix it. > Thanks > > Rich > > > On 05/06/13 15:48, heasley wrote: > > Wed, Jun 05, 2013 at 12:45:03PM +0000, Richard Savage: > >> Hi > >> > >> I am currently running rancid 2.3.8-3 on a debian server. > > ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.p4.gz > > > >> I am backing up 3 fortinet firewalls and everytime rancid runs it produces a diff against various things changing. This > >> happens on every run even if no config changes have been made to the firewall: > >> > >> @@ -2538,7 +2538,7 @@ > >> end > >> config system autoupdate tunneling > >> set address '' > >> - set password ENC 7rz3NZFEnq39bkDpQoOq1xFb9S+pQwBXZedGObWBC7hC/QYQBMnsGbxKvbtSLtmBELRLqU631S6JPt8jsr0qKo2r10Vv5UzYddzby6Q3tWIls1IC > >> + set password ENC 51lWQzr6MmALlpq9n4uTbPbGcL9XHTvXmQ4kMLcz3u2Ua8yt9tkanbZp0J5uaKsiLqgLqEIKnQQFQYKoh+qNcGSeDMsFhHk/H18pPn4nuBQ0IxMq > >> set port 0 > >> set status disable > >> set username '' > >> > >> > >> @@ -7474,23 +7474,23 @@ > >> end > >> config vpn certificate local > >> edit "Fortinet_Factory" > >> - set password ENC NNWSYkoMA+edjwo5LVP2a1M6K20cxS0iN/wkGwA6F39glvzYWmk3z9KoN7L//UR86M3u+8+d7Kk0k79NYf63wkLtpZnxRYWrLPTLeunMQLD5Rz2f > >> + set password ENC 0QNWT3omKlWgl1dROK2zvJDEdmhmrOQcre178jDza1qcDDJ4ROArDrJ2mWi5qIFFS6cZs8rIa9rUv34zvfmC/8U/xorbn6g/c1/jKfoCNo5KTP1E > >> set private-key "-----BEGIN RSA PRIVATE KEY----- > >> Proc-Type: 4,ENCRYPTED > >> - DEK-Info: DES-EDE3-CBC,A8B9D863C86CD1F9 > >> - 8+cZant/s9PvQE2cK0010WPxMAXo7cp8BnmhCBpjvo7wEKXux+5yasNhe1ZxDcZm > >> - j7PmNrqqO+J6qG5Whd90Hp9BCJ8eNYQJojW0IfB2RPYocD058bk+kjZ7MPov/JBz > >> - QgDhnzoP9qFjPzA2GGMQ+1JFMJZI63VlRGUhKnN8xc0X1B9oHnb7U3/d3wipSekM > >> - eSKd4Sy6kcZJc726OV273pr6ftJyob1tDmIGXZzMRgAzUehFO1w+2u39hPsTOcq/ > >> - IyF/RKTcfXoLilPFwZQvpDzIlurzCCv1ySsxhpFCKLScPaCwaTY6g8qz03VTMC6h > >> + DEK-Info: DES-EDE3-CBC,39706AFBAD7CE8DF > >> + 9KJ7kMJlzqKVFwS8dChmvlalrMbIKd0AxSo9VU/Wa1MSPo6HN8IjCAUtcM9zvbSX > >> + E7aCk75D8vglifkuRqa+wtCcT8xVrEdwnHXpkvc9RH2JPs4JRhOyrYUAsnCMkQp3 > >> + rLS0OditRHWbxG8M5xo5V2dIs7L6wkN7wJ9Rdrj+AKf49bsLayIdTkF4ruG0tBXR > >> + ugQDLe6G6lCq2CW3y0m6SA5fQE2bXQy0YztDrHSZzzm5wXHhfpEUzmAU9gR1kl/s > >> + V1+fzVRhIXw2sf8CoH83DLvON0wiNOE/J9BhUgvxq9SzbRPhXrUS/58S1cdr7Wz > >> > >> -----END RSA PRIVATE KEY-----" > >> > >> > >> I have looked back through the archives and found something similar back in 2010 but would assume that the patch has > >> been integrated into the latest version. > >> > >> Could any one suggest a fix for this as its getting slightly annoying getting a diff everytime there is a backup. > >> > This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to privacy at newnet.co.uk and delete any copies. For information about how we process data and monitor communications please see our privacy statement. From alan.mckinnon at gmail.com Thu Jun 6 14:57:10 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 06 Jun 2013 16:57:10 +0200 Subject: [rancid] Checking for root In-Reply-To: References: Message-ID: <51B0A346.7020601@gmail.com> On 06/06/2013 16:45, Matthew Walster wrote: > More often than not, people are coming to me with RANCID issues that > have arisen because someone has been impatient and decided to run > rancid-run manually rather than letting the next run initiate manually. > > The only problem with that is that they tend to run it as "root" rather > than the rancid user. > > Would it be worth putting a check in so that rancid-run script won't run > unless it's as a non-privileged user (or even better, build it into the > automake run to discover the intended final user). > > Simple code sample: > > if [[ $EUID -eq 0 && $force -ne 1 ]] > then > echo "Run this as the RANCID user!" > exit 1 > fi > > There's a "force" option there, just in case you really did run it as > root, which seems like bad practice to me... > > Just a thought! +1 I'm all in favour of scripts not letting themselves be run as root. The automake idea is better still, as permissions and ownerships issues from running scripts as the wrong user can be very annoying to track down, and that problem never resolves. Personally, I also always apply this rule forcefully with no recourse: Anyone who abuses the root account loses the root account. Naturally, this is not a technical solution :-) -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Thu Jun 6 15:34:42 2013 From: heas at shrubbery.net (heasley) Date: Thu, 6 Jun 2013 15:34:42 +0000 Subject: [rancid] Checking for root In-Reply-To: <51B0A346.7020601@gmail.com> References: <51B0A346.7020601@gmail.com> Message-ID: <20130606153442.GF87638@shrubbery.net> Thu, Jun 06, 2013 at 04:57:10PM +0200, Alan McKinnon: > On 06/06/2013 16:45, Matthew Walster wrote: > > More often than not, people are coming to me with RANCID issues that > > have arisen because someone has been impatient and decided to run > > rancid-run manually rather than letting the next run initiate manually. > > > > The only problem with that is that they tend to run it as "root" rather > > than the rancid user. > > > > Would it be worth putting a check in so that rancid-run script won't run > > unless it's as a non-privileged user (or even better, build it into the > > automake run to discover the intended final user). > > > > Simple code sample: > > > > if [[ $EUID -eq 0 && $force -ne 1 ]] > > then > > echo "Run this as the RANCID user!" > > exit 1 > > fi > > > > There's a "force" option there, just in case you really did run it as > > root, which seems like bad practice to me... > > > > Just a thought! > > > +1 > > I'm all in favour of scripts not letting themselves be run as root. The > automake idea is better still, as permissions and ownerships issues from > running scripts as the wrong user can be very annoying to track down, > and that problem never resolves. > > Personally, I also always apply this rule forcefully with no recourse: > > Anyone who abuses the root account loses the root account. s/abuses/doesnt know what theyre doing with/ anyway, i dont care for such checks, i know what my UID is and things that think they must protect me from myself are just annoying and its not the Unix manner. but, if folks would like this, i'd be willing to add a check that is enabled by a rancid.conf option, which i believe would be sufficient, right? From matthew at walster.org Thu Jun 6 19:26:56 2013 From: matthew at walster.org (Matthew Walster) Date: Thu, 6 Jun 2013 20:26:56 +0100 Subject: [rancid] Checking for root In-Reply-To: <20130606153442.GF87638@shrubbery.net> References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> Message-ID: On 6 June 2013 16:34, heasley wrote: > Thu, Jun 06, 2013 at 04:57:10PM +0200, Alan McKinnon: > > Anyone who abuses the root account loses the root account. > > s/abuses/doesnt know what theyre doing with/ > ?Some of those that have done this have done it absent mindedly, they are just used to doing "sudo xyz" if "xyz" didn't work in the first place.? > anyway, i dont care for such checks, i know what my UID is and things that > think they must protect me from myself are just annoying and its not the > Unix manner. but, if folks would like this, i'd be willing to add a check > that is enabled by a rancid.conf option, which i believe would be > sufficient, > right? That would be great if you could incorporate it into a future release -- it's caught quite a few people out (most of whom should know better, but were touching RANCID for the first time adding a new router or similar through puppet then running rancid-run manually). It's not an urgent or important feature by any rate, but it'd be a great thing to see! M?? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Thu Jun 6 20:52:50 2013 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 06 Jun 2013 21:52:50 +0100 Subject: [rancid] Checking for root In-Reply-To: <20130606153442.GF87638@shrubbery.net> References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> Message-ID: On 2013-06-06 16:34, heasley wrote: > i'd be willing to add a check that is enabled by a rancid.conf > option, > which i believe would be sufficient, right? If it's not the default, then it will catch instances where a forward-thinking admin [or package maintainer] thinks to enable it; it won't help noobs setting RANCID working on their own. alexd From alan.mckinnon at gmail.com Thu Jun 6 21:36:37 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 06 Jun 2013 23:36:37 +0200 Subject: [rancid] Checking for root In-Reply-To: <20130606153442.GF87638@shrubbery.net> References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> Message-ID: <51B100E5.1030404@gmail.com> On 06/06/2013 17:34, heasley wrote: > Thu, Jun 06, 2013 at 04:57:10PM +0200, Alan McKinnon: >> On 06/06/2013 16:45, Matthew Walster wrote: >>> More often than not, people are coming to me with RANCID issues that >>> have arisen because someone has been impatient and decided to run >>> rancid-run manually rather than letting the next run initiate manually. >>> >>> The only problem with that is that they tend to run it as "root" rather >>> than the rancid user. >>> >>> Would it be worth putting a check in so that rancid-run script won't run >>> unless it's as a non-privileged user (or even better, build it into the >>> automake run to discover the intended final user). >>> >>> Simple code sample: >>> >>> if [[ $EUID -eq 0 && $force -ne 1 ]] >>> then >>> echo "Run this as the RANCID user!" >>> exit 1 >>> fi >>> >>> There's a "force" option there, just in case you really did run it as >>> root, which seems like bad practice to me... >>> >>> Just a thought! >> >> >> +1 >> >> I'm all in favour of scripts not letting themselves be run as root. The >> automake idea is better still, as permissions and ownerships issues from >> running scripts as the wrong user can be very annoying to track down, >> and that problem never resolves. >> >> Personally, I also always apply this rule forcefully with no recourse: >> >> Anyone who abuses the root account loses the root account. > > s/abuses/doesnt know what theyre doing with/ > > anyway, i dont care for such checks, i know what my UID is and things that > think they must protect me from myself are just annoying and its not the > Unix manner. but, if folks would like this, i'd be willing to add a check > that is enabled by a rancid.conf option, which i believe would be sufficient, > right? That could work but I'd prefer a build time option, lets the sysadmin decide what global rules are in play. It's a concession to reality - rancid is extensively used in corporate and semi-corporate environments where the sysadmin often doesn't get to decide who the other users are. Lesser of two evils - bend TheUnixWay a little, or have to deal with chown a lot -- Alan McKinnon alan.mckinnon at gmail.com From rainer.hartwig.schubert at gmail.com Fri Jun 7 12:19:11 2013 From: rainer.hartwig.schubert at gmail.com (Rainer Schubert) Date: Fri, 7 Jun 2013 14:19:11 +0200 Subject: [rancid] hp procurve 2510 stack commander In-Reply-To: References: <6255E337EB514643BB5953FA011E63DC6DE813AC@S-EXMBX01.Services.local> <6255E337EB514643BB5953FA011E63DC6DE82CF4@S-EXMBX01.Services.local> Message-ID: It works! If set avautoenable is enabled you can't login to the commander switches. So you have disable this feature and reconfigure your .cloginrc. Rhys Evans, thank you very much for your help! 2013/6/6 Rainer Schubert > Hi, > > thank you for the file, but my problem is still the same. I have activated > the following option in my hlogin: > > set avautoenable 1 > > It works perfect for the main swichtes, but the commander hangs. > > > > > > 2013/6/6 Rhys Evans > >> HI >> >> >> >> Please find attached >> >> >> >> Thanks >> >> >> >> *Rhys Evans* >> >> *Technical Consultant* >> >> >> >> | *Redblade** Ltd** *| *Tel:* +44 (0)845 094 2389 | *Fax:* +44 (0)20 >> 7735 1555 | *Southbank* House, Vauxhall |* **www*.redblade.co.uk |** >> >> >> >> *From:* Rainer Schubert [mailto:rainer.hartwig.schubert at gmail.com] >> *Sent:* 06 June 2013 14:25 >> *To:* Rhys Evans >> *Cc:* rancid-discuss at shrubbery.net >> *Subject:* Re: [rancid] hp procurve 2510 stack commander >> >> >> >> Hi, >> >> >> >> clogin seems to working, but hlogin hangs still at the same point. Could >> have a look at your hlogin, if there was made any changes? >> >> >> >> thanks in advance >> >> >> >> >> >> >> >> 2013/6/6 Rhys Evans >> >> Hi >> >> >> >> I have this in my cloginrc for our Hp stacks >> >> >> >> #HP Devices >> >> add autoenable HP.local 0 >> >> add enableprompt HP.local {Enter switch number to connect to or :} >> >> add password k HP.local ManageM3Now 0 >> >> >> >> >> >> if needed ill dig out the hlogin we use, I cant remember if I changed that >> >> >> >> >> >> Thanks >> >> *Rhys Evans* >> >> *Technical Consultant* >> >> >> >> | *Redblade** Ltd** *| *Tel:* +44 (0)845 094 2389 | *Fax:* +44 (0)20 >> 7735 1555 | *Southbank* House, Vauxhall |* **www*.redblade.co.uk | >> >> >> >> *From:* rancid-discuss-bounces at shrubbery.net [mailto: >> rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Rainer Schubert >> *Sent:* 05 June 2013 10:37 >> *To:* rancid-discuss at shrubbery.net >> *Subject:* [rancid] hp procurve 2510 stack commander >> >> >> >> Hi all, >> >> >> >> I'm using rancid to backup my configs. Now I have colocation with a >> hp-procurve stack-membership. the current patch: >> >> >> >> http://www.shrubbery.net/pipermail/rancid-discuss/2011-January/005456.html >> >> >> >> is not working for me. hlogin hangs always at >> >> >> >> *Enter switch number to connect to or :* >> >> >> >> It's not possible to enter any character at the hlogin trials. >> >> >> >> Is there anything else to do? >> >> >> >> best regards >> >> >> >> >> >> Redblade Ltd is a Company Limited by Guarantee, registered in England, >> no: 5821834 Registered Office: Southbank House, Black Prince Road, >> Vauxhall, London, SE1 7SJ This email and its content are subject to the >> disclaimer as displayed at the following link >> http://www.redblade.co.uk/disclaimer.htm >> >> >> Redblade