[rancid] Panrancid with PAN 6.0

[Hughes, Doug]

Hrm. Yes, I had it correct the first time. (oof, busy day)

‘on’ is needed to prevent this ‘feature’:
line: rancid at FIREWALL(active)> set rancid at FIREWALL(active)> set cli rancid at FIREWALL(active)> set cli pager rancid at FIREWALL(active)> set cli pager off

After each space, it does essentially a rewrite of the line as it tried to ‘auto-correct’ you from typing the wrong thing. This gets in the way of parsing with expect quite heavily, so I attempt to disable it as soon as possible. If set cli scripting-mode on does not cause this to stop (and it looks like it doesn’t), then that appears to be a bug. You can also see this by using type script:

Here’s how it looks at the command line:
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
admin at paloalto.en's password: 
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
Welcome admin.
admin at paloalto.en> set cli scripting-mode on
admin at paloalto.en> set cli ? <ENTER here>

Invalid syntax.
admin at paloalto.en> exit


Here's how it looks in the corresponding typescript file:
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
admin at paloalto.en's password: ^M
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com^M^M
Welcome admin.^M
admin at paloalto.en> set ^M^[[Kadmin at paloalto.en> set cli ^M^[[Kadmin at paloalto.en>
 set cli scripting-mode ^M^[[Kadmin at paloalto.en> set cli scripting-mode on^M
admin at paloalto.en> set cli ?^M
^M
Invalid syntax.^M
admin at paloalto.en> exit^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M

Script done on Tue 17 Jun 2014 03:25:34 PM EDT

If 'set cli scripting-mode on' doesn't disable the 'space' feature, then the rest of the expect is very iffy at best and difficult to manage

Here's another way to confirm the behavior

Type config <space>

If it autocompletes to 'configure', then cli scripting-mode is not on and results *will* vary. 
Disabling the pager is also important since it disables the --more-- when show config is running.

I am running 6.0.2 but no HA on PA-3020 and PA-2050



From: Chip Pleasants [mailto:wpleasants at gmail.com] 
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

Tried it on both versions.  Seems like they both yield the same result.  Doesn't the script turn cli scripting-mode on? Or do we don't really care that's its on or off?




user at FIREWALLV6(active)> set cli scripting-mode off
user at FIREWALLV6(active)> set cli scripting-mode 
  off   off 
  on    on 

user at FIREWALLV6(active)> set cli scripting-mode 






user at FIREWALLV5(active)> set cli scripting-mode off
user at FIREWALLV5(active)> set cli scripting-mode 
  off   off 
  on    on 

user at FIREWALLV5(active)> set cli scripting-mode 



-Chip


On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <Douglas.Hughes at deshawresearch.com> wrote:
Sorry, I meant ‘off’, you need to set it to off and then try the ? test.
 
From: Chip Pleasants [mailto:wpleasants at gmail.com] 
Sent: Tuesday, June 17, 2014 2:48 PM

To: Hughes, Doug
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0
 
Here's what I get. I get the same result from a version 5.x PA. I removed the "set cli scripting-mode on" from the script to test. Version 5.x PA works and version 6.x PA end up with the same result. 
 
 
user at FIREWALL(active)> set cli scripting-mode on
user at FIREWALL(active)> set cli scripting-mode ?
? is not one of <on|off>
 
Invalid syntax.
user at FIREWALL(active)> 
 
 
 
line: rancid at FIREWALL(active)> set rancid at FIREWALL(active)> set cli rancid at FIREWALL(active)> set cli pager rancid at FIREWALL(active)> set cli pager off
PROMPT MATCH: rancid at FIREWALL\(active\)[#>]
HIT COMMAND:rancid at FIREWALL(active)> set rancid at FIREWALL(active)> set cli rancid at FIREWALL(active)> set cli pager rancid at FIREWALL(active)> set cli pager off
 