Ltd is a Company Limited by Guarantee, registered in England, >> no: 5821834 Registered Office: Southbank House, Black Prince Road, >> Vauxhall, London, SE1 7SJ This email and its content are subject to the >> disclaimer as displayed at the following link >> http://www.redblade.co.uk/disclaimer.htm >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jun 7 15:22:21 2013 From: heas at shrubbery.net (heasley) Date: Fri, 7 Jun 2013 15:22:21 +0000 Subject: [rancid] Checking for root In-Reply-To: References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> Message-ID: <20130607152221.GB21996@shrubbery.net> Thu, Jun 06, 2013 at 09:52:50PM +0100, Alex DEKKER: > On 2013-06-06 16:34, heasley wrote: > > i'd be willing to add a check that is enabled by a rancid.conf > > option, > > which i believe would be sufficient, right? > > If it's not the default, then it will catch instances where a > forward-thinking admin [or package maintainer] thinks to enable it; it > won't help noobs setting RANCID working on their own. so, ./configure --noobpid ? how about just adding the check to rancid.conf? that affects everything that reads it, the check can be customized (like adding a timer), or completely disabled w/o an arg/etc. > alexd > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From saulozimbaro at gmail.com Sat Jun 8 15:42:46 2013 From: saulozimbaro at gmail.com (Saulo Zimbaro) Date: Sat, 8 Jun 2013 12:42:46 -0300 Subject: [rancid] Bkp DELL PC 5548 and 5448 with Rancid Message-ID: Hi all, I tried to bkp my DELL PC 5548 and 5448 with dlogin/drancid sh but not working. dlogin works fine: -bash-3.2$ bin/dlogin dlsw-office-rjo031 dlsw-office-rjo031 spawn telnet dlsw-office-rjo031 Trying 192.168.223.31... Connected to dlsw-office-rjo031 (192.168.223.31). Escape character is '^]'. User Name:producao Password:******** dlsw-office-rjo031# But log this: [root at acobr099048 logs]# tail -f networking.20130608.123251 starting: Sat Jun 8 12:32:51 BRT 2013 Trying to get all of the configs. found_end = 0, clean_run = 0 dlsw-office-rjo031 dlogin error: Error: TIMEOUT reached dlsw-office-rjo031: missed cmd(s): show version,show system,show system id,show running-config,show vlan dlsw-office-rjo031: End of run not found ! ===================================== Getting missed routers: round 1. found_end = 0, clean_run = 0 dlsw-office-rjo031 dlogin error: Error: TIMEOUT reached dlsw-office-rjo031: missed cmd(s): show version,show system,show system id,show running-config,show vlan dlsw-office-rjo031: End of run not found ! ===================================== Getting missed routers: round 2. found_end = 0, clean_run = 0 dlsw-office-rjo031 dlogin error: Error: TIMEOUT reached dlsw-office-rjo031: missed cmd(s): show version,show system,show system id,show running-config,show vlan dlsw-office-rjo031: End of run not found ! ===================================== Getting missed routers: round 3. found_end = 0, clean_run = 0 dlsw-office-rjo031 dlogin error: Error: TIMEOUT reached dlsw-office-rjo031: missed cmd(s): show version,show system,show system id,show running-config,show vlan dlsw-office-rjo031: End of run not found ! ===================================== Getting missed routers: round 4. found_end = 0, clean_run = 0 dlsw-office-rjo031 dlogin error: Error: TIMEOUT reached dlsw-office-rjo031: missed cmd(s): show version,show system,show system id,show running-config,show vlan dlsw-office-rjo031: End of run not found ! cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ending: Sat Jun 8 12:40:30 BRT 2013 Any ideas? thanks! -- *Saulo Zimbaro* Mobile ) (+55) 21 9800-0100 *saulozimbaro at gmail.com *saulo at zimbaro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From adudek16 at gmail.com Sat Jun 8 19:04:20 2013 From: adudek16 at gmail.com (Aaron Dudek) Date: Sat, 8 Jun 2013 15:04:20 -0400 Subject: [rancid] Checking for root In-Reply-To: <20130607152221.GB21996@shrubbery.net> References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> <20130607152221.GB21996@shrubbery.net> Message-ID: Seems like a good compromise. Assuming the person installing knows to add it. On Friday, June 7, 2013, heasley wrote: > Thu, Jun 06, 2013 at 09:52:50PM +0100, Alex DEKKER: > > On 2013-06-06 16:34, heasley wrote: > > > i'd be willing to add a check that is enabled by a rancid.conf > > > option, > > > which i believe would be sufficient, right? > > > > If it's not the default, then it will catch instances where a > > forward-thinking admin [or package maintainer] thinks to enable it; it > > won't help noobs setting RANCID working on their own. > > so, ./configure --noobpid ? > > how about just adding the check to rancid.conf? that affects everything > that > reads it, the check can be customized (like adding a timer), or completely > disabled w/o an arg/etc. > > > alexd > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthew at walster.org Sat Jun 8 20:20:23 2013 From: matthew at walster.org (Matthew Walster) Date: Sat, 8 Jun 2013 21:20:23 +0100 Subject: [rancid] Checking for root In-Reply-To: <20130607152221.GB21996@shrubbery.net> References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> <20130607152221.GB21996@shrubbery.net> Message-ID: On 7 June 2013 16:22, heasley wrote: > Thu, Jun 06, 2013 at 09:52:50PM +0100, Alex DEKKER: > > If it's not the default, then it will catch instances where a > > forward-thinking admin [or package maintainer] thinks to enable it; it > > won't help noobs setting RANCID working on their own. > > so, ./configure --noobpid ? > ?As hilarious as that would be... ;) > how about just adding the check to rancid.conf? that affects everything > that > reads it, the check can be customized (like adding a timer), or completely > disabled w/o an arg/etc. It'd be great if it was default-on though. Just my opinion though, like you say, it's only people unfamiliar with how RANCID works and think they're being helpful by running rancid-run immediately after altering a router.db M?? -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jun 11 00:23:32 2013 From: heas at shrubbery.net (heasley) Date: Tue, 11 Jun 2013 00:23:32 +0000 Subject: [rancid] Checking for root In-Reply-To: References: <51B0A346.7020601@gmail.com> <20130606153442.GF87638@shrubbery.net> <20130607152221.GB21996@shrubbery.net> Message-ID: <20130611002332.GG3951@shrubbery.net> Sat, Jun 08, 2013 at 03:04:20PM -0400, Aaron Dudek: > Seems like a good compromise. Assuming the person installing knows to add > it. new installations would get it be default, others might merge it when updating, but existing installations would not otherwise. > On Friday, June 7, 2013, heasley wrote: > > > Thu, Jun 06, 2013 at 09:52:50PM +0100, Alex DEKKER: > > > On 2013-06-06 16:34, heasley wrote: > > > > i'd be willing to add a check that is enabled by a rancid.conf > > > > option, > > > > which i believe would be sufficient, right? > > > > > > If it's not the default, then it will catch instances where a > > > forward-thinking admin [or package maintainer] thinks to enable it; it > > > won't help noobs setting RANCID working on their own. > > > > so, ./configure --noobpid ? > > > > how about just adding the check to rancid.conf? that affects everything > > that > > reads it, the check can be customized (like adding a timer), or completely > > disabled w/o an arg/etc. > > > > > alexd > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From paul at gear.dyndns.org Wed Jun 12 22:43:57 2013 From: paul at gear.dyndns.org (Paul Gear) Date: Thu, 13 Jun 2013 08:43:57 +1000 Subject: [rancid] End of run not found on telnet In-Reply-To: <5690A63E-FB9A-4878-AA80-54A5D595E801@wiu.edu> References: <5690A63E-FB9A-4878-AA80-54A5D595E801@wiu.edu> Message-ID: On 06/06/2013 12:22 AM, Gary Douglas wrote: > I have rancid 2.3.6 up an running on Ubuntu server. All devices are > Cisco. SSH is working fine. When I try run rancid on switches that only > support telnet, I get the following error. > > switch: missed cmd(s): write term,show running-config > switch: End of run not found > > clogin works great to these switches. I though it might be the expect > problem. I downloaded and installed expect-5.43.0_hack.tar.bz2 and > tcl8.4.18-src.tar.gz from the ftp site. This did not resolve the problem. > > Any ideas on what or where I need to look. Hi Gary, I've seen similar things when autoenable was set to the wrong value. Regards, Paul From Gregory.Polanski at Virteva.com Wed Jun 12 23:19:03 2013 From: Gregory.Polanski at Virteva.com (Polanski, Gregory) Date: Wed, 12 Jun 2013 23:19:03 +0000 Subject: [rancid] End of run not found on telnet In-Reply-To: References: <5690A63E-FB9A-4878-AA80-54A5D595E801@wiu.edu> Message-ID: <67304E6BFD3F26409440F1BC717C143E0C1EBDF5@VRTW8EXC01.corp.int> Folks Check the login and motd banner. If there is a '#' in the banner, it will suppress the enable commands and the produce the errors that you are seeing. This debug sequence has been helpful to me sudo login -f rancid As user rancid source /etc/rancid/rancid.conf NOPIPE=yes;export NOPIPE rancid -d switchname Look for *.new and *.raw in the directory Regards Greg -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Paul Gear Sent: Wednesday, June 12, 2013 5:44 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] End of run not found on telnet On 06/06/2013 12:22 AM, Gary Douglas wrote: > I have rancid 2.3.6 up an running on Ubuntu server. All devices are > Cisco. SSH is working fine. When I try run rancid on switches that only > support telnet, I get the following error. > > switch: missed cmd(s): write term,show running-config > switch: End of run not found > > clogin works great to these switches. I though it might be the expect > problem. I downloaded and installed expect-5.43.0_hack.tar.bz2 and > tcl8.4.18-src.tar.gz from the ftp site. This did not resolve the problem. > > Any ideas on what or where I need to look. Hi Gary, I've seen similar things when autoenable was set to the wrong value. Regards, Paul _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From relst at relst.nl Mon Jun 17 05:10:20 2013 From: relst at relst.nl (Remy van Elst) Date: Mon, 17 Jun 2013 07:10:20 +0200 Subject: [rancid] Support for the Cisco SF300 Message-ID: Howdy, Does RANCID supports the Cisco SF300 SMB switches? The regular 'cisco' and the 'cisco-sb' (from http://chrpinedo.blogspot.nl/2012/03/cisco-small-business-sg300-backup-with .html) give me an empty file in the cvs, while direct logging in on the switch and doing a sho ru (after enable) works just fine. Any tips or help? From alan.mckinnon at gmail.com Mon Jun 17 14:38:50 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 17 Jun 2013 16:38:50 +0200 Subject: [rancid] Support for the Cisco SF300 In-Reply-To: References: Message-ID: <51BF1F7A.6020007@gmail.com> On 17/06/2013 07:10, Remy van Elst wrote: > Howdy, > > Does RANCID supports the Cisco SF300 SMB switches? The regular 'cisco' and > the 'cisco-sb' (from > http://chrpinedo.blogspot.nl/2012/03/cisco-small-business-sg300-backup-with > .html) give me an empty file in the cvs, while direct logging in on the > switch and doing a sho ru (after enable) works just fine. > > Any tips or help? Have you checked the usual: - password, username and method correct in ~/.cloginrc - No ">" and "#" chars in banner - prompt is sane (ends in # when enabled) - does clogin work and enable the user? - what's in the logs? - "rancid -d " leaves a .new file in . that often contains clues -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Mon Jun 17 19:21:55 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 17 Jun 2013 21:21:55 +0200 Subject: [rancid] Limit commands run for GSR Message-ID: <51BF61D3.2080500@gmail.com> Hi, Our provider edge runs on GSR 12's and they carry a hefty config. NetOps complain that rancid noticeably spikes the cpu load [1] when it runs these 4 (essentially the same) commands. {'more system:running-config' => 'WriteTerm'}, # ASA/PIX { running-config view full'=> 'WriteTerm'}, # workaround for {'show running-config' => 'WriteTerm'}, {'write term' => 'WriteTerm'}, I got it under control easily by forking rancid to a gsrrancid script and removing the bits I don't want from @commandtable. I'd rather not do it this way, I'd like to have this in the rancid parser. But I can't figure a way to modify @commandtable at runtime based on chassis/OS type. Ideas? [1] It's a legit complaint, not a fiction of a NetOps engineer's imagination. On every other chassis I can ignore the effects rancid causes, but not these ones. We do things with the 12k most folks think should not be possible :-) -- Alan McKinnon alan.mckinnon at gmail.com From peterjackson1610 at gmail.com Tue Jun 18 01:42:59 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Mon, 17 Jun 2013 21:42:59 -0400 Subject: [rancid] Limit commands run for GSR In-Reply-To: <51BF61D3.2080500@gmail.com> References: <51BF61D3.2080500@gmail.com> Message-ID: Check out some of the other command sections that are skipped for certain 'types'. Figure out the type that rancid sets for the GSRs and use the line below (formatted for the correct type) in the command sections you don't want to run for them. I assume the following would skip 12006, 12010, 12404, 12410, etc.: return(1) if ($type !~ /^12[40]/); On Mon, Jun 17, 2013 at 3:21 PM, Alan McKinnon wrote: > Hi, > > Our provider edge runs on GSR 12's and they carry a hefty config. NetOps > complain that rancid noticeably spikes the cpu load [1] when it runs > these 4 (essentially the same) commands. > > {'more system:running-config' => 'WriteTerm'}, # ASA/PIX > { running-config view full'=> 'WriteTerm'}, # workaround for > {'show running-config' => 'WriteTerm'}, > {'write term' => 'WriteTerm'}, > > I got it under control easily by forking rancid to a gsrrancid script > and removing the bits I don't want from @commandtable. > > I'd rather not do it this way, I'd like to have this in the rancid > parser. But I can't figure a way to modify @commandtable at runtime > based on chassis/OS type. > > Ideas? > > > [1] It's a legit complaint, not a fiction of a NetOps engineer's > imagination. On every other chassis I can ignore the effects rancid > causes, but not these ones. We do things with the 12k most folks think > should not be possible :-) > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nicolas-ml at deffayet.com Tue Jun 18 20:22:13 2013 From: nicolas-ml at deffayet.com (Nicolas DEFFAYET) Date: Tue, 18 Jun 2013 22:22:13 +0200 Subject: [rancid] Support for the Cisco SF300 In-Reply-To: References: Message-ID: <1371586933.25786.1.camel@fr-wks3.corp.novso.com> On Mon, 2013-06-17 at 07:10 +0200, Remy van Elst wrote: Hello, > Does RANCID supports the Cisco SF300 SMB switches? The regular 'cisco' and > the 'cisco-sb' (from > http://chrpinedo.blogspot.nl/2012/03/cisco-small-business-sg300-backup-with > .html) give me an empty file in the cvs, while direct logging in on the > switch and doing a sho ru (after enable) works just fine. > > Any tips or help? I have updated original Christian Pinedo's work for support Cisco Small Business switch in Rancid: - Rancid 2.3.8 support - End of run fix (important for be sure to get the full configuration dump) Updated files can be found in attachment. -- Nicolas DEFFAYET -------------- next part -------------- #! /usr/bin/expect -- ## ## $Id: csblogin.in 1 2012-06-01 17:05:00Z n $ ## ## rancid 2.3.8 ## Copyright (c) 1997-2011 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # csblogin - Cisco Small Business switch login # # Most options are intuitive for logging into a Cisco Small Business switch. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-dV\] \[-c command\] \[-Evar=x\] \ \[-f cloginrc-file\] \[-p user-password\] \[-r passphrase\] \[-s script-file\] \ \[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \ router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 # Sometimes routers take awhile to answer (the default is 10 sec) set timeoutdflt 120 # # new option to provide "login" command capabilities set loginonly 0 # Find the user in the ENV, or use the unix userid. if {[info exists env(CISCO_USER)]} { set default_user $env(CISCO_USER) } elseif {[info exists env(USER)]} { set default_user $env(USER) } elseif {[info exists env(LOGNAME)]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [catch {exec id} reason] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[info exists env(CLOGINRC)]} { set password_file $env(CLOGINRC) } # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Command to run. -c* - -C* { if {! [regexp .\[cC\](.+) $arg ignore command]} { incr i set command [lindex $argv $i] } set do_command 1 # Expect debug mode } -d* { exp_internal 1 # Environment variable to pass to -s scripts } -E* { if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # alternate cloginrc file } -f* - -F* { if {! [regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [lindex $argv $i] } # user Password } -p* { if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } set do_passwd 0 # ssh passphrase } -r* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set vapassphrase [lindex $argv $i] } # Version string } -V* { send_user "rancid 2.3.8\n" exit 0 # Passphrase } -r* - -R* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set avpassphrase [lindex $argv $i] } # Expect script to run. } -s* { if {! [regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [lindex $argv $i] } if { ! [file readable $sfile] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # Timeout } -t* { if {! [regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeoutdflt [lindex $argv $i] } # Username } -u* - -U* { if {! [regexp .\[uU\](.+) $arg ignore user]} { incr i set username [lindex $argv $i] } # Command file } -x* { if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [lindex $argv $i] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [regexp .\[yY\](.+) $arg ignore cypher]} { incr i set cypher [lindex $argv $i] } } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user passwd cmethod cyphertype identfile } { global spawn_id in_proc do_command do_script passphrase global prompt sshcmd set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [catch {spawn telnet $router} reason] } else { set retval [catch {spawn telnet $router $port} reason] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif ![string compare $prog "ssh"] { # ssh to the router & try to login with or without an identfile. # We use two calls to spawn since spawn does not seem to parse # spaces correctly. if {$identfile != ""} { if [catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason] { send_user "\nError: failed to $sshcmd: $reason\n" return 1 } } else { if [catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason] { send_user "\nError: failed to $sshcmd: $reason\n" return 1 } } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } "Host is unreachable" { send_user "\nError: Host Unreachable: $router\n"; catch {close}; catch {wait}; return 1 } "No address associated with name" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } -re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \\(yes/no\\)\\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" { send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \\(yes/no\\)\\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } "Login Screen" { send "$user\t$passwd\r" exp_continue } "Switch Main Menu" { # send Ctrl+Z sleep 1; send "send \032" exp_continue } ">" { send "lcli\r" exp_continue } -re "User Name:$" { send "$user\r" exp_continue } -re "Password:$" { send "$passwd\r" exp_continue } -re "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "terminal datadump\r" expect -re $prompt {} set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send -- "[lindex $commands $i]\r" expect { -re "^\[^\n\r *]*$prompt *$" {} -re "^\[^\n\r]*$prompt." { exp_continue } -re "(\r\n|\n)" { exp_continue } } } send "exit\r\n" expect { "\n" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find timeout $router] if { [llength $timeout] == 0 } { set timeout $timeoutdflt } # Default prompt. set prompt "#" # Figure out username if {[info exists username]} { # command line username set loginname $username } else { set loginname [join [find user $router] ""] if { "$loginname" == "" } { set loginname $default_user } } # Figure out loginname's password (if different from the vty password) if {[info exists userpasswd]} { # command line passwd set passwd $userpasswd } else { set passwd [join [lindex [find userpassword $router] 0] ""] if { "$passwd" == "" } { set passwd [join [lindex [find password $router] 0] ""] if { "$passwd" == "" } { send_user "\nError: no password for $router in $password_file.\n" continue } } } # Figure out identity file to use set identfile [join [lindex [find identity $router] 0] ""] # Figure out passphrase to use if {[info exists avpassphrase]} { set passphrase $avpassphrase } else { set passphrase [join [lindex [find passphrase $router] 0] ""] } if { ! [string length "$passphrase"]} { set passphrase $passwd } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [join [lindex [find sshcmd $router] 0] ""] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} { incr exitval continue } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { send "terminal datadump\r" expect -re $prompt {} source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval -------------- next part -------------- A non-text attachment was scrubbed... Name: csbrancid Type: application/x-perl Size: 12617 bytes Desc: not available URL: From hpatil at securview.com Wed Jun 19 06:43:30 2013 From: hpatil at securview.com (Harshal Patil) Date: Wed, 19 Jun 2013 02:43:30 -0400 Subject: [rancid] Rancid CVS Problem Message-ID: <0B58A828ECF5874E8AF69053B9DB65A93C6E0A58F0@USNJ01EXC001> Hi All, I am reciving following errors in logs file while working on Rancid cvs commit: cannot open CVS/Entries for reading: No such file or directory cvs commit: nothing known about `router.db' cvs [commit aborted]: correct above errors first! ending: Wed Jun 19 11:56:26 IST 2013 Please let me know which file need to edit or any other way to correct this error Thanks Harshal ________________________________ Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium. -------------- next part -------------- An HTML attachment was scrubbed... URL: From saulozimbaro at gmail.com Wed Jun 19 18:04:34 2013 From: saulozimbaro at gmail.com (Saulo Zimbaro) Date: Wed, 19 Jun 2013 15:04:34 -0300 Subject: [rancid] ignoring flash memory changes Message-ID: It?s possible to ignoring memory changes in rancid backups? Index: configs/csfw-asa-office01 =================================================================== retrieving revision 1.239 diff -U 4 -r1.239 csfw-asa-office01 @@ -30,9 +30,9 @@ !Flash: 123 11348300 Feb 21 2011 16:17:54 asdm-621.bin !Flash: 3 4096 Dec 31 2002 22:03:48 log !Flash: 10 4096 Dec 31 2002 22:03:58 crypto_archive !Flash: 11 4096 Dec 31 2002 22:04:32 coredumpinfo - !Flash: 12 43 Jun 19 2013 09:00:27 coredumpinfo/coredump.cfg + !Flash: 12 43 Jun 19 2013 12:00:33 coredumpinfo/coredump.cfg !Flash: 125 12105313 Feb 21 2011 16:15:12 csd_3.5.841-k9.pkg !Flash: 126 4096 Feb 21 2011 16:15:14 sdesktop !Flash: 133 1462 Feb 21 2011 16:15:14 sdesktop/data.xml !Flash: 127 2857568 Feb 21 2011 16:15:16 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg -- *Saulo Zimbaro* Mobile ) (+55) 21 9800-0100 *saulozimbaro at gmail.com *saulo at zimbaro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed Jun 19 21:39:31 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 19 Jun 2013 23:39:31 +0200 Subject: [rancid] ignoring flash memory changes In-Reply-To: References: Message-ID: <51C22513.8040304@gmail.com> On 19/06/2013 20:04, Saulo Zimbaro wrote: > It?s possible to ignoring memory changes in rancid backups? > > Index: configs/csfw-asa-office01 > =================================================================== > retrieving revision 1.239 > diff -U 4 -r1.239 csfw-asa-office01 > @@ -30,9 +30,9 @@ > !Flash: 123 11348300 Feb 21 2011 16:17:54 asdm-621.bin > !Flash: 3 4096 Dec 31 2002 22:03:48 log > !Flash: 10 4096 Dec 31 2002 22:03:58 crypto_archive > !Flash: 11 4096 Dec 31 2002 22:04:32 coredumpinfo > - !Flash: 12 43 Jun 19 2013 09:00:27 coredumpinfo/coredump.cfg > + !Flash: 12 43 Jun 19 2013 12:00:33 coredumpinfo/coredump.cfg > !Flash: 125 12105313 Feb 21 2011 16:15:12 csd_3.5.841-k9.pkg > !Flash: 126 4096 Feb 21 2011 16:15:14 sdesktop > !Flash: 133 1462 Feb 21 2011 16:15:14 sdesktop/data.xml > !Flash: 127 2857568 Feb 21 2011 16:15:16 > anyconnect-wince-ARMv4I-2.4.1012-k9.pkg I don't know of a way to do this that is already built into shipped rancid. I've always held the view that some things are just not generic enough or detectable enough to be shipped out to everyone, so you get to maintain a few forks with your own customization. And there are nowadays so many IOSes with different behaviours.... You probably want to add something like this to ShowFlash: next if (/coredumpinfo\/coredump.cfg\$/); Untested of course so double check my regexes :-) Rancid could really benefit from some kind of call-out mechanism where we can add our own local tweaks and keep them out of the main code, but unfortunately 2.3.x doesn't have this. Perhaps a worthy addition to the 3.0 series! -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Thu Jun 20 07:28:20 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 20 Jun 2013 09:28:20 +0200 Subject: [rancid] Limit commands run for GSR In-Reply-To: References: <51BF61D3.2080500@gmail.com> Message-ID: <51C2AF14.6090004@gmail.com> On 18/06/2013 03:42, Peter Jackson wrote: > Check out some of the other command sections that are skipped for > certain 'types'. Figure out the type that rancid sets for the GSRs and > use the line below (formatted for the correct type) in the command > sections you don't want to run for them. > > I assume the following would skip 12006, 12010, 12404, 12410, etc.: > > return(1) if ($type !~ /^12[40]/); I think I missed replying to this one, sorry about that. I don't think that approach will work for me - I don't need to prevent rancid parsing the output, I need some commands to not be run on the device at all. That means I'd have to modify @commandtable based on chassis type so that clogin doesn't issue certain commands. But I don't know the chassis type until clogin has already run and minimally ShowVersion has already been parsed. By then it's too late. 3.0alpha looks like it might be moving in a direction that solves my problem quite nicely > > > > > On Mon, Jun 17, 2013 at 3:21 PM, Alan McKinnon > wrote: > > Hi, > > Our provider edge runs on GSR 12's and they carry a hefty config. NetOps > complain that rancid noticeably spikes the cpu load [1] when it runs > these 4 (essentially the same) commands. > > {'more system:running-config' => 'WriteTerm'}, # ASA/PIX > { running-config view full'=> 'WriteTerm'}, # workaround for > {'show running-config' => 'WriteTerm'}, > {'write term' => 'WriteTerm'}, > > I got it under control easily by forking rancid to a gsrrancid script > and removing the bits I don't want from @commandtable. > > I'd rather not do it this way, I'd like to have this in the rancid > parser. But I can't figure a way to modify @commandtable at runtime > based on chassis/OS type. > > Ideas? > > > [1] It's a legit complaint, not a fiction of a NetOps engineer's > imagination. On every other chassis I can ignore the effects rancid > causes, but not these ones. We do things with the 12k most folks think > should not be possible :-) > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From peterjackson1610 at gmail.com Thu Jun 20 14:36:02 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Thu, 20 Jun 2013 10:36:02 -0400 Subject: [rancid] Limit commands run for GSR In-Reply-To: <51C2AF14.6090004@gmail.com> References: <51BF61D3.2080500@gmail.com> <51C2AF14.6090004@gmail.com> Message-ID: Yeah, sorry Alan I wasn't thinking. I like the looks of 3.0 also but here is workaround for 2.3 that should work for you if the hostnames of your GSRs are unique - able to be matched by a regular expression. I think the only way to do this is with the hostname since no other information is passed to rancid. If you can't match your GSR hostnames by regexp, you could enter them all together. --- rancid.20130620 2013-06-20 09:53:03.344845839 -0400 +++ rancid 2013-06-20 10:00:50.874896393 -0400 @@ -2333,6 +2333,18 @@ {'write term' => 'WriteTerm'}, ); +my @commandtable2; +if ( $host =~ /gsr/ ){ #replace 'gsr' with GSR hostname regexp + foreach my $command ( @commandtable ) { + foreach my $key ( keys %$command ) { + unless ( $key =~ /running-config/ ){ #replace 'running-config' with a pipe-separated list of commands/command regexps to NOT run + push ( @commandtable2 ,( { $key => $command->{$key} } )); + } + } + } + @commandtable = @commandtable2; +} + # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); On Thu, Jun 20, 2013 at 3:28 AM, Alan McKinnon wrote: > On 18/06/2013 03:42, Peter Jackson wrote: > > Check out some of the other command sections that are skipped for > > certain 'types'. Figure out the type that rancid sets for the GSRs and > > use the line below (formatted for the correct type) in the command > > sections you don't want to run for them. > > > > I assume the following would skip 12006, 12010, 12404, 12410, etc.: > > > > return(1) if ($type !