COMMAND is: set cli pager off|EatCommand
HIT COMMAND:rancid at FIREWALL(active)> show rancid at FIREWALL(active)> show system rancid at FIREWALL(active)> show system info
 
COMMAND is: show system info|ShowInfo
    In ShowInfo:: rancid at FIREWALL(active)> show rancid at FIREWALL(active)> show system rancid at FIREWALL(active)> show system info
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
[rancid at server rancid]$
 
 
 
 
On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <Douglas.Hughes at deshawresearch.com> wrote:
Ah, you are running in HA mode I see. That could be throwing things off, but I think I fixed that in 2013 sometime.
(I don’t run any in HA)
 
It looks to me like ‘set cli scripting-mode on’ is failing
 
To confirm this, login to the PA at command line, then type set cli scripting-mode on
 
Now type “set cli scripting-mode ?”
 
If you get any sort of command completion, the cli scripting mode setting is not working and needs to be turned into a PA bug report. That is what it looks like it is happening by looking at the command staggering for subsequent lines.
 
From: Chip Pleasants [mailto:wpleasants at gmail.com] 
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0
 
Thanks Doug. I am running the most recent version, but for grins I replaced them anyway.  Still seeing the issue on two sets. The others seem to work fine. Anything I provide that help find the trouble?
 
-Chip
 
 
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <Douglas.Hughes at deshawresearch.com> wrote:
Yes, it’s working for me. Are you using the latest? (attached)
 
 
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Panrancid with PAN 6.0
 
Does anyone have Panrancid working with PAN version 6.0.2?  I have four sets running PAN version 5.0.11 without an issues.  Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions. 
 
Cheers,
 
Chip
 
 
[rancid at cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com 
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line:                                 NOTICE TO USERS              
line:   This is an official computer system and is the property of POOP Incorporated. 
line:   It is for authorized users only.  Unauthorized  users are prohibited. 
line:   Users (authorized or unauthorized) have no  explicit or implicit expectation of 
line:   privacy.  Any or all uses of this system may be subject to one or more of the 
line:   following actions:  interception, monitoring, recording, auditing, inspection and
line:   disclosing to security personnel and law enforcement personnel, as well as 
line:   authorized officials of other agencies, both domestic and foreign. By using this 
line:   system, the user consents to these actions.  Unauthorized or improper use of 
line:   this system may result in administrative disciplinary action and civil and criminal 
line:   penalties.  By accessing this system you indicate your awareness of and
line:   consent to these terms and conditions of use. Discontinue access immediately 
line:   if you do not agree to the conditions stated in this notice.
line: 
line: Password: 
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
line: 
line: rancid at CMH1-Z4-F01(active)> 
line: rancid at CMH1-Z4-F01(active)> 
line: rancid at CMH1-Z4-F01(active)> set rancid at CMH1-Z4-F01(active)> set cli rancid at CMH1-Z4-F01(active)> set cli scripting-mode rancid at CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: rancid at CMH1-Z4-F01\(active\)[#>]
HIT COMMAND:rancid at CMH1-Z4-F01(active)> set rancid at CMH1-Z4-F01(active)> set cli rancid at CMH1-Z4-F01(active)> set cli scripting-mode rancid at CMH1-Z4-F01(active)> set cli scripting-mode on
 
COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:rancid at CMH1-Z4-F01(active)> set rancid at CMH1-Z4-F01(active)> set cli rancid at CMH1-Z4-F01(active)> set cli pager rancid at CMH1-Z4-F01(active)> set cli pager off
 
COMMAND is: set cli pager off|EatCommand
HIT COMMAND:rancid at CMH1-Z4-F01(active)> show rancid at CMH1-Z4-F01(active)> show system rancid at CMH1-Z4-F01(active)> show system info
 
COMMAND is: show system info|ShowInfo
    In ShowInfo:: rancid at CMH1-Z4-F01(active)> show rancid at CMH1-Z4-F01(active)> show system rancid at CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z4-f01.domain.com : End of run not found