~ /^12[40]/); > > > > I think I missed replying to this one, sorry about that. > > I don't think that approach will work for me - I don't need to prevent > rancid parsing the output, I need some commands to not be run on the > device at all. > > That means I'd have to modify @commandtable based on chassis type so > that clogin doesn't issue certain commands. But I don't know the chassis > type until clogin has already run and minimally ShowVersion has already > been parsed. By then it's too late. > > 3.0alpha looks like it might be moving in a direction that solves my > problem quite nicely > > > > > > > > > > > > On Mon, Jun 17, 2013 at 3:21 PM, Alan McKinnon > > wrote: > > > > Hi, > > > > Our provider edge runs on GSR 12's and they carry a hefty config. > NetOps > > complain that rancid noticeably spikes the cpu load [1] when it runs > > these 4 (essentially the same) commands. > > > > {'more system:running-config' => 'WriteTerm'}, # ASA/PIX > > { running-config view full'=> 'WriteTerm'}, # workaround for > > {'show running-config' => 'WriteTerm'}, > > {'write term' => 'WriteTerm'}, > > > > I got it under control easily by forking rancid to a gsrrancid script > > and removing the bits I don't want from @commandtable. > > > > I'd rather not do it this way, I'd like to have this in the rancid > > parser. But I can't figure a way to modify @commandtable at runtime > > based on chassis/OS type. > > > > Ideas? > > > > > > [1] It's a legit complaint, not a fiction of a NetOps engineer's > > imagination. On every other chassis I can ignore the effects rancid > > causes, but not these ones. We do things with the 12k most folks > think > > should not be possible :-) > > > > -- > > Alan McKinnon > > alan.mckinnon at gmail.com > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jamesshride at yahoo.com Thu Jun 20 14:41:24 2013 From: jamesshride at yahoo.com (James Shride) Date: Thu, 20 Jun 2013 07:41:24 -0700 (PDT) Subject: [rancid] Help for total Rancid Newb / Linux Newb? Message-ID: <1371739284.4743.YahooMailNeo@web124505.mail.ne1.yahoo.com> Hi! 1. Linux Newb 2. Rancid Newb Here is the problem: ??? We have had a working rancid build in place for a while. However we no longer have the person who admin'd it. After a recent config change to a switch, its spamming the notification. I never noticed this behavior before. Is this indicative of an error in the switch config, or do I have to acknowledge this rancid alert or something? ??? I am grateful for any guidance or advice. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From rwest at zyedge.com Thu Jun 20 16:33:52 2013 From: rwest at zyedge.com (Ryan West) Date: Thu, 20 Jun 2013 16:33:52 +0000 Subject: [rancid] Help for total Rancid Newb / Linux Newb? In-Reply-To: <1371739284.4743.YahooMailNeo@web124505.mail.ne1.yahoo.com> References: <1371739284.4743.YahooMailNeo@web124505.mail.ne1.yahoo.com> Message-ID: What are you being spammed with? Do you have access to the shell as the rancid user? Sent from handheld. On Jun 20, 2013, at 12:19 PM, "James Shride" > wrote: Hi! 1. Linux Newb 2. Rancid Newb Here is the problem: We have had a working rancid build in place for a while. However we no longer have the person who admin'd it. After a recent config change to a switch, its spamming the notification. I never noticed this behavior before. Is this indicative of an error in the switch config, or do I have to acknowledge this rancid alert or something? I am grateful for any guidance or advice. Thanks! _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Wiethoff at tfh-bochum.de Fri Jun 21 09:23:35 2013 From: Wiethoff at tfh-bochum.de (Wiethoff, Helge) Date: Fri, 21 Jun 2013 09:23:35 +0000 Subject: [rancid] Allied Telesyn and Rancid Message-ID: <194290040642FB4D952083D79F7F7D1D2F68807F@BOHEMSX2010.rbbk.de> Hi all, i am new to Rancid and it took me a few hours to understand it ;-) But finally i think i got it mostly... Because i found no (for me) sufficient script for Allied Telesis-devices, i edited the cisco-stuff a bit. The files are attached, if anyone wants to use... Does anyone of you uses Switches from Microsens and build a Rancid-Script? Regards, Helge ________________________________ Helge Wiethoff Medienzentrum Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff at tfh-bochum.de Technische Fachhochschule Georg Agricola f?r Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft f?r Lehre und Bildung mbH Herner Stra?e 45 44787 Bochum http://www.tfh-bochum.de ________________________________ Tr?ger: DMT-Gesellschaft f?r Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052 Gesch?ftsf?hrung: Prof. Dr. J?rgen Kretschmann (Vorsitzender) Manfred Freitag -------------- next part -------------- A non-text attachment was scrubbed... Name: atlogin Type: application/octet-stream Size: 23699 bytes Desc: atlogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: atrancid Type: application/octet-stream Size: 10661 bytes Desc: atrancid URL: From peo at chalmers.se Fri Jun 21 09:53:07 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Fri, 21 Jun 2013 11:53:07 +0200 Subject: [rancid] cpu info missing from sup-2t Message-ID: <51C42283.7000804@chalmers.se> From Todo list for rancid-3.0a2 ... - cpu info missing from sup-2t Index: configs/r01.londen01.uk.bb.gin.ntt.net =================================================================== retrieving revision 1.807 diff -U 4 -r1.807 r01.londen01.uk.bb.gin.ntt.net @@ -1,24 +1,23 @@ !RANCID-CONTENT-TYPE: cisco ! !Chassis type: WS-C6509-E - a WS-C6509-E router - !CPU: R7000, SR71000 CPU at 600Mhz, impl 0x504, Rev 1.2, 512KB L2 Cache + !CPU: M8572 ... Have someone fixed this? Else this will add some more info for sup-2t:s $ diff -c rancid.in_ORG-2.3.8 rancid *** rancid.in_ORG-2.3.8 2012-01-31 23:55:13.000000000 +0100 --- rancid 2013-06-21 11:17:26.899859733 +0200 *************** *** 301,306 **** --- 336,353 ---- } $_ = ; } + if ($cpu =~ /M8572/) { + if (defined($cpu)) { + s/^ CPU://; + ProcessHistory("COMMENTS","keysort","A3", "!CPU: $cpu, $_"); + } + LINE: while () { + last LINE if /^\s*$/; + ProcessHistory("COMMENTS","keysort","A3", "!CPU: $_"); + last LINE if /^\s*I-cache/; + } + undef ($cpu); + } $_ = "" if (! /(cpu at |processor: |$cpu processor,)/i); tr/\015//d; s/implementation/impl/i; *************** Yes it's multiple lines in "show version" for sup-2t. Don't know if it safe to exit while loop on "I_cache" or "empty" line after. Left both if something change. Does this lines need a more strict match? diff from one of our sup-2t:s 4c4,8 < !CPU: M8572 --- > !CPU: M8572, MPC8572_E, Version: 2.1, (0x80E80021) > !CPU: CORE: E500, Version: 3.0, (0x80210030) > !CPU: CPU:1500MHz, CCB:600MHz, DDR:600MHz > !CPU: L1: D-cache 32 kB enabled > !CPU: I-cache 32 kB enabled /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From alan.mckinnon at gmail.com Fri Jun 21 10:33:30 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 21 Jun 2013 12:33:30 +0200 Subject: [rancid] Help for total Rancid Newb / Linux Newb? In-Reply-To: <1371739284.4743.YahooMailNeo@web124505.mail.ne1.yahoo.com> References: <1371739284.4743.YahooMailNeo@web124505.mail.ne1.yahoo.com> Message-ID: <51C42BFA.1090808@gmail.com> On 20/06/2013 16:41, James Shride wrote: > Hi! > > 1. Linux Newb > 2. Rancid Newb > > > Here is the problem: > We have had a working rancid build in place for a while. However we > no longer have the person who admin'd it. After a recent config change > to a switch, its spamming the notification. I never noticed this > behavior before. Is this indicative of an error in the switch config, or > do I have to acknowledge this rancid alert or something? > > > I am grateful for any guidance or advice. Most likely is that something in the switch's config is now cycling or changing frequently and rancid doesn't know to ignore it. I get these kinds of things all the time, I recall one case where an OS upgrade made many routers report on the cooling fan's rpm, you can imagine how much spam that would generate and how completely useless the info is :-) My solution for that was to add extra data checks in the code so that rancid would ignore it. Send a copy of the diff mails you get to the list so we can see what your switch is doing -- Alan McKinnon alan.mckinnon at gmail.com From peo at chalmers.se Mon Jun 24 07:49:41 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Mon, 24 Jun 2013 09:49:41 +0200 Subject: [rancid] Error handler for Cisco switches in rancid. Message-ID: <51C7FA15.6040904@chalmers.se> Hi I don't think error handler is doing what is expected. (2.3.8) After I added some extra debug, it shows that subroutines exit on "pointer line" (lines like " ^ ") instead of error text lines. For me it seems safer to use text lines for deciding how to exit. rancid -d cisco-sw1 ... HIT COMMAND:cisco-sw1#dir /all sec-bootflash: In DirSlotN: cisco-sw1#dir /all sec-bootflash: SUB return(1) parsing line: ^ HIT COMMAND:cisco-sw1#dir /all sec-slot0: In DirSlotN: cisco-sw1#dir /all sec-slot0: SUB return(1) parsing line: ^ ... After replacing < return(1) if (/^\s*\^\s*$/); --- > next if (/^\s*\^\s*$/); ... HIT COMMAND:cisco-sw1#dir /all sec-bootflash: In DirSlotN: cisco-sw1#dir /all sec-bootflash: SUB return(1) parsing line: % Invalid input detected at '^' marker. HIT COMMAND:cisco-sw1#dir /all sec-slot0: In DirSlotN: cisco-sw1#dir /all sec-slot0: SUB return(1) parsing line: % Invalid input detected at '^' marker. ... I only have a limited set of Cisco switches to test this on so it's possible that this not will work on all devices using rancid (device type=cisco). Some devices may depend on these "pointer lines" and is missing error handler for text. Extende debug code: diff -c rancid.in_ORG rancid ... *************** *** 2129,2141 **** --- 2210,2238 ---- last TOP; } $rval = &{$commands{$cmd}}; + $_last_line = $_; delete($commands{$cmd}); + if ($rval != 0) { + print STDERR ("SUB return\($rval\) parsing line: $_last_line\n") if ($debug); + } if ($rval == -1) { $clean_run = 0; + print STDOUT ("$host: \"$cmd\" failed parsing line: $_last_line\n"); + print STDERR ("$host: \"$cmd\" failed parsing line: $_last_line\n") if ($debug); last TOP; } } } ... /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From willie.s.hinote at nasa.gov Mon Jun 24 21:25:43 2013 From: willie.s.hinote at nasa.gov (Hinote, Scotty (MSFC-IS40)[NICS]) Date: Mon, 24 Jun 2013 16:25:43 -0500 Subject: [rancid] proper way to delete or remove a group using a subversion repository Message-ID: <8420D9D639CBE744B778A8916DFFC90FF82A78F318@NDMSSCC08.ndc.nasa.gov> Hi All, I am using RANCID with Subversion and I have a couple of groups that are no longer being used. If I delete the unwanted group from the rancid.conf and move the group directory to another location to simulate deletion then execute a rancid-cvs and rancid-run, I still get a full copy of the removed directory when I perform a svn checkout. How do I properly remove the group from the main RANCID directory and from the Subversion repository so that it is no longer under version control? I did try to svn delete the group directory but I am informed that "." is not a working copy. I am worried that just moving (deleting) the directory and taking no further steps will cause some issues in the future with the Subversion repository. I am also using svnsync to store and offsite copy of the repository that I want to make sure is not corrupted by improperly removing a group directory. Thank you, Scotty -------------- next part -------------- An HTML attachment was scrubbed... URL: From jshride at ivytech.edu Mon Jun 24 21:32:19 2013 From: jshride at ivytech.edu (James E. Shride) Date: Mon, 24 Jun 2013 17:32:19 -0400 Subject: [rancid] Help for total Rancid Newb / Linux Newb? (Ryan West) Message-ID: Yes, The spam is config changes. It's the same few config changes we made days ago but it's still being promptly sent out hourly. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of rancid-discuss-request at shrubbery.net Sent: Monday, June 24, 2013 5:26 PM To: rancid-discuss at shrubbery.net Subject: Rancid-discuss Digest, Vol 32, Issue 4 Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: Checking for root (heasley) 2. Re: End of run not found on telnet (Paul Gear) 3. Re: End of run not found on telnet (Polanski, Gregory) 4. Support for the Cisco SF300 (Remy van Elst) 5. Re: Support for the Cisco SF300 (Alan McKinnon) 6. Limit commands run for GSR (Alan McKinnon) 7. Re: Limit commands run for GSR (Peter Jackson) 8. Re: Support for the Cisco SF300 (Nicolas DEFFAYET) 9. Rancid CVS Problem (Harshal Patil) 10. ignoring flash memory changes (Saulo Zimbaro) 11. Re: ignoring flash memory changes (Alan McKinnon) 12. Re: Limit commands run for GSR (Alan McKinnon) 13. Re: Limit commands run for GSR (Peter Jackson) 14. Help for total Rancid Newb / Linux Newb? (James Shride) 15. Re: Help for total Rancid Newb / Linux Newb? (Ryan West) 16. Allied Telesyn and Rancid (Wiethoff, Helge) 17. cpu info missing from sup-2t (Per-Olof Olsson) 18. Re: Help for total Rancid Newb / Linux Newb? (Alan McKinnon) 19. Error handler for Cisco switches in rancid. (Per-Olof Olsson) 20. proper way to delete or remove a group using a subversion repository (Hinote, Scotty (MSFC-IS40)[NICS]) ---------------------------------------------------------------------- Message: 1 Date: Tue, 11 Jun 2013 00:23:32 +0000 From: heasley To: Aaron Dudek Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Checking for root Message-ID: <20130611002332.GG3951 at shrubbery.net> Content-Type: text/plain; charset=us-ascii Sat, Jun 08, 2013 at 03:04:20PM -0400, Aaron Dudek: > Seems like a good compromise. Assuming the person installing knows to add > it. new installations would get it be default, others might merge it when updating, but existing installations would not otherwise. > On Friday, June 7, 2013, heasley wrote: > > > Thu, Jun 06, 2013 at 09:52:50PM +0100, Alex DEKKER: > > > On 2013-06-06 16:34, heasley wrote: > > > > i'd be willing to add a check that is enabled by a rancid.conf > > > > option, > > > > which i believe would be sufficient, right? > > > > > > If it's not the default, then it will catch instances where a > > > forward-thinking admin [or package maintainer] thinks to enable it; it > > > won't help noobs setting RANCID working on their own. > > > > so, ./configure --noobpid ? > > > > how about just adding the check to rancid.conf? that affects everything > > that > > reads it, the check can be customized (like adding a timer), or completely > > disabled w/o an arg/etc. > > > > > alexd > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------ Message: 2 Date: Thu, 13 Jun 2013 08:43:57 +1000 From: Paul Gear To: rancid-discuss at shrubbery.net Subject: Re: [rancid] End of run not found on telnet Message-ID: Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 06/06/2013 12:22 AM, Gary Douglas wrote: > I have rancid 2.3.6 up an running on Ubuntu server. All devices are > Cisco. SSH is working fine. When I try run rancid on switches that only > support telnet, I get the following error. > > switch: missed cmd(s): write term,show running-config > switch: End of run not found > > clogin works great to these switches. I though it might be the expect > problem. I downloaded and installed expect-5.43.0_hack.tar.bz2 and > tcl8.4.18-src.tar.gz from the ftp site. This did not resolve the problem. > > Any ideas on what or where I need to look. Hi Gary, I've seen similar things when autoenable was set to the wrong value. Regards, Paul ------------------------------ Message: 3 Date: Wed, 12 Jun 2013 23:19:03 +0000 From: "Polanski, Gregory" To: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] End of run not found on telnet Message-ID: <67304E6BFD3F26409440F1BC717C143E0C1EBDF5 at VRTW8EXC01.corp.int> Content-Type: text/plain; charset="us-ascii" Folks Check the login and motd banner. If there is a '#' in the banner, it will suppress the enable commands and the produce the errors that you are seeing. This debug sequence has been helpful to me sudo login -f rancid As user rancid source /etc/rancid/rancid.conf NOPIPE=yes;export NOPIPE rancid -d switchname Look for *.new and *.raw in the directory Regards Greg -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Paul Gear Sent: Wednesday, June 12, 2013 5:44 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] End of run not found on telnet On 06/06/2013 12:22 AM, Gary Douglas wrote: > I have rancid 2.3.6 up an running on Ubuntu server. All devices are > Cisco. SSH is working fine. When I try run rancid on switches that only > support telnet, I get the following error. > > switch: missed cmd(s): write term,show running-config > switch: End of run not found > > clogin works great to these switches. I though it might be the expect > problem. I downloaded and installed expect-5.43.0_hack.tar.bz2 and > tcl8.4.18-src.tar.gz from the ftp site. This did not resolve the problem. > > Any ideas on what or where I need to look. Hi Gary, I've seen similar things when autoenable was set to the wrong value. Regards, Paul _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------ Message: 4 Date: Mon, 17 Jun 2013 07:10:20 +0200 From: Remy van Elst To: Subject: [rancid] Support for the Cisco SF300 Message-ID: Content-Type: text/plain; charset="US-ASCII" Howdy, Does RANCID supports the Cisco SF300 SMB switches? The regular 'cisco' and the 'cisco-sb' (from http://chrpinedo.blogspot.nl/2012/03/cisco-small-business-sg300-backup-with .html) give me an empty file in the cvs, while direct logging in on the switch and doing a sho ru (after enable) works just fine. Any tips or help? ------------------------------ Message: 5 Date: Mon, 17 Jun 2013 16:38:50 +0200 From: Alan McKinnon To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Support for the Cisco SF300 Message-ID: <51BF1F7A.6020007 at gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 17/06/2013 07:10, Remy van Elst wrote: > Howdy, > > Does RANCID supports the Cisco SF300 SMB switches? The regular 'cisco' and > the 'cisco-sb' (from > http://chrpinedo.blogspot.nl/2012/03/cisco-small-business-sg300-backup-with > .html) give me an empty file in the cvs, while direct logging in on the > switch and doing a sho ru (after enable) works just fine. > > Any tips or help? Have you checked the usual: - password, username and method correct in ~/.cloginrc - No ">" and "#" chars in banner - prompt is sane (ends in # when enabled) - does clogin work and enable the user? - what's in the logs? - "rancid -d " leaves a .new file in . that often contains clues -- Alan McKinnon alan.mckinnon at gmail.com ------------------------------ Message: 6 Date: Mon, 17 Jun 2013 21:21:55 +0200 From: Alan McKinnon To: rancid-discuss at shrubbery.net Subject: [rancid] Limit commands run for GSR Message-ID: <51BF61D3.2080500 at gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Hi, Our provider edge runs on GSR 12's and they carry a hefty config. NetOps complain that rancid noticeably spikes the cpu load [1] when it runs these 4 (essentially the same) commands. {'more system:running-config' => 'WriteTerm'}, # ASA/PIX { running-config view full'=> 'WriteTerm'}, # workaround for {'show running-config' => 'WriteTerm'}, {'write term' => 'WriteTerm'}, I got it under control easily by forking rancid to a gsrrancid script and removing the bits I don't want from @commandtable. I'd rather not do it this way, I'd like to have this in the rancid parser. But I can't figure a way to modify @commandtable at runtime based on chassis/OS type. Ideas? [1] It's a legit complaint, not a fiction of a NetOps engineer's imagination. On every other chassis I can ignore the effects rancid causes, but not these ones. We do things with the 12k most folks think should not be possible :-) -- Alan McKinnon alan.mckinnon at gmail.com ------------------------------ Message: 7 Date: Mon, 17 Jun 2013 21:42:59 -0400 From: Peter Jackson To: Alan McKinnon Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Limit commands run for GSR Message-ID: Content-Type: text/plain; charset="iso-8859-1" Check out some of the other command sections that are skipped for certain 'types'. Figure out the type that rancid sets for the GSRs and use the line below (formatted for the correct type) in the command sections you don't want to run for them. I assume the following would skip 12006, 12010, 12404, 12410, etc.: return(1) if ($type !~ /^12[40]/); On Mon, Jun 17, 2013 at 3:21 PM, Alan McKinnon wrote: > Hi, > > Our provider edge runs on GSR 12's and they carry a hefty config. NetOps > complain that rancid noticeably spikes the cpu load [1] when it runs > these 4 (essentially the same) commands. > > {'more system:running-config' => 'WriteTerm'}, # ASA/PIX > { running-config view full'=> 'WriteTerm'}, # workaround for > {'show running-config' => 'WriteTerm'}, > {'write term' => 'WriteTerm'}, > > I got it under control easily by forking rancid to a gsrrancid script > and removing the bits I don't want from @commandtable. > > I'd rather not do it this way, I'd like to have this in the rancid > parser. But I can't figure a way to modify @commandtable at runtime > based on chassis/OS type. > > Ideas? > > > [1] It's a legit complaint, not a fiction of a NetOps engineer's > imagination. On every other chassis I can ignore the effects rancid > causes, but not these ones. We do things with the 12k most folks think > should not be possible :-) > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 8 Date: Tue, 18 Jun 2013 22:22:13 +0200 From: Nicolas DEFFAYET To: Remy van Elst Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Support for the Cisco SF300 Message-ID: <1371586933.25786.1.camel at fr-wks3.corp.novso.com> Content-Type: text/plain; charset="utf-8" On Mon, 2013-06-17 at 07:10 +0200, Remy van Elst wrote: Hello, > Does RANCID supports the Cisco SF300 SMB switches? The regular 'cisco' and > the 'cisco-sb' (from > http://chrpinedo.blogspot.nl/2012/03/cisco-small-business-sg300-backup-with > .html) give me an empty file in the cvs, while direct logging in on the > switch and doing a sho ru (after enable) works just fine. > > Any tips or help? I have updated original Christian Pinedo's work for support Cisco Small Business switch in Rancid: - Rancid 2.3.8 support - End of run fix (important for be sure to get the full configuration dump) Updated files can be found in attachment. -- Nicolas DEFFAYET -------------- next part -------------- #! /usr/bin/expect -- ## ## $Id: csblogin.in 1 2012-06-01 17:05:00Z n $ ## ## rancid 2.3.8 ## Copyright (c) 1997-2011 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # # csblogin - Cisco Small Business switch login # # Most options are intuitive for logging into a Cisco Small Business switch. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-dV\] \[-c command\] \[-Evar=x\] \ \[-f cloginrc-file\] \[-p user-password\] \[-r passphrase\] \[-s script-file\] \ \[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \ router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 # Sometimes routers take awhile to answer (the default is 10 sec) set timeoutdflt 120 # # new option to provide "login" command capabilities set loginonly 0 # Find the user in the ENV, or use the unix userid. if {[info exists env(CISCO_USER)]} { set default_user $env(CISCO_USER) } elseif {[info exists env(USER)]} { set default_user $env(USER) } elseif {[info exists env(LOGNAME)]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [catch {exec id} reason] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[info exists env(CLOGINRC)]} { set password_file $env(CLOGINRC) } # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Command to run. -c* - -C* { if {! [regexp .\[cC\](.+) $arg ignore command]} { incr i set command [lindex $argv $i] } set do_command 1 # Expect debug mode } -d* { exp_internal 1 # Environment variable to pass to -s scripts } -E* { if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # alternate cloginrc file } -f* - -F* { if {! [regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [lindex $argv $i] } # user Password } -p* { if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [lindex $argv $i] } set do_passwd 0 # ssh passphrase } -r* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set vapassphrase [lindex $argv $i] } # Version string } -V* { send_user "rancid 2.3.8\n" exit 0 # Passphrase } -r* - -R* { if {! [regexp .\[rR\](.+) $arg ignore passphrase]} { incr i set avpassphrase [lindex $argv $i] } # Expect script to run. } -s* { if {! [regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [lindex $argv $i] } if { ! [file readable $sfile] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # Timeout } -t* { if {! [regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeoutdflt [lindex $argv $i] } # Username } -u* - -U* { if {! [regexp .\[uU\](.+) $arg ignore user]} { incr i set username [lindex $argv $i] } # Command file } -x* { if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [lindex $argv $i] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [regexp .\[yY\](.+) $arg ignore cypher]} { incr i set cypher [lindex $argv $i] } } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user passwd cmethod cyphertype identfile } { global spawn_id in_proc do_command do_script passphrase global prompt sshcmd set in_proc 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [catch {spawn telnet $router} reason] } else { set retval [catch {spawn telnet $router $port} reason] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif ![string compare $prog "ssh"] { # ssh to the router & try to login with or without an identfile. # We use two calls to spawn since spawn does not seem to parse # spaces correctly. if {$identfile != ""} { if [catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason] { send_user "\nError: failed to $sshcmd: $reason\n" return 1 } } else { if [catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason] { send_user "\nError: failed to $sshcmd: $reason\n" return 1 } } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } "Host is unreachable" { send_user "\nError: Host Unreachable: $router\n"; catch {close}; catch {wait}; return 1 } "No address associated with name" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } -re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \\(yes/no\\)\\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" { send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \\(yes/no\\)\\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } "Login Screen" { send "$user\t$passwd\r" exp_continue } "Switch Main Menu" { # send Ctrl+Z sleep 1; send "send \032" exp_continue } ">" { send "lcli\r" exp_continue } -re "User Name:$" { send "$user\r" exp_continue } -re "Password:$" { send "$passwd\r" exp_continue } -re "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "terminal datadump\r" expect -re $prompt {} set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send -- "[lindex $commands $i]\r" expect { -re "^\[^\n\r *]*$prompt *$" {} -re "^\[^\n\r]*$prompt." { exp_continue } -re "(\r\n|\n)" { exp_continue } } } send "exit\r\n" expect { "\n" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find timeout $router] if { [llength $timeout] == 0 } { set timeout $timeoutdflt } # Default prompt. set prompt "#" # Figure out username if {[info exists username]} { # command line username set loginname $username } else { set loginname [join [find user $router] ""] if { "$loginname" == "" } { set loginname $default_user } } # Figure out loginname's password (if different from the vty password) if {[info exists userpasswd]} { # command line passwd set passwd $userpasswd } else { set passwd [join [lindex [find userpassword $router] 0] ""] if { "$passwd" == "" } { set passwd [join [lindex [find password $router] 0] ""] if { "$passwd" == "" } { send_user "\nError: no password for $router in $password_file.\n" continue } } } # Figure out identity file to use set identfile [join [lindex [find identity $router] 0] ""] # Figure out passphrase to use if {[info exists avpassphrase]} { set passphrase $avpassphrase } else { set passphrase [join [lindex [find passphrase $router] 0] ""] } if { ! [string length "$passphrase"]} { set passphrase $passwd } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [join [lindex [find sshcmd $router] 0] ""] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} { incr exitval continue } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { send "terminal datadump\r" expect -re $prompt {} source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each router catch {wait}; sleep 0.3 } exit $exitval -------------- next part -------------- A non-text attachment was scrubbed... Name: csbrancid Type: application/x-perl Size: 12617 bytes Desc: not available URL: ------------------------------ Message: 9 Date: Wed, 19 Jun 2013 02:43:30 -0400 From: Harshal Patil To: "rancid-discuss at shrubbery.net" Subject: [rancid] Rancid CVS Problem Message-ID: <0B58A828ECF5874E8AF69053B9DB65A93C6E0A58F0 at USNJ01EXC001> Content-Type: text/plain; charset="iso-8859-1" Hi All, I am reciving following errors in logs file while working on Rancid cvs commit: cannot open CVS/Entries for reading: No such file or directory cvs commit: nothing known about `router.db' cvs [commit aborted]: correct above errors first! ending: Wed Jun 19 11:56:26 IST 2013 Please let me know which file need to edit or any other way to correct this error Thanks Harshal ________________________________ Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 10 Date: Wed, 19 Jun 2013 15:04:34 -0300 From: Saulo Zimbaro To: rancid-discuss at shrubbery.net Subject: [rancid] ignoring flash memory changes Message-ID: Content-Type: text/plain; charset="iso-8859-1" It?s possible to ignoring memory changes in rancid backups? Index: configs/csfw-asa-office01 =================================================================== retrieving revision 1.239 diff -U 4 -r1.239 csfw-asa-office01 @@ -30,9 +30,9 @@ !Flash: 123 11348300 Feb 21 2011 16:17:54 asdm-621.bin !Flash: 3 4096 Dec 31 2002 22:03:48 log !Flash: 10 4096 Dec 31 2002 22:03:58 crypto_archive !Flash: 11 4096 Dec 31 2002 22:04:32 coredumpinfo - !Flash: 12 43 Jun 19 2013 09:00:27 coredumpinfo/coredump.cfg + !Flash: 12 43 Jun 19 2013 12:00:33 coredumpinfo/coredump.cfg !Flash: 125 12105313 Feb 21 2011 16:15:12 csd_3.5.841-k9.pkg !Flash: 126 4096 Feb 21 2011 16:15:14 sdesktop !Flash: 133 1462 Feb 21 2011 16:15:14 sdesktop/data.xml !Flash: 127 2857568 Feb 21 2011 16:15:16 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg -- *Saulo Zimbaro* Mobile ) (+55) 21 9800-0100 *saulozimbaro at gmail.com *saulo at zimbaro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 11 Date: Wed, 19 Jun 2013 23:39:31 +0200 From: Alan McKinnon To: rancid-discuss at shrubbery.net Subject: Re: [rancid] ignoring flash memory changes Message-ID: <51C22513.8040304 at gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 19/06/2013 20:04, Saulo Zimbaro wrote: > It?s possible to ignoring memory changes in rancid backups? > > Index: configs/csfw-asa-office01 > =================================================================== > retrieving revision 1.239 > diff -U 4 -r1.239 csfw-asa-office01 > @@ -30,9 +30,9 @@ > !Flash: 123 11348300 Feb 21 2011 16:17:54 asdm-621.bin > !Flash: 3 4096 Dec 31 2002 22:03:48 log > !Flash: 10 4096 Dec 31 2002 22:03:58 crypto_archive > !Flash: 11 4096 Dec 31 2002 22:04:32 coredumpinfo > - !Flash: 12 43 Jun 19 2013 09:00:27 coredumpinfo/coredump.cfg > + !Flash: 12 43 Jun 19 2013 12:00:33 coredumpinfo/coredump.cfg > !Flash: 125 12105313 Feb 21 2011 16:15:12 csd_3.5.841-k9.pkg > !Flash: 126 4096 Feb 21 2011 16:15:14 sdesktop > !Flash: 133 1462 Feb 21 2011 16:15:14 sdesktop/data.xml > !Flash: 127 2857568 Feb 21 2011 16:15:16 > anyconnect-wince-ARMv4I-2.4.1012-k9.pkg I don't know of a way to do this that is already built into shipped rancid. I've always held the view that some things are just not generic enough or detectable enough to be shipped out to everyone, so you get to maintain a few forks with your own customization. And there are nowadays so many IOSes with different behaviours.... You probably want to add something like this to ShowFlash: next if (/coredumpinfo\/coredump.cfg\$/); Untested of course so double check my regexes :-) Rancid could really benefit from some kind of call-out mechanism where we can add our own local tweaks and keep them out of the main code, but unfortunately 2.3.x doesn't have this. Perhaps a worthy addition to the 3.0 series! -- Alan McKinnon alan.mckinnon at gmail.com ------------------------------ Message: 12 Date: Thu, 20 Jun 2013 09:28:20 +0200 From: Alan McKinnon To: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Limit commands run for GSR Message-ID: <51C2AF14.6090004 at gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 18/06/2013 03:42, Peter Jackson wrote: > Check out some of the other command sections that are skipped for > certain 'types'. Figure out the type that rancid sets for the GSRs and > use the line below (formatted for the correct type) in the command > sections you don't want to run for them. > > I assume the following would skip 12006, 12010, 12404, 12410, etc.: > > return(1) if ($type !~ /^12[40]/); I think I missed replying to this one, sorry about that. I don't think that approach will work for me - I don't need to prevent rancid parsing the output, I need some commands to not be run on the device at all. That means I'd have to modify @commandtable based on chassis type so that clogin doesn't issue certain commands. But I don't know the chassis type until clogin has already run and minimally ShowVersion has already been parsed. By then it's too late. 3.0alpha looks like it might be moving in a direction that solves my problem quite nicely > > > > > On Mon, Jun 17, 2013 at 3:21 PM, Alan McKinnon > wrote: > > Hi, > > Our provider edge runs on GSR 12's and they carry a hefty config. NetOps > complain that rancid noticeably spikes the cpu load [1] when it runs > these 4 (essentially the same) commands. > > {'more system:running-config' => 'WriteTerm'}, # ASA/PIX > { running-config view full'=> 'WriteTerm'}, # workaround for > {'show running-config' => 'WriteTerm'}, > {'write term' => 'WriteTerm'}, > > I got it under control easily by forking rancid to a gsrrancid script > and removing the bits I don't want from @commandtable. > > I'd rather not do it this way, I'd like to have this in the rancid > parser. But I can't figure a way to modify @commandtable at runtime > based on chassis/OS type. > > Ideas? > > > [1] It's a legit complaint, not a fiction of a NetOps engineer's > imagination. On every other chassis I can ignore the effects rancid > causes, but not these ones. We do things with the 12k most folks think > should not be possible :-) > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com ------------------------------ Message: 13 Date: Thu, 20 Jun 2013 10:36:02 -0400 From: Peter Jackson To: Alan McKinnon Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Limit commands run for GSR Message-ID: Content-Type: text/plain; charset="iso-8859-1" Yeah, sorry Alan I wasn't thinking. I like the looks of 3.0 also but here is workaround for 2.3 that should work for you if the hostnames of your GSRs are unique - able to be matched by a regular expression. I think the only way to do this is with the hostname since no other information is passed to rancid. If you can't match your GSR hostnames by regexp, you could enter them all together. --- rancid.20130620 2013-06-20 09:53:03.344845839 -0400 +++ rancid 2013-06-20 10:00:50.874896393 -0400 @@ -2333,6 +2333,18 @@ {'write term' => 'WriteTerm'}, ); +my @commandtable2; +if ( $host =~ /gsr/ ){ #replace 'gsr' with GSR hostname regexp + foreach my $command ( @commandtable ) { + foreach my $key ( keys %$command ) { + unless ( $key =~ /running-config/ ){ #replace 'running-config' with a pipe-separated list of commands/command regexps to NOT run + push ( @commandtable2 ,( { $key => $command->{$key} } )); + } + } + } + @commandtable = @commandtable2; +} + # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); On Thu, Jun 20, 2013 at 3:28 AM, Alan McKinnon wrote: > On 18/06/2013 03:42, Peter Jackson wrote: > > Check out some of the other command sections that are skipped for > > certain 'types'. Figure out the type that rancid sets for the GSRs and > > use the line below (formatted for the correct type) in the command > > sections you don't want to run for them. > > > > I assume the following would skip 12006, 12010, 12404, 12410, etc.: > > > > return(1) if ($type !~ /^12[40]/); > > > > I think I missed replying to this one, sorry about that. > > I don't think that approach will work for me - I don't need to prevent > rancid parsing the output, I need some commands to not be run on the > device at all. > > That means I'd have to modify @commandtable based on chassis type so > that clogin doesn't issue certain commands. But I don't know the chassis > type until clogin has already run and minimally ShowVersion has already > been parsed. By then it's too late. > > 3.0alpha looks like it might be moving in a direction that solves my > problem quite nicely > > > > > > > > > > > > On Mon, Jun 17, 2013 at 3:21 PM, Alan McKinnon > > wrote: > > > > Hi, > > > > Our provider edge runs on GSR 12's and they carry a hefty config. > NetOps > > complain that rancid noticeably spikes the cpu load [1] when it runs > > these 4 (essentially the same) commands. > > > > {'more system:running-config' => 'WriteTerm'}, # ASA/PIX > > { running-config view full'=> 'WriteTerm'}, # workaround for > > {'show running-config' => 'WriteTerm'}, > > {'write term' => 'WriteTerm'}, > > > > I got it under control easily by forking rancid to a gsrrancid script > > and removing the bits I don't want from @commandtable. > > > > I'd rather not do it this way, I'd like to have this in the rancid > > parser. But I can't figure a way to modify @commandtable at runtime > > based on chassis/OS type. > > > > Ideas? > > > > > > [1] It's a legit complaint, not a fiction of a NetOps engineer's > > imagination. On every other chassis I can ignore the effects rancid > > causes, but not these ones. We do things with the 12k most folks > think > > should not be possible :-) > > > > -- > > Alan McKinnon > > alan.mckinnon at gmail.com > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 14 Date: Thu, 20 Jun 2013 07:41:24 -0700 (PDT) From: James Shride To: "rancid-discuss at shrubbery.net" Subject: [rancid] Help for total Rancid Newb / Linux Newb? Message-ID: <1371739284.4743.YahooMailNeo at web124505.mail.ne1.yahoo.com> Content-Type: text/plain; charset="iso-8859-1" Hi! 1. Linux Newb 2. Rancid Newb Here is the problem: ??? We have had a working rancid build in place for a while. However we no longer have the person who admin'd it. After a recent config change to a switch, its spamming the notification. I never noticed this behavior before. Is this indicative of an error in the switch config, or do I have to acknowledge this rancid alert or something? ??? I am grateful for any guidance or advice. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 15 Date: Thu, 20 Jun 2013 16:33:52 +0000 From: Ryan West To: James Shride Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Help for total Rancid Newb / Linux Newb? Message-ID: Content-Type: text/plain; charset="us-ascii" What are you being spammed with? Do you have access to the shell as the rancid user? Sent from handheld. On Jun 20, 2013, at 12:19 PM, "James Shride" > wrote: Hi! 1. Linux Newb 2. Rancid Newb Here is the problem: We have had a working rancid build in place for a while. However we no longer have the person who admin'd it. After a recent config change to a switch, its spamming the notification. I never noticed this behavior before. Is this indicative of an error in the switch config, or do I have to acknowledge this rancid alert or something? I am grateful for any guidance or advice. Thanks! _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 16 Date: Fri, 21 Jun 2013 09:23:35 +0000 From: "Wiethoff, Helge" To: "rancid-discuss at shrubbery.net" Subject: [rancid] Allied Telesyn and Rancid Message-ID: <194290040642FB4D952083D79F7F7D1D2F68807F at BOHEMSX2010.rbbk.de> Content-Type: text/plain; charset="utf-8" Hi all, i am new to Rancid and it took me a few hours to understand it ;-) But finally i think i got it mostly... Because i found no (for me) sufficient script for Allied Telesis-devices, i edited the cisco-stuff a bit. The files are attached, if anyone wants to use... Does anyone of you uses Switches from Microsens and build a Rancid-Script? Regards, Helge ________________________________ Helge Wiethoff Medienzentrum Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff at tfh-bochum.de Technische Fachhochschule Georg Agricola f?r Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft f?r Lehre und Bildung mbH Herner Stra?e 45 44787 Bochum http://www.tfh-bochum.de ________________________________ Tr?ger: DMT-Gesellschaft f?r Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052 Gesch?ftsf?hrung: Prof. Dr. J?rgen Kretschmann (Vorsitzender) Manfred Freitag -------------- next part -------------- A non-text attachment was scrubbed... Name: atlogin Type: application/octet-stream Size: 23699 bytes Desc: atlogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: atrancid Type: application/octet-stream Size: 10661 bytes Desc: atrancid URL: ------------------------------ Message: 17 Date: Fri, 21 Jun 2013 11:53:07 +0200 From: Per-Olof Olsson To: "rancid-discuss at shrubbery.net" Subject: [rancid] cpu info missing from sup-2t Message-ID: <51C42283.7000804 at chalmers.se> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed From Todo list for rancid-3.0a2 ... - cpu info missing from sup-2t Index: configs/r01.londen01.uk.bb.gin.ntt.net =================================================================== retrieving revision 1.807 diff -U 4 -r1.807 r01.londen01.uk.bb.gin.ntt.net @@ -1,24 +1,23 @@ !RANCID-CONTENT-TYPE: cisco ! !Chassis type: WS-C6509-E - a WS-C6509-E router - !CPU: R7000, SR71000 CPU at 600Mhz, impl 0x504, Rev 1.2, 512KB L2 Cache + !CPU: M8572 ... Have someone fixed this? Else this will add some more info for sup-2t:s $ diff -c rancid.in_ORG-2.3.8 rancid *** rancid.in_ORG-2.3.8 2012-01-31 23:55:13.000000000 +0100 --- rancid 2013-06-21 11:17:26.899859733 +0200 *************** *** 301,306 **** --- 336,353 ---- } $_ = ; } + if ($cpu =~ /M8572/) { + if (defined($cpu)) { + s/^ CPU://; + ProcessHistory("COMMENTS","keysort","A3", "!CPU: $cpu, $_"); + } + LINE: while () { + last LINE if /^\s*$/; + ProcessHistory("COMMENTS","keysort","A3", "!CPU: $_"); + last LINE if /^\s*I-cache/; + } + undef ($cpu); + } $_ = "" if (! /(cpu at |processor: |$cpu processor,)/i); tr/\015//d; s/implementation/impl/i; *************** Yes it's multiple lines in "show version" for sup-2t. Don't know if it safe to exit while loop on "I_cache" or "empty" line after. Left both if something change. Does this lines need a more strict match? diff from one of our sup-2t:s 4c4,8 < !CPU: M8572 --- > !CPU: M8572, MPC8572_E, Version: 2.1, (0x80E80021) > !CPU: CORE: E500, Version: 3.0, (0x80210030) > !CPU: CPU:1500MHz, CCB:600MHz, DDR:600MHz > !CPU: L1: D-cache 32 kB enabled > !CPU: I-cache 32 kB enabled /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- ------------------------------ Message: 18 Date: Fri, 21 Jun 2013 12:33:30 +0200 From: Alan McKinnon To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Help for total Rancid Newb / Linux Newb? Message-ID: <51C42BFA.1090808 at gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 20/06/2013 16:41, James Shride wrote: > Hi! > > 1. Linux Newb > 2. Rancid Newb > > > Here is the problem: > We have had a working rancid build in place for a while. However we > no longer have the person who admin'd it. After a recent config change > to a switch, its spamming the notification. I never noticed this > behavior before. Is this indicative of an error in the switch config, or > do I have to acknowledge this rancid alert or something? > > > I am grateful for any guidance or advice. Most likely is that something in the switch's config is now cycling or changing frequently and rancid doesn't know to ignore it. I get these kinds of things all the time, I recall one case where an OS upgrade made many routers report on the cooling fan's rpm, you can imagine how much spam that would generate and how completely useless the info is :-) My solution for that was to add extra data checks in the code so that rancid would ignore it. Send a copy of the diff mails you get to the list so we can see what your switch is doing -- Alan McKinnon alan.mckinnon at gmail.com ------------------------------ Message: 19 Date: Mon, 24 Jun 2013 09:49:41 +0200 From: Per-Olof Olsson To: "rancid-discuss at shrubbery.net" Subject: [rancid] Error handler for Cisco switches in rancid. Message-ID: <51C7FA15.6040904 at chalmers.se> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Hi I don't think error handler is doing what is expected. (2.3.8) After I added some extra debug, it shows that subroutines exit on "pointer line" (lines like " ^ ") instead of error text lines. For me it seems safer to use text lines for deciding how to exit. rancid -d cisco-sw1 ... HIT COMMAND:cisco-sw1#dir /all sec-bootflash: In DirSlotN: cisco-sw1#dir /all sec-bootflash: SUB return(1) parsing line: ^ HIT COMMAND:cisco-sw1#dir /all sec-slot0: In DirSlotN: cisco-sw1#dir /all sec-slot0: SUB return(1) parsing line: ^ ... After replacing < return(1) if (/^\s*\^\s*$/); --- > next if (/^\s*\^\s*$/); ... HIT COMMAND:cisco-sw1#dir /all sec-bootflash: In DirSlotN: cisco-sw1#dir /all sec-bootflash: SUB return(1) parsing line: % Invalid input detected at '^' marker. HIT COMMAND:cisco-sw1#dir /all sec-slot0: In DirSlotN: cisco-sw1#dir /all sec-slot0: SUB return(1) parsing line: % Invalid input detected at '^' marker. ... I only have a limited set of Cisco switches to test this on so it's possible that this not will work on all devices using rancid (device type=cisco). Some devices may depend on these "pointer lines" and is missing error handler for text. Extende debug code: diff -c rancid.in_ORG rancid ... *************** *** 2129,2141 **** --- 2210,2238 ---- last TOP; } $rval = &{$commands{$cmd}}; + $_last_line = $_; delete($commands{$cmd}); + if ($rval != 0) { + print STDERR ("SUB return\($rval\) parsing line: $_last_line\n") if ($debug); + } if ($rval == -1) { $clean_run = 0; + print STDOUT ("$host: \"$cmd\" failed parsing line: $_last_line\n"); + print STDERR ("$host: \"$cmd\" failed parsing line: $_last_line\n") if ($debug); last TOP; } } } ... /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- ------------------------------ Message: 20 Date: Mon, 24 Jun 2013 16:25:43 -0500 From: "Hinote, Scotty (MSFC-IS40)[NICS]" To: "'rancid-discuss at shrubbery.net'" Subject: [rancid] proper way to delete or remove a group using a subversion repository Message-ID: <8420D9D639CBE744B778A8916DFFC90FF82A78F318 at NDMSSCC08.ndc.nasa.gov> Content-Type: text/plain; charset="us-ascii" Hi All, I am using RANCID with Subversion and I have a couple of groups that are no longer being used. If I delete the unwanted group from the rancid.conf and move the group directory to another location to simulate deletion then execute a rancid-cvs and rancid-run, I still get a full copy of the removed directory when I perform a svn checkout. How do I properly remove the group from the main RANCID directory and from the Subversion repository so that it is no longer under version control? I did try to svn delete the group directory but I am informed that "." is not a working copy. I am worried that just moving (deleting) the directory and taking no further steps will cause some issues in the future with the Subversion repository. I am also using svnsync to store and offsite copy of the repository that I want to make sure is not corrupted by improperly removing a group directory. Thank you, Scotty -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss End of Rancid-discuss Digest, Vol 32, Issue 4 ********************************************* From rancid at shrubbery.net Mon Jun 24 23:02:39 2013 From: rancid at shrubbery.net (rancid at shrubbery.net) Date: Mon, 24 Jun 2013 23:02:39 +0000 Subject: [rancid] proper way to delete or remove a group using a subversion repository In-Reply-To: <8420D9D639CBE744B778A8916DFFC90FF82A78F318@NDMSSCC08.ndc.nasa.gov> References: <8420D9D639CBE744B778A8916DFFC90FF82A78F318@NDMSSCC08.ndc.nasa.gov> Message-ID: <20130624230239.GB73849@shrubbery.net> Mon, Jun 24, 2013 at 04:25:43PM -0500, Hinote, Scotty (MSFC-IS40)[NICS]: > Hi All, > > I am using RANCID with Subversion and I have a couple of groups that are no longer being used. If I delete the unwanted group from the rancid.conf and move the group directory to another location to simulate deletion then execute a rancid-cvs and rancid-run, I still get a full copy of the removed directory when I perform a svn checkout. How do I properly remove the group from the main RANCID directory and from the Subversion repository so that it is no longer under version control? I did try to svn delete the group directory but I am informed that "." is not a working copy. I am worried that just moving (deleting) the directory and taking no further steps will cause some issues in the future with the Subversion repository. I am also using svnsync to store and offsite copy of the repository that I want to make sure is not corrupted by improperly removing a group directory. if the group is not in LIST_OF_GROUPS or specified on the command-line to any of the programs that take a group argument, then rancid doesnt care what you do to the dirs - rm -rf group would be acceptable. From kerry.cox at wjbradley.com Tue Jun 25 20:07:42 2013 From: kerry.cox at wjbradley.com (Kerry Cox) Date: Tue, 25 Jun 2013 20:07:42 +0000 Subject: [rancid] Changed IP Addresses Message-ID: <8A5D1C0ADCF4F8478685D43E1FD8A08301C262934F05@MBX3.EXCHPROD.USA.NET> I recently reconfigured my internal network and gave my C3750G core switch an IP address of 10.10.0.1. This was formerly used by the inside port of my firewall. However, whenever I now attempt to have rancid connect to this new IP address, if pukes when changing to enable mode. $ clogin 10.10.0.1 10.10.0.1 spawn ssh -c 3des -x -l rancid 10.10.0.1 Password: C3750G-CORE>enable Password: % Access denied C3750G-CORE> Error: Check your Enable passwd C3750G-CORE>exit However, when I do a simple login from my Linux server, it connects with no problem. The enable password works just fine. $ ssh rancid at 10.10.0.1 Password: C3750G-CORE>en Password: C3750G-CORE# And when I manually enter the enable password it also works from the rancid CLI. I have already confirmed my .cloginrc settings are correct. $ clogin 10.10.0.1 10.10.0.1 spawn ssh -c 3des -x -l rancid 10.10.0.1 Password: C3750G-CORE>enable # run by rancid Password: % Access denied C3750G-CORE> Error: Check your Enable passwd C3750G-CORE>en # run manually by myself Password: C3750G-CORE# Does rancid cache settings some place? I have reset the enable password on the switch and have confirmed all the settings are good. Ideas? Suggestions? Thanks in advance. Kerry **Electronic Privacy Notice** This e-mail and any attachments contain information that is or may be covered by electronic communication privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error and then immediately delete it. Thank you for your cooperation. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kerry.cox at wjbradley.com Tue Jun 25 20:58:47 2013 From: kerry.cox at wjbradley.com (Kerry Cox) Date: Tue, 25 Jun 2013 20:58:47 +0000 Subject: [rancid] Changed IP Addresses In-Reply-To: <20130625204136.GX94348@shrubbery.net> References: <8A5D1C0ADCF4F8478685D43E1FD8A08301C262934F05@MBX3.EXCHPROD.USA.NET> <20130625203018.GT94348@shrubbery.net> <8A5D1C0ADCF4F8478685D43E1FD8A08301C262934F31@MBX3.EXCHPROD.USA.NET> <20130625204136.GX94348@shrubbery.net> Message-ID: <8A5D1C0ADCF4F8478685D43E1FD8A08301C262934F4D@MBX3.EXCHPROD.USA.NET> Heh, found the issue. I still had the older entry in my .cloginrc file way far at the top of the file (managing a ton of network devices). As I pointed out in my 1st post, I changed the IP address of the inside port of my firewall to now be the switch IP address. I forgot to remove the original inside IP address for my firewall, so it was reading this first before getting to the section on switches. My bad. Should have gone through the entire file. :-( That'll teach me. Thanks much for the help. Kerry -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Tuesday, June 25, 2013 2:42 PM To: Kerry Cox Subject: Re: [rancid] Changed IP Addresses Tue, Jun 25, 2013 at 08:39:07PM +0000, Kerry Cox: > Understood. I was already aware of that and I have been using braces { } around my enable password and well as my regular login. I only have a $ symbol in the password. > But, this same password works just fine elsewhere on other Cisco 3750G devices. I have even changed the password and tested manually. The updated .cloginrc file still complains. > Caching the older data somplace, perhaps? > Kerry that should be {blah\$} > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Tuesday, June 25, 2013 2:30 PM > To: Kerry Cox > Subject: Re: [rancid] Changed IP Addresses > > Tue, Jun 25, 2013 at 08:07:42PM +0000, Kerry Cox: > > I recently reconfigured my internal network and gave my C3750G core switch an IP address of 10.10.0.1. This was formerly used by the inside port of my firewall. > > However, whenever I now attempt to have rancid connect to this new IP address, if pukes when changing to enable mode. > > > > $ clogin 10.10.0.1 > > 10.10.0.1 > > spawn ssh -c 3des -x -l rancid 10.10.0.1 > > Password: > > C3750G-CORE>enable > > Password: > > % Access denied > > C3750G-CORE> > > Error: Check your Enable passwd > > C3750G-CORE>exit > > > > However, when I do a simple login from my Linux server, it connects with no problem. The enable password works just fine. > > see cloginrc(5) wrt meta characters in your password. > **Electronic Privacy Notice** This e-mail and any attachments contain > information that is or may be covered by electronic communication > privacy laws, and is also confidential and proprietary in nature. > If you are not the intended recipient, please be advised that you are > legally prohibited from retaining, using, copying, distributing or > otherwise disclosing this information in any manner. Instead, please > reply to the sender that you have received this communication in error > and then immediately delete it. Thank you for your cooperation. From heas at shrubbery.net Thu Jun 27 22:18:12 2013 From: heas at shrubbery.net (heasley) Date: Thu, 27 Jun 2013 22:18:12 +0000 Subject: [rancid] ignoring flash memory changes In-Reply-To: <51C22513.8040304@gmail.com> References: <51C22513.8040304@gmail.com> Message-ID: <20130627221812.GT75983@shrubbery.net> Wed, Jun 19, 2013 at 11:39:31PM +0200, Alan McKinnon: > Rancid could really benefit from some kind of call-out mechanism where > we can add our own local tweaks and keep them out of the main code, but > unfortunately 2.3.x doesn't have this. > > Perhaps a worthy addition to the 3.0 series! What do you mean 'call-out mechanism'? in 3.0 you can tell rancid which module to include (need to add functionality to include multiple modules) and tell it what function to use to parse the output. From alan.mckinnon at gmail.com Fri Jun 28 05:54:08 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 28 Jun 2013 07:54:08 +0200 Subject: [rancid] ignoring flash memory changes In-Reply-To: <20130627221812.GT75983@shrubbery.net> References: <51C22513.8040304@gmail.com> <20130627221812.GT75983@shrubbery.net> Message-ID: <51CD2500.3060808@gmail.com> On 28/06/2013 00:18, heasley wrote: > Wed, Jun 19, 2013 at 11:39:31PM +0200, Alan McKinnon: >> Rancid could really benefit from some kind of call-out mechanism where >> we can add our own local tweaks and keep them out of the main code, but >> unfortunately 2.3.x doesn't have this. >> >> Perhaps a worthy addition to the 3.0 series! > > What do you mean 'call-out mechanism'? in 3.0 you can tell rancid which > module to include (need to add functionality to include multiple modules) > and tell it what function to use to parse the output. > Yes, something like that. The problem I face is I've forked every parser script I use, and it's always to add or remove entire commands or individual regexes. These things work best when the regex definition is treated as data out of a config, not as pure code I still haven't fully read the 3.0 code yet, so I could well be asking for something you've already done -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Fri Jun 28 08:02:47 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 28 Jun 2013 10:02:47 +0200 Subject: [rancid] MAX_ROUNDS Message-ID: <51CD4327.6050908@gmail.com> Is there a good reason why MAX_ROUNDS is limited to >= 1 in control_rancid? I want it to be 0 and have good reasons for wanting that, are there any side effects to this: --- control_rancid 2012-03-20 20:36:41.000000000 +0200 +++ control_rancid.new 2013-06-28 10:03:32.000000000 +0200 @@ -128,11 +128,11 @@ # Number of things par should run in parallel. PAR_COUNT=${PAR_COUNT:-5} -# Number of times failed collections should be retried. Minimum 1. +# Number of times failed collections should be retried. Minimum 0. MAX_ROUNDS=${MAX_ROUNDS:-4} -if [ $MAX_ROUNDS -lt 1 ] ; then - echo "Error: MAX_ROUNDS must be at least 1." - MAX_ROUNDS=1 +if [ $MAX_ROUNDS -lt 0 ] ; then + echo "Error: MAX_ROUNDS must be 0 or more." + MAX_ROUNDS=0 fi # Bail if we do not have the necessary info to run -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Fri Jun 28 14:05:06 2013 From: heas at shrubbery.net (heasley) Date: Fri, 28 Jun 2013 14:05:06 +0000 Subject: [rancid] MAX_ROUNDS In-Reply-To: <51CD4327.6050908@gmail.com> References: <51CD4327.6050908@gmail.com> Message-ID: <20130628140506.GD8902@shrubbery.net> Fri, Jun 28, 2013 at 10:02:47AM +0200, Alan McKinnon: > Is there a good reason why MAX_ROUNDS is limited to >= 1 in control_rancid? > > I want it to be 0 and have good reasons for wanting that, are there any > side effects to this: i think that change is fine. From heas at shrubbery.net Fri Jun 28 15:14:21 2013 From: heas at shrubbery.net (heasley) Date: Fri, 28 Jun 2013 15:14:21 +0000 Subject: [rancid] Checking for root In-Reply-To: <20130628150638.5A0BD24D023@sea.shrubbery.net> Message-ID: <20130628151421.GF8902@shrubbery.net> Sat, Jun 08, 2013 at 09:20:23PM +0100, Matthew Walster: > > how about just adding the check to rancid.conf? that affects everything > > that > > reads it, the check can be customized (like adding a timer), or completely > > disabled w/o an arg/etc. > > > It'd be great if it was default-on though. Just my opinion though, like you > say, it's only people unfamiliar with how RANCID works and think they're > being helpful by running rancid-run immediately after altering a router.db Like I said, only new installations would get this by default, but how about this patch: Index: etc/rancid.conf.sample.in =================================================================== --- etc/rancid.conf.sample.in (revision 2704) +++ etc/rancid.conf.sample.in (working copy) @@ -8,6 +8,11 @@ # Collating locale LC_COLLATE="POSIX"; export LC_COLLATE # +# Check that the effective UID is not root, which could lead to permissions +# problems for user who is supposed to be running rancid. +eval `id | sed -e 's/(.*//'` +test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1 +# # Create files w/o world read/write/exec permissions, but read/exec permissions # for group. umask 027 From matthew at walster.org Sat Jun 29 22:18:46 2013 From: matthew at walster.org (Matthew Walster) Date: Sat, 29 Jun 2013 23:18:46 +0100 Subject: [rancid] Checking for root In-Reply-To: <20130628151421.GF8902@shrubbery.net> References: <20130628150638.5A0BD24D023@sea.shrubbery.net> <20130628151421.GF8902@shrubbery.net> Message-ID: On 28 June 2013 16:14, heasley wrote: > +eval `id | sed -e 's/(.*//'` > +test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1 > Would it not make more sense just to compare $UID -- that's set by the shell. Essentially, you'd end up with: if [[ $UID == 0 ]] then echo "Do not run $0 as root!" exit 1 fi Either way works, though.?? -------------- next part -------------- An HTML attachment was scrubbed... URL: From eravin at panix.com Sun Jun 30 02:17:04 2013 From: eravin at panix.com (Ed Ravin) Date: Sat, 29 Jun 2013 22:17:04 -0400 Subject: [rancid] Checking for root In-Reply-To: References: <20130628150638.5A0BD24D023@sea.shrubbery.net> <20130628151421.GF8902@shrubbery.net> Message-ID: <20130630021703.GD23080@panix.com> On Sat, Jun 29, 2013 at 11:18:46PM +0100, Matthew Walster wrote: > On 28 June 2013 16:14, heasley <[1]heas at shrubbery.net> wrote: > > +eval `id | sed -e 's/(.*//'` > +test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1 > > Would it not make more sense just to compare $UID -- that's set by the > shell. Essentially, you'd end up with: > if [[ $UID == 0 ]] Not sure if every shell supports that, remember RANCID has to run in a lot of environments, like on Solaris systems where the /bin/sh feature set seems to date back to 1985. However, since we already need Perl to run the RANCID commands, how about this: uid=`perl -e 'print "$<\n"'` test "$uid" -eq 0 && echo "Do not run $0 as root!" && exit 1 From morten at dintid.dk Sun Jun 30 13:52:15 2013 From: morten at dintid.dk (Morten Nielsen) Date: Sun, 30 Jun 2013 13:52:15 +0000 Subject: [rancid] Support for the Cisco SF300 Message-ID: <184866CE19BFA64EB7BCC3B5659A2ED9227CA838@EXCH2010.dintid.local> Been trying to add support for the Cisco Small business switches in my Rancid 2.38. I finally found the updated versions of csbrancid and csblogin files here but still seems to be some issue with my SG300 http://www.gossamer-threads.com/lists/rancid/users/6910 Maybe i miss something with this line, as I don't know what he means:? "- End of run fix (important for be sure to get the full configuration dump)" My log just says: Trying to get all of the configs. sg300-10p csblogin error: Error: TIMEOUT reached sg300-10p missed cmd(s): show version,show system,show startup-config sg300-10p End of run not found I can log in just fine using .clogin sg300-10p Only odd thing is the 4 blank lines, but I don't know if they are important. ------------------ rancid at ubuntu:~$ bin/clogin sg300-10p sg300-10p spawn ssh -c 3des -x -l rancid sg300-10p rancid at sg300-10p's password: SG300-10P# SG300-10P# ------------------ My .cloginrc # Switches add userprompt sg*.* {"User Name:"} add user sg*.* {rancid} add password sg*.* {pass} add autoenable sg*.* 1 add method sg*.* ssh I've commenting lines out, removing {} and googled a lot, so feel I've tried evertyhing but to no avail. Hope someone have some idea :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Sun Jun 30 20:26:53 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sun, 30 Jun 2013 22:26:53 +0200 Subject: [rancid] Support for the Cisco SF300 In-Reply-To: <184866CE19BFA64EB7BCC3B5659A2ED9227CA838@EXCH2010.dintid.local> References: <184866CE19BFA64EB7BCC3B5659A2ED9227CA838@EXCH2010.dintid.local> Message-ID: <51D0948D.1050505@gmail.com> On 30/06/2013 15:52, Morten Nielsen wrote: > Been trying to add support for the Cisco Small business switches in my > Rancid 2.38. > > > > I finally found the updated versions of csbrancid and csblogin files > here but still seems to be some issue with my SG300 > > http://www.gossamer-threads.com/lists/rancid/users/6910 > > > > Maybe i miss something with this line, as I don?t know what he means:? > > ?- End of run fix (important for be sure to get the full configuration > dump)? > > > > My log just says: > > Trying to get all of the configs. > > sg300-10p csblogin error: Error: TIMEOUT reached > > sg300-10p missed cmd(s): show version,show system,show startup-config > > sg300-10p End of run not found > > > > I can log in just fine using .clogin sg300-10p > > Only odd thing is the 4 blank lines, but I don?t know if they are important. > > ------------------ > > rancid at ubuntu:~$ bin/clogin sg300-10p > > sg300-10p > > spawn ssh -c 3des -x -l rancid sg300-10p > > rancid at sg300-10p's password: > > > > > > > > > > SG300-10P# > > SG300-10P# > > ------------------ > > > > My .cloginrc > > # Switches > > add userprompt sg*.* {"User Name:"} > > add user sg*.* {rancid} > > add password sg*.* {pass} > > add autoenable sg*.* 1 > > add method sg*.* ssh > > > > I?ve commenting lines out, removing {} and googled a lot, so feel I?ve > tried evertyhing but to no avail. > > > > Hope someone have some idea Does csbrancid support -d like regular rancid does? If so csbrancid -d >hostname> let it complete and a full log is left in the current directory. It usually has enough info for you to figure out why it failed. -- Alan McKinnon alan.mckinnon at gmail.com From alan.mckinnon at gmail.com Sun Jun 30 23:37:10 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 01 Jul 2013 01:37:10 +0200 Subject: [rancid] ignoring flash memory changes In-Reply-To: References: <51C22513.8040304@gmail.com> <20130627221812.GT75983@shrubbery.net> <51CD2500.3060808@gmail.com> Message-ID: <51D0C126.1020805@gmail.com> On 01/07/2013 01:09, Eric Cables wrote: > I do the same: modify each parser to ignore various lines (such as > timestamped items) -- is this the wrong method for ignoring certain > config diffs? I'd say it's the only way > > -- Eric Cables > > > On Thu, Jun 27, 2013 at 10:54 PM, Alan McKinnon > wrote: > > On 28/06/2013 00:18, heasley wrote: > > Wed, Jun 19, 2013 at 11:39:31PM +0200, Alan McKinnon: > >> Rancid could really benefit from some kind of call-out mechanism > where > >> we can add our own local tweaks and keep them out of the main > code, but > >> unfortunately 2.3.x doesn't have this. > >> > >> Perhaps a worthy addition to the 3.0 series! > > > > What do you mean 'call-out mechanism'? in 3.0 you can tell rancid > which > > module to include (need to add functionality to include multiple > modules) > > and tell it what function to use to parse the output. > > > > Yes, something like that. > > The problem I face is I've forked every parser script I use, and it's > always to add or remove entire commands or individual regexes. These > things work best when the regex definition is treated as data out of a > config, not as pure code > > I still haven't fully read the 3.0 code yet, so I could well be asking > for something you've already done > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From ecables at gmail.com Sun Jun 30 23:09:15 2013 From: ecables at gmail.com (Eric Cables) Date: Sun, 30 Jun 2013 16:09:15 -0700 Subject: [rancid] ignoring flash memory changes In-Reply-To: <51CD2500.3060808@gmail.com> References: <51C22513.8040304@gmail.com> <20130627221812.GT75983@shrubbery.net> <51CD2500.3060808@gmail.com> Message-ID: I do the same: modify each parser to ignore various lines (such as timestamped items) -- is this the wrong method for ignoring certain config diffs? -- Eric Cables On Thu, Jun 27, 2013 at 10:54 PM, Alan McKinnon wrote: > On 28/06/2013 00:18, heasley wrote: > > Wed, Jun 19, 2013 at 11:39:31PM +0200, Alan McKinnon: > >> Rancid could really benefit from some kind of call-out mechanism where > >> we can add our own local tweaks and keep them out of the main code, but > >> unfortunately 2.3.x doesn't have this. > >> > >> Perhaps a worthy addition to the 3.0 series! > > > > What do you mean 'call-out mechanism'? in 3.0 you can tell rancid which > > module to include (need to add functionality to include multiple modules) > > and tell it what function to use to parse the output. > > > > Yes, something like that. > > The problem I face is I've forked every parser script I use, and it's > always to add or remove entire commands or individual regexes. These > things work best when the regex definition is treated as data out of a > config, not as pure code > > I still haven't fully read the 3.0 code yet, so I could well be asking > for something you've already done > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: