From maxime.baudin at ac-rennes.fr Mon Mar 3 15:59:39 2014 From: maxime.baudin at ac-rennes.fr (Maxime Baudin) Date: Mon, 03 Mar 2014 16:59:39 +0100 Subject: [rancid] Nortel Support In-Reply-To: <1F169C33264F9A43928391FE5D100EA6B47D87@MSG-P-VIR-M-62.mtolympus.partners.directs.com> References: <1F169C33264F9A43928391FE5D100EA6B47D87@MSG-P-VIR-M-62.mtolympus.partners.directs.com> Message-ID: <5314A6EB.70102@ac-rennes.fr> Le 30/01/2014 17:38, AJ Schroeder a ?crit : > > Hello list, > > I finally got the Nortel switches in my environment backing up > properly with RANCID. I made separate scripts for the baystack and ERS > switches in our environment. As I was googling around I know that > adding support for these switches has been discussed in the past but I > never saw an answer. Would the devs of RANCID be interested in adding > support for these Nortel devices? > Hi again. I've tested the "nortel" side of your scripts and it works very well !! thanks a lot. Here is the list of tested hardware : * Avaya 4548 (POE and non-POE) Software version = v5.6.1.053 * Avaya 5510/5530 : Software version = v6.2.5.027 and Software version = v6.2.0.008 * Avaya 5650 : Software version = v6.2.5.027 4548 needs : 'banner disabled' command 5xxx needs : 'banner disabled' and 'cmd-interface cli' commands I've noticed two issues : 1/ As you mentionned, there is a "logout" in the config file 2/ the nortellogin script tries to log in 2 or 3 times in the same connection, I didn't find out why. I'll try to find out for the 2 issues. Hope the scripts will be added in future version of rancid. best regards, Maxime -- Maxime Baudin - Rectorat de Rennes SERIA-R, 8 rue Jean-Julien Lemordant - 35000 Rennes Tel : 02 23 42 16 88 Fax : 16 60 E-mail :Maxime.Baudin(at)ac-rennes.fr -------------- next part -------------- An HTML attachment was scrubbed... URL: From fmikus at acktomic.com Wed Mar 5 16:29:01 2014 From: fmikus at acktomic.com (Francois Mikus) Date: Wed, 05 Mar 2014 11:29:01 -0500 Subject: [rancid] Nortel Support In-Reply-To: <5314A6EB.70102@ac-rennes.fr> References: <1F169C33264F9A43928391FE5D100EA6B47D87@MSG-P-VIR-M-62.mtolympus.partners.directs.com> <5314A6EB.70102@ac-rennes.fr> Message-ID: <531750CD.5070207@acktomic.com> Hello, I have implemented good ERS-1600, ERS-8600, ERS-8800 and baystack 470 support. Glad to see 45xx support, I will definitely give it a try! The only one that is causing an issue at this time is the baystacks. After a variable number of runs (100s or 1000s) the ssh sessions become stuck on the baystacks and eventuallly all 3 available connections are stuck and the switch needs to be rebooted. :-( I expected this is related to how rancid closes the ssh connection, but I haven't spent much time on testing a fix. I will put them up on my web site. Thank you, Francois Mikus On 2014-03-03 10:59, Maxime Baudin wrote: > Le 30/01/2014 17:38, AJ Schroeder a ?crit : >> >> Hello list, >> >> I finally got the Nortel switches in my environment backing up >> properly with RANCID. I made separate scripts for the baystack and >> ERS switches in our environment. As I was googling around I know that >> adding support for these switches has been discussed in the past but >> I never saw an answer. Would the devs of RANCID be interested in >> adding support for these Nortel devices? >> > > Hi again. > > I've tested the "nortel" side of your scripts and it works very well !! > thanks a lot. > > Here is the list of tested hardware : > > * Avaya 4548 (POE and non-POE) Software version = v5.6.1.053 > > * Avaya 5510/5530 : Software version = v6.2.5.027 and Software version > = v6.2.0.008 > > * Avaya 5650 : Software version = v6.2.5.027 > > 4548 needs : 'banner disabled' command > 5xxx needs : 'banner disabled' and 'cmd-interface cli' commands > > > I've noticed two issues : > > 1/ As you mentionned, there is a "logout" in the config file > 2/ the nortellogin script tries to log in 2 or 3 times in the same > connection, I didn't find out why. > > I'll try to find out for the 2 issues. > > Hope the scripts will be added in future version of rancid. > > best regards, > Maxime > > -- > Maxime Baudin - Rectorat de Rennes > SERIA-R, 8 rue Jean-Julien Lemordant - 35000 Rennes > Tel : 02 23 42 16 88 Fax : 16 60 > E-mail :Maxime.Baudin(at)ac-rennes.fr > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From RSiegel at ise.com Mon Mar 17 18:40:32 2014 From: RSiegel at ise.com (Siegel, Richard) Date: Mon, 17 Mar 2014 18:40:32 +0000 Subject: [rancid] multiple files Message-ID: <78B57EE73C038C4A88A8CEDC5993771C61DE563F@cc-exc01a.office.iseoptions.com> Good day! I am new to rancid git, and had a question regarding extensibility of functionality for using rancid against directory of xml files on a server. Could a single device class (a vendor) write out multiple .new files? Has anyone done anything like this, or can refer me to it? I get that I specify a device, and it creates a device.new, and tell rancid about this new class of device. But could I create a device-myfile1.new and a device-myfile2.new and will something like this work or is this not what will be expected... I hope this is clear. Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Mon Mar 17 19:47:33 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 17 Mar 2014 21:47:33 +0200 Subject: [rancid] multiple files In-Reply-To: <78B57EE73C038C4A88A8CEDC5993771C61DE563F@cc-exc01a.office.iseoptions.com> References: <78B57EE73C038C4A88A8CEDC5993771C61DE563F@cc-exc01a.office.iseoptions.com> Message-ID: <53275155.5060500@gmail.com> On 17/03/2014 20:40, Siegel, Richard wrote: > Good day! I am new to rancid git, and had a question regarding > extensibility of functionality for using rancid against directory of xml > files on a server. > > > > Could a single device class (a vendor) write out multiple .new files? > Has anyone done anything like this, or can refer me to it? I get that I > specify a device, and it creates a device.new, and tell rancid about > this new class of device. But could I create a device-myfile1.new and a > device-myfile2.new and will something like this work or is this not what > will be expected? > > > > I hope this is clear. rancid is software so anything is possible but I fear you will need to do a large amount of refactoring first before your idea will work. The files you mention are opened for reading in the script "rancid" on line 2069; the other parser scripts will have equivalent code. The reason I suspect you will need to heavily refactor things is the process the system follows: 1. rancid-run is executed and launches rancid_control for each LIST_OF_GROUPS 2. control_rancid reads router.db and launches rancid-fe for each device 3. rancid-fe launches the specific parser for that device type 4. The parser (eg. the rancid script) logs into the device, runs the list of commands for that type, grabs the output, stores it, *****, and processes it line by line. Then stores the new latest copy if changed in a repo. What you desire to do is to inject new data at point *** in #4 above. The code is simply not written to take account of this - it's at line 2069 in the script "rancid" - and all the prior setup actions that usually happen will not happen in your case. Hence why I say the code must be refactored. It might be an interesting exercise to find out exactly what it will take to do this (I can think of several edge cases on my network where I could use such a feature) but to the best of my knowledge no-one has done it yet. The use of XML is also going to cause a world of pain, CVS does not cope nicely with it. Devs know that XML is really like a gigantic associative array where order of tags doesn't matter and newlines between tags are mostly optional. Especially with in-house code, the on-disk format is liable to change without warning and this drives CVS nuts. It will then drive you nuts. XML is truly an awful storage format, it really only does well in transport. You might have to pass your data files through a pretty printer first to ensure a consistent format before you can rely on rancid's diffs. -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Mon Mar 17 20:09:27 2014 From: heas at shrubbery.net (heasley) Date: Mon, 17 Mar 2014 20:09:27 +0000 Subject: [rancid] multiple files In-Reply-To: <53275155.5060500@gmail.com> References: <78B57EE73C038C4A88A8CEDC5993771C61DE563F@cc-exc01a.office.iseoptions.com> <53275155.5060500@gmail.com> Message-ID: <20140317200927.GC28400@shrubbery.net> Mon, Mar 17, 2014 at 09:47:33PM +0200, Alan McKinnon: > On 17/03/2014 20:40, Siegel, Richard wrote: > > Good day! I am new to rancid git, and had a question regarding > > extensibility of functionality for using rancid against directory of xml > > files on a server. > > > > > > > > Could a single device class (a vendor) write out multiple .new files? > > Has anyone done anything like this, or can refer me to it? I get that I > > specify a device, and it creates a device.new, and tell rancid about > > this new class of device. But could I create a device-myfile1.new and a > > device-myfile2.new and will something like this work or is this not what > > will be expected? > > > > > > > > I hope this is clear. > > > rancid is software so anything is possible but I fear you will need to > do a large amount of refactoring first before your idea will work. The > files you mention are opened for reading in the script "rancid" on line > 2069; the other parser scripts will have equivalent code. just poll the device twice, eg: two groups or a cname. i do this, using 3.0a, to collect regular and xml versions of juniper configs; so the xml collection is just a different device type. > The reason I suspect you will need to heavily refactor things is the > process the system follows: > > 1. rancid-run is executed and launches rancid_control for each > LIST_OF_GROUPS > 2. control_rancid reads router.db and launches rancid-fe for each device > 3. rancid-fe launches the specific parser for that device type > 4. The parser (eg. the rancid script) logs into the device, runs the > list of commands for that type, grabs the output, stores it, *****, and > processes it line by line. Then stores the new latest copy if changed in > a repo. > > What you desire to do is to inject new data at point *** in #4 above. > The code is simply not written to take account of this - it's at line > 2069 in the script "rancid" - and all the prior setup actions that > usually happen will not happen in your case. > > Hence why I say the code must be refactored. It might be an interesting > exercise to find out exactly what it will take to do this (I can think > of several edge cases on my network where I could use such a feature) > but to the best of my knowledge no-one has done it yet. > > The use of XML is also going to cause a world of pain, CVS does not cope > nicely with it. Devs know that XML is really like a gigantic associative > array where order of tags doesn't matter and newlines between tags are > mostly optional. Especially with in-house code, the on-disk format is > liable to change without warning and this drives CVS nuts. It will then > drive you nuts. > > XML is truly an awful storage format, it really only does well in XML is truly awful. > transport. You might have to pass your data files through a pretty > printer first to ensure a consistent format before you can rely on > rancid's diffs. > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Mon Mar 17 21:46:28 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 17 Mar 2014 23:46:28 +0200 Subject: [rancid] multiple files In-Reply-To: <20140317200927.GC28400@shrubbery.net> References: <78B57EE73C038C4A88A8CEDC5993771C61DE563F@cc-exc01a.office.iseoptions.com> <53275155.5060500@gmail.com> <20140317200927.GC28400@shrubbery.net> Message-ID: <53276D34.3090402@gmail.com> On 17/03/2014 22:09, heasley wrote: > Mon, Mar 17, 2014 at 09:47:33PM +0200, Alan McKinnon: >> On 17/03/2014 20:40, Siegel, Richard wrote: >>> Good day! I am new to rancid git, and had a question regarding >>> extensibility of functionality for using rancid against directory of xml >>> files on a server. >>> >>> >>> >>> Could a single device class (a vendor) write out multiple .new files? >>> Has anyone done anything like this, or can refer me to it? I get that I >>> specify a device, and it creates a device.new, and tell rancid about >>> this new class of device. But could I create a device-myfile1.new and a >>> device-myfile2.new and will something like this work or is this not what >>> will be expected? >>> >>> >>> >>> I hope this is clear. >> >> >> rancid is software so anything is possible but I fear you will need to >> do a large amount of refactoring first before your idea will work. The >> files you mention are opened for reading in the script "rancid" on line >> 2069; the other parser scripts will have equivalent code. > > just poll the device twice, eg: two groups or a cname. i do this, using 3.0a, > to collect regular and xml versions of juniper configs; so the xml collection > is just a different device type. I got the sense that the OP can't dynamically poll the devices, that most likely he only has the XML output that comes to him via some other process. But maybe I'm reading more into it than is there Guess we'll have to wait for Richard to clarify his need -- Alan McKinnon alan.mckinnon at gmail.com From rancid_mueller at gmx.de Thu Mar 20 09:27:18 2014 From: rancid_mueller at gmx.de (Hans Mueller) Date: Thu, 20 Mar 2014 10:27:18 +0100 Subject: [rancid] Cisco Banner Issue Message-ID: <532AB476.2060509@gmx.de> Hi, I'm trying to migrate my rancid installation from one box to another. Everything seems to work fine but there are login problems on some routers (about 10 %). The problems seems to be the "motd banner". If i try to login to these routers the login looks like this (the banner is orginal, without any changes): ------------------------------------------------------------- rancid at rancid(~)$ clogin g546.abcd.domain.net g546.abcd.domain.net spawn telnet g546.abcd.domain.net Trying 172.24.999.999... Connected to g546.abcd.domain.net. Escape character is '^]'. CC ********************************************************** * * * * * Routername: g546.abcd.domain.net * * * * Kunde: Hans Mueller * * Standort * * Strasse 81 * * 12345 Ortschaft * * * * * * Ansprechpartner: Frau Mueller * * Telefon: +49-1234-234-678 * * * * Kundennummer: 12436 * * Auftragsnummer: XY#763743 * * * * * ********************************************************** User Access Verification Username: User Access Verification Username: % User Access Verification Username: timeout expired!Connection closed by foreign host. Error: EOF received rancid at rancid(~)$ ------------------------------------------------------------- If i remove the banner, the login with clogin works fine. But i don't want to remove the banner. Rancid works fine on my old box but not on the new one. Software versions: Old debian box: Rancid: 2.3.8 Expect: 5.44.1.15 New debian box: Rancid: 2.3.7 Expect: 5.45 Here there any hints to solve this problem. Best regards Hans From alan.mckinnon at gmail.com Thu Mar 20 09:59:48 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 20 Mar 2014 11:59:48 +0200 Subject: [rancid] Cisco Banner Issue In-Reply-To: <532AB476.2060509@gmx.de> References: <532AB476.2060509@gmx.de> Message-ID: <532ABC14.4090109@gmail.com> On 20/03/2014 11:27, Hans Mueller wrote: > Hi, > > I'm trying to migrate my rancid installation from one box to another. > Everything seems to work fine but there are login problems on some > routers (about 10 %). The problems seems to be the "motd banner". If i > try to login to these routers the login looks like this (the banner is > orginal, without any changes): > ------------------------------------------------------------- > rancid at rancid(~)$ clogin g546.abcd.domain.net > g546.abcd.domain.net > spawn telnet g546.abcd.domain.net > Trying 172.24.999.999... > Connected to g546.abcd.domain.net. > Escape character is '^]'. > CC > ********************************************************** > * * > * * > * Routername: g546.abcd.domain.net * > * * > * Kunde: Hans Mueller * > * Standort * > * Strasse 81 * > * 12345 Ortschaft * > * * > * * > * Ansprechpartner: Frau Mueller * > * Telefon: +49-1234-234-678 * > * * > * Kundennummer: 12436 * > * Auftragsnummer: XY#763743 * ^ | | Remove this character. There's no easy way around this. clogin relies on a specific text pattern to detect the exact prompt used by the router cli. It needs this to know where one command starts and the next ends in the full output, and it uses ">" and "#" to do this. To have rancid (actually any product that works similarly to rancid) work reliably at all, you must consider those two characters to be banned in the banner. I've seen patches around over the years that try work around this but unfortunately they all seem to deal with specific cases on specific hardware and won't work universally in the general case. One possibility is ignore lines containing "#" that also have whitespace earlier in the line. Those always seem to be banner text and real-life cli prompts seldom contain whitespace hth, > * * > * * > ********************************************************** > > > User Access Verification > > Username: > > User Access Verification > > Username: > % > User Access Verification > > Username: timeout expired!Connection closed by foreign host. > > Error: EOF received > rancid at rancid(~)$ > > ------------------------------------------------------------- > > If i remove the banner, the login with clogin works fine. But i don't > want to remove the banner. > > Rancid works fine on my old box but not on the new one. > > Software versions: > Old debian box: > Rancid: 2.3.8 > Expect: 5.44.1.15 > > New debian box: > Rancid: 2.3.7 > Expect: 5.45 > > Here there any hints to solve this problem. > > Best regards > > Hans > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From rancid at ale.cx Thu Mar 20 14:13:22 2014 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 20 Mar 2014 14:13:22 +0000 Subject: [rancid] Cisco Banner Issue In-Reply-To: <532ABC14.4090109@gmail.com> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> Message-ID: <532AF782.3010901@ale.cx> On 20/03/14 09:59, Alan McKinnon wrote: > On 20/03/2014 11:27, Hans Mueller wrote: >> * Auftragsnummer: XY#763743 * >> One possibility is ignore lines containing "#" that also have whitespace >> earlier in the line. Those always seem to be banner text and real-life >> cli prompts seldom contain whitespace >> Yeah, surely the only time that the # is a prompt is when it's the last character on a line *and* no further output is forthcoming? alexd From alan.mckinnon at gmail.com Thu Mar 20 15:26:29 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Thu, 20 Mar 2014 17:26:29 +0200 Subject: [rancid] Cisco Banner Issue In-Reply-To: <532AF782.3010901@ale.cx> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> Message-ID: <532B08A5.30305@gmail.com> On 20/03/2014 16:13, Alex DEKKER wrote: > On 20/03/14 09:59, Alan McKinnon wrote: >> On 20/03/2014 11:27, Hans Mueller wrote: >>> * Auftragsnummer: XY#763743 * >>> One possibility is ignore lines containing "#" that also have whitespace >>> earlier in the line. Those always seem to be banner text and real-life >>> cli prompts seldom contain whitespace >>> > Yeah, surely the only time that the # is a prompt is when it's the last > character on a line *and* no further output is forthcoming? > > alexd In an ideal, theoretical world that is true. Neither of us live in such a world and prompts are often not what they should be. -- Alan McKinnon alan.mckinnon at gmail.com From elliot.wilen at aechelon.com Thu Mar 20 21:43:12 2014 From: elliot.wilen at aechelon.com (Elliot Wilen) Date: Thu, 20 Mar 2014 21:43:12 +0000 Subject: [rancid] Getting viewvc colored diffs to work Message-ID: <736C3AA4541A56418A535328BDC357592C32FB53@ATC1.corp.aechelon.com> There are a couple walkthroughs for setting up rancid + viewvc at http://www.shrubbery.net/rancid/#started, which were extremely helpful in terms of getting everything working. But I still found that viewvc's "colored diff" options weren't actually showing any colors. I just found the answer, so in the hope that this will help someone, here it is: Edit /etc/viewvc/viewvc.conf and comment out the line that reads docroot = /viewvc-static If you'd like, you could read the documentation above that line to make things work slightly more efficiently, but for my purposes this was enough. There's no need to restart httpd, although you may need to clear your browser cache before reloading the web page. As a bonus you also get some nice icons and logos. -- Elliot Wilen Sr. System Administrator Aechelon Technology E-Mail: elliot.wilen at aechelon.com From peo at chalmers.se Fri Mar 21 10:22:31 2014 From: peo at chalmers.se (Per-Olof Olsson) Date: Fri, 21 Mar 2014 11:22:31 +0100 Subject: [rancid] Cisco Banner Issue In-Reply-To: <532B08A5.30305@gmail.com> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> <532B08A5.30305@gmail.com> Message-ID: <532C12E7.8010906@chalmers.se> Alan McKinnon skrev 2014-03-20 16:26: > On 20/03/2014 16:13, Alex DEKKER wrote: >> On 20/03/14 09:59, Alan McKinnon wrote: >>> On 20/03/2014 11:27, Hans Mueller wrote: >>>> * Auftragsnummer: XY#763743 * >>>> One possibility is ignore lines containing "#" that also have whitespace >>>> earlier in the line. Those always seem to be banner text and real-life >>>> cli prompts seldom contain whitespace >>>> >> Yeah, surely the only time that the # is a prompt is when it's the last >> character on a line *and* no further output is forthcoming? >> >> alexd > > > > In an ideal, theoretical world that is true. Neither of us live in such > a world and prompts are often not what they should be. > > Yes and it's simple to fix. *** clogin 2014-03-21 11:14:48.163493260 +0100 --- clogin.new 2014-03-21 11:06:19.711260482 +0100 *************** *** 572,577 **** --- 572,580 ---- send -- "$passphrase\r" exp_continue } + -re "\[#>]+\[^\r\n]*\[\r\n]+" { + exp_continue + } -re "$u_prompt" { send -- "$user\r" set uprompt_seen 1 Also tested and include in hlogin. Then you can have how many # and > you like in banners. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From Michael.Josten at hs-niederrhein.de Mon Mar 24 08:23:36 2014 From: Michael.Josten at hs-niederrhein.de (Josten, Michael) Date: Mon, 24 Mar 2014 09:23:36 +0100 Subject: [rancid] -cloginrc ip range Message-ID: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49214@prometheus> Hello everyone, instead of using add method * {telnet} {ssh} I want to speed up everything by avoiding failed telnet login attempts on switches that are accessed via ssh as long as We haven't configured every switch to ssh access only. I am wondering if there is a way to configure ip address ranges as this example looks kinda bloated add method x.x.x.1 {ssh:10022} add method x.x.x.2 {telnet} add method x.x.x.3 {telnet} add method x.x.x.4 {telnet} add method x.x.x.5 {telnet} add method x.x.x.6 {telnet} add method x.x.x.8 {ssh:22} add method * {telnet} {ssh} best regards michael -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Mon Mar 24 12:08:02 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 24 Mar 2014 14:08:02 +0200 Subject: [rancid] -cloginrc ip range In-Reply-To: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49214@prometheus> References: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49214@prometheus> Message-ID: <53302022.2070709@gmail.com> .cloginrc supports the use of globs in the hostname/address field. It's a glob and not a regex, so you are somewhat limited in how you can express ranges. But nonetheless I can prove very useful. I can think of two other ways to make your life easier: - use default settings intelligently and only configure method for those devices that are different. - consider whether this aspect really needs optimizing or not. My devices across the board take an average of 30 seconds for clogin to login and finish running all commands and rancid runs 30 jobs in parallel. Failed ssh and telnet connections fail in about half a second. When added up the amount of time spent on failed connection attempts is miniscule and not worth bothering about. True, my devices send an explicit reset so I don't have to wait 30 seconds every time because port 23 went to some bit bucket in the sky :-) Not every network is set up like mine though. On 24/03/2014 10:23, Josten, Michael wrote: > Hello everyone, > > > > instead of using > > > > add method * {telnet} {ssh} > > > > I want to speed up everything by avoiding failed telnet login attempts > on switches that are accessed via ssh as long as > > We haven?t configured every switch to ssh access only. > > I am wondering if there is a way to configure ip address ranges as this > example looks kinda bloated > > > > add method x.x.x.1 {ssh:10022} > > add method x.x.x.2 {telnet} > > add method x.x.x.3 {telnet} > > add method x.x.x.4 {telnet} > > add method x.x.x.5 {telnet} > > add method x.x.x.6 {telnet} > > add method x.x.x.8 {ssh:22} > > add method * {telnet} {ssh} > > > > best regards > > michael > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From Michael.Josten at hs-niederrhein.de Mon Mar 24 13:43:16 2014 From: Michael.Josten at hs-niederrhein.de (Josten, Michael) Date: Mon, 24 Mar 2014 14:43:16 +0100 Subject: [rancid] -cloginrc ip range In-Reply-To: <53302022.2070709@gmail.com> References: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49214@prometheus> <53302022.2070709@gmail.com> Message-ID: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49216@prometheus> Thanks for your answer. I'll put some thoughts into those intelligent settings ;P some address ranges allow the use of wildcards. I already did some testing and it works quite well so far. -----Urspr?ngliche Nachricht----- Von: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Alan McKinnon Gesendet: Montag, 24. M?rz 2014 13:08 An: rancid-discuss at shrubbery.net Betreff: Re: [rancid] -cloginrc ip range .cloginrc supports the use of globs in the hostname/address field. It's a glob and not a regex, so you are somewhat limited in how you can express ranges. But nonetheless I can prove very useful. I can think of two other ways to make your life easier: - use default settings intelligently and only configure method for those devices that are different. - consider whether this aspect really needs optimizing or not. My devices across the board take an average of 30 seconds for clogin to login and finish running all commands and rancid runs 30 jobs in parallel. Failed ssh and telnet connections fail in about half a second. When added up the amount of time spent on failed connection attempts is miniscule and not worth bothering about. True, my devices send an explicit reset so I don't have to wait 30 seconds every time because port 23 went to some bit bucket in the sky :-) Not every network is set up like mine though. On 24/03/2014 10:23, Josten, Michael wrote: > Hello everyone, > > > > instead of using > > > > add method * {telnet} {ssh} > > > > I want to speed up everything by avoiding failed telnet login attempts > on switches that are accessed via ssh as long as > > We haven't configured every switch to ssh access only. > > I am wondering if there is a way to configure ip address ranges as > this example looks kinda bloated > > > > add method x.x.x.1 {ssh:10022} > > add method x.x.x.2 {telnet} > > add method x.x.x.3 {telnet} > > add method x.x.x.4 {telnet} > > add method x.x.x.5 {telnet} > > add method x.x.x.6 {telnet} > > add method x.x.x.8 {ssh:22} > > add method * {telnet} {ssh} > > > > best regards > > michael > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Mon Mar 24 13:46:31 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 24 Mar 2014 15:46:31 +0200 Subject: [rancid] -cloginrc ip range In-Reply-To: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49216@prometheus> References: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49214@prometheus> <53302022.2070709@gmail.com> <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49216@prometheus> Message-ID: <53303737.2080209@gmail.com> There was a very similar question posed about a month back, the poster was asking if clogin could use regexes instead of globs for the hostname field. IIRC one of the replies was a reasonable design about how it could be done, you might want to find that in the archives and read further. It would mean you'd have to patch and maintain clogin locally. On 24/03/2014 15:43, Josten, Michael wrote: > Thanks for your answer. I'll put some thoughts into those intelligent settings ;P some address ranges allow the use of wildcards. > I already did some testing and it works quite well so far. > > > -----Urspr?ngliche Nachricht----- > Von: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Alan McKinnon > Gesendet: Montag, 24. M?rz 2014 13:08 > An: rancid-discuss at shrubbery.net > Betreff: Re: [rancid] -cloginrc ip range > > .cloginrc supports the use of globs in the hostname/address field. > It's a glob and not a regex, so you are somewhat limited in how you can express ranges. But nonetheless I can prove very useful. > > > I can think of two other ways to make your life easier: > > - use default settings intelligently and only configure method for those devices that are different. > > - consider whether this aspect really needs optimizing or not. My devices across the board take an average of 30 seconds for clogin to login and finish running all commands and rancid runs 30 jobs in parallel. Failed ssh and telnet connections fail in about half a second. > When added up the amount of time spent on failed connection attempts is miniscule and not worth bothering about. True, my devices send an explicit reset so I don't have to wait 30 seconds every time because port 23 went to some bit bucket in the sky :-) Not every network is set up like mine though. > > On 24/03/2014 10:23, Josten, Michael wrote: >> Hello everyone, >> >> >> >> instead of using >> >> >> >> add method * {telnet} {ssh} >> >> >> >> I want to speed up everything by avoiding failed telnet login attempts >> on switches that are accessed via ssh as long as >> >> We haven't configured every switch to ssh access only. >> >> I am wondering if there is a way to configure ip address ranges as >> this example looks kinda bloated >> >> >> >> add method x.x.x.1 {ssh:10022} >> >> add method x.x.x.2 {telnet} >> >> add method x.x.x.3 {telnet} >> >> add method x.x.x.4 {telnet} >> >> add method x.x.x.5 {telnet} >> >> add method x.x.x.6 {telnet} >> >> add method x.x.x.8 {ssh:22} >> >> add method * {telnet} {ssh} >> >> >> >> best regards >> >> michael >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- Alan McKinnon alan.mckinnon at gmail.com From bertrand.kurtzemann at stef.com Tue Mar 25 16:00:26 2014 From: bertrand.kurtzemann at stef.com (Bertrand Kurtzemann) Date: Tue, 25 Mar 2014 16:00:26 +0000 (UTC) Subject: [rancid] rancid not writing configurations to /config/ file References: Message-ID: Bertrand Kurtzemann stef.com> writes: > > > > Hello, > ? > I installed some ?5800AF-48G? and ?5500-48G EI? Switches and I need to save the config in Rancid. > > ? > Can you tell me where can I download the h3clogin and h3crancid files ?? > ? > Thanks a lot !! > ? > Cordialement, > Kind regards, > Mit freundlichen Gr??en, > > ? > Bertrand Kurtzemann > Service Informatique - Responsable EDI > STEF Transport Direction R?gionale EST > 108, rte de JOUY > 57160 Moulins-L?s-Metz > > +33 3 87 56 52 23 > > (fax +33 3.87.169.630) > +33 6 20 73 58 82bertrand.kurtzemann stef.com > ? > Avant d'imprimer ce mail, pensez ? l'environnement ! > ? > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss Hello, Well, I corrected my problems. - Just review my parametres in .cloginrc - modify the directory in the first lines of h3clogin - modify the name of the peral program in the first line of h3crancid It run well Thanks a lot !! Bertrand Kurtzemann From malmgren at skyfire.com Wed Mar 26 21:22:05 2014 From: malmgren at skyfire.com (Matt Almgren) Date: Wed, 26 Mar 2014 14:22:05 -0700 Subject: [rancid] Is there a working f5rancid script for 10.1 and 11.4 ? Message-ID: Hi all, I'm looking for a working f5rancid script for the following: We have a mix of f5 devices that are running either 10.1/10.2(bigpipe) or 11.4 (tmsh). Our configured "rancid" user is logging in via TACACS and is dropped into the advanced shell. Using the original f5rancid script, of course there's no tmsh commands, so it fails for the 11.4 devices. So I downloaded the latest f5rancid script from the github repo here: https://github.com/dotwaffle/rancid-git/blob/master/bin/f5rancid.in, which has tmsh commands in it, but it doesn't work as I think it should and brings up more questions. When I run the f5rancid script manually I see that it doesn't look like it's choosing the tmsh commands. Is there something I am missing to tell it to use tmsh? I would think it can grok that from the command prompt, but I'm not sure of the logic. I tried looking at the f5rancid script and I see where it's supposed to make the choice, but my perl skills suck. [rancid at sfo-admin007 bin]$ ./f5rancid -d mtv-lb001 executing clogin -t 90 -c "bigpipe version 2>&1" mtv-lb001 executing clogin -t 90 -c "bigpipe version;bigpipe platform;cat /config/bigip.license;bigpipe monitor list all;bigpipe profile list;bigpipe base list;bigpipe db show;bigpipe route static show;bigpipe list" mtv-lb001 sh: clogin: command not found mtv-lb001: missed cmd(s): bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,bigpipe version,bigpipe profile list,bigpipe list mtv-lb001: missed cmd(s): bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,bigpipe version,bigpipe profile list,bigpipe list mtv-lb001: End of run not found mtv-lb001: End of run not found # [rancid at sfo-admin007 bin]$ Clogin shows that it is able to login and lands in the advanced shell: [rancid at sfo-admin007 root]$ /usr/local/rancid/bin/clogin mtv-lb001 mtv-lb001 spawn ssh -c 3des -x -l rancid mtv-lb001 Password: Last login: Wed Mar 26 13:58:46 2014 from 10.102.128.27 [rancid at mtv-lb001:Active:Standalone] ~ # Anyone got a working f5 script and brief README they can share with me? Thanks, Matt -- Matt Almgren | Sr. Network Engineer 779 Evelyn Ave, Suite 200 Mountain View, CA 94041 Mobile: 408.499.9669 [cid:1CFB777E-88E3-4BCE-BCDD-3AB882F248DB] ________________________________ This message is being sent by Skyfire Labs. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 59F43D28-06AA-430E-8E95-7B1F1F738B61.png Type: image/png Size: 14827 bytes Desc: 59F43D28-06AA-430E-8E95-7B1F1F738B61.png URL: From malmgren at skyfire.com Wed Mar 26 22:29:58 2014 From: malmgren at skyfire.com (Matt Almgren) Date: Wed, 26 Mar 2014 15:29:58 -0700 Subject: [rancid] Is there a working f5rancid script for 10.1 and 11.4 ? In-Reply-To: References: Message-ID: Update, I found that the new f5rancid script couldn't find the "clogin" script, but now after adding the relative path, it looks like the script times out after issuing the second command in the command table. If I issue that command string in the CLI myself exactly as shown, I see no problems. * f5rancid* [rancid at mtv-lb001:Active:St./f5rancid -d mtv-lb001 executing clogin -t 90 -c "bigpipe version 2>&1" mtv-lb001 The F5 says to use tmsh, using tmsh command table for config collection. executing clogin -t 90 -c "tmsh show /sys version;tmsh show /sys hardware;tmsh show /sys license;cat /config/ZebOS.conf;lsof -i :179;tmsh show /net route static;tmsh -q list" mtv-lb001 PROMPT MATCH: \[rancid at mtv-lb001:Active:Standalone\] ~ # HIT COMMAND:[rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys version In ShowVersion: [rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys version HIT COMMAND:[rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys hardware In ShowHardware: [rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys hardware ^C [rancid at sfo-admin007 bin]$ * manual* [rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys version;tmsh show /sys hardware Sys::Version Main Package Product BIG-IP Version 11.4.1 Build 625.0 Edition Hotfix HF1 Date Wed Oct 23 20:28:39 PDT 2013 Hotfix List ID431391 ID433880 ID432225 ID431356 ID432140 ID425846 ID434970 ID429768 ID433863 ID424999 ID432746 ID424328 ID273176 ID429187 ID426874 ID426742 ID426929 ID432748 ID431393 ID427955 ID431744 ID430848 ID430551 ID421045 ID431900 ID428698 ID428700 ID432711 ID425090 ID428622 ID429127 ID419082 ID429580 ID420883 ID425603 ID432805 ID420335 ID427415 ID431742 ID431292 ID425003 ID431660 ID431212 ID420718 ID427673 ID428031 ID428843 Sys::Hardware Chassis Fan Status Index Status Fan Speed(rpm) 1 up 9642 2 up 10546 3 up 9926 Thanks, Matt From: Matt Almgren > Date: Wednesday, March 26, 2014 2:22 PM To: "Rancid-discuss at shrubbery.net" > Subject: Is there a working f5rancid script for 10.1 and 11.4 ? Hi all, I'm looking for a working f5rancid script for the following: We have a mix of f5 devices that are running either 10.1/10.2(bigpipe) or 11.4 (tmsh). Our configured "rancid" user is logging in via TACACS and is dropped into the advanced shell. Using the original f5rancid script, of course there's no tmsh commands, so it fails for the 11.4 devices. So I downloaded the latest f5rancid script from the github repo here: https://github.com/dotwaffle/rancid-git/blob/master/bin/f5rancid.in, which has tmsh commands in it, but it doesn't work as I think it should and brings up more questions. When I run the f5rancid script manually I see that it doesn't look like it's choosing the tmsh commands. Is there something I am missing to tell it to use tmsh? I would think it can grok that from the command prompt, but I'm not sure of the logic. I tried looking at the f5rancid script and I see where it's supposed to make the choice, but my perl skills suck. [rancid at sfo-admin007 bin]$ ./f5rancid -d mtv-lb001 executing clogin -t 90 -c "bigpipe version 2>&1" mtv-lb001 executing clogin -t 90 -c "bigpipe version;bigpipe platform;cat /config/bigip.license;bigpipe monitor list all;bigpipe profile list;bigpipe base list;bigpipe db show;bigpipe route static show;bigpipe list" mtv-lb001 sh: clogin: command not found mtv-lb001: missed cmd(s): bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,bigpipe version,bigpipe profile list,bigpipe list mtv-lb001: missed cmd(s): bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,bigpipe version,bigpipe profile list,bigpipe list mtv-lb001: End of run not found mtv-lb001: End of run not found # [rancid at sfo-admin007 bin]$ Clogin shows that it is able to login and lands in the advanced shell: [rancid at sfo-admin007 root]$ /usr/local/rancid/bin/clogin mtv-lb001 mtv-lb001 spawn ssh -c 3des -x -l rancid mtv-lb001 Password: Last login: Wed Mar 26 13:58:46 2014 from 10.102.128.27 [rancid at mtv-lb001:Active:Standalone] ~ # Anyone got a working f5 script and brief README they can share with me? Thanks, Matt -- Matt Almgren | Sr. Network Engineer 779 Evelyn Ave, Suite 200 Mountain View, CA 94041 Mobile: 408.499.9669 [cid:1CFB777E-88E3-4BCE-BCDD-3AB882F248DB] ________________________________ This message is being sent by Skyfire Labs. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 59F43D28-06AA-430E-8E95-7B1F1F738B61.png Type: image/png Size: 14827 bytes Desc: 59F43D28-06AA-430E-8E95-7B1F1F738B61.png URL: From SRonan at eexchange.com Thu Mar 27 00:49:13 2014 From: SRonan at eexchange.com (Shane Ronan) Date: Thu, 27 Mar 2014 00:49:13 +0000 Subject: [rancid] Issue with Cisco 6500 Message-ID: I have a strange issue with some 6500?s that I am hoping someone here can help me explain. When I run ?clogin -t 90 -c"show version?? it logs in correctly, the banner passes, it goes to a command line, and clogin issues ?terminal length 0? at which point the switch stops responding and eventually times out. Has anyone experienced anything similar? Shane Ronan, Vice President ? Technology Architect State Street Global Exchange | 600 College Road East | Princeton, NJ 08540 P (212) 259-3023 | M (347) 413-4503 sronan at eexchange.co ________________________________ http://www.statestreet.com/emaildisclaimer/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Mar 27 04:36:02 2014 From: heas at shrubbery.net (John Heasley) Date: Thu, 27 Mar 2014 17:36:02 +1300 Subject: [rancid] Issue with Cisco 6500 In-Reply-To: <20140327005605.C2588409E6@sea.shrubbery.net> References: <20140327005605.C2588409E6@sea.shrubbery.net> Message-ID: > Am Mar 27, 2014 um 1:49 PM schrieb Shane Ronan : > > I have a strange issue with some 6500?s that I am hoping someone here can help me explain. > > When I run ?clogin -t 90 -c"show version?? it logs in correctly, the banner passes, it goes to a command line, and clogin issues ?terminal length 0? at which point the switch stops responding and eventually times out. > Possibly you have > or # in your banner? > Has anyone experienced anything similar? > > Shane Ronan, Vice President ? Technology Architect > State Street Global Exchange | 600 College Road East | Princeton, NJ 08540 > P (212) 259-3023 | M (347) 413-4503 > sronan at eexchange.co > > > http://www.statestreet.com/emaildisclaimer/ > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at visser.name Fri Mar 28 02:00:07 2014 From: jeremy at visser.name (Jeremy Visser) Date: Fri, 28 Mar 2014 13:00:07 +1100 Subject: [rancid] Multiple devices, multiple ports, one hostname Message-ID: <5334D7A7.7020200@visser.name> I have a number of branch locations, each with a single public IPv4 address, and am given a corresponding DNS name (siteXX.customer.com). TCP port 22 is the SSH interface to the branch router, and TCP port 222 is NAPT-forwarded to a phone system sitting behind the router. Currently the router is being tracked by RANCID, but I would like to track the phone system too. But I fail to see how I could do that, given they would end up having the same hostname. Any suggestions? From alan.mckinnon at gmail.com Fri Mar 28 06:02:23 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 28 Mar 2014 08:02:23 +0200 Subject: [rancid] Multiple devices, multiple ports, one hostname In-Reply-To: <5334D7A7.7020200@visser.name> References: <5334D7A7.7020200@visser.name> Message-ID: <5335106F.6060308@gmail.com> On 28/03/2014 04:00, Jeremy Visser wrote: > I have a number of branch locations, each with a single public IPv4 address, and am given a corresponding DNS name (siteXX.customer.com). > > TCP port 22 is the SSH interface to the branch router, and TCP port 222 is NAPT-forwarded to a phone system sitting behind the router. > > Currently the router is being tracked by RANCID, but I would like to track the phone system too. But I fail to see how I could do that, given they would end up having the same hostname. > > Any suggestions? Add a customized entry to DNS for the phone system, perhaps something along the lines of siteXX.YY.customer.com where YY is a suitable decorator for the phone system. If you can't change DNS then you could use the local /etc/hosts file. Ugly, but works -- Alan McKinnon alan.mckinnon at gmail.com From malmgren at skyfire.com Fri Mar 28 20:54:55 2014 From: malmgren at skyfire.com (Matt Almgren) Date: Fri, 28 Mar 2014 13:54:55 -0700 Subject: [rancid] Is there a working f5rancid script for 10.1 and 11.4 ? In-Reply-To: References: Message-ID: Hey all, I'm still looking for an f5rancid script. Anybody have one they'd be willing to share and I'd love to test it! :) Thanks, Matt From: Matt Almgren > Date: Wednesday, March 26, 2014 3:29 PM To: "Rancid-discuss at shrubbery.net" > Subject: Re: Is there a working f5rancid script for 10.1 and 11.4 ? Update, I found that the new f5rancid script couldn't find the "clogin" script, but now after adding the relative path, it looks like the script times out after issuing the second command in the command table. If I issue that command string in the CLI myself exactly as shown, I see no problems. * f5rancid* [rancid at mtv-lb001:Active:St./f5rancid -d mtv-lb001 executing clogin -t 90 -c "bigpipe version 2>&1" mtv-lb001 The F5 says to use tmsh, using tmsh command table for config collection. executing clogin -t 90 -c "tmsh show /sys version;tmsh show /sys hardware;tmsh show /sys license;cat /config/ZebOS.conf;lsof -i :179;tmsh show /net route static;tmsh -q list" mtv-lb001 PROMPT MATCH: \[rancid at mtv-lb001:Active:Standalone\] ~ # HIT COMMAND:[rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys version In ShowVersion: [rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys version HIT COMMAND:[rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys hardware In ShowHardware: [rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys hardware ^C [rancid at sfo-admin007 bin]$ * manual* [rancid at mtv-lb001:Active:Standalone] ~ # tmsh show /sys version;tmsh show /sys hardware Sys::Version Main Package Product BIG-IP Version 11.4.1 Build 625.0 Edition Hotfix HF1 Date Wed Oct 23 20:28:39 PDT 2013 Hotfix List ID431391 ID433880 ID432225 ID431356 ID432140 ID425846 ID434970 ID429768 ID433863 ID424999 ID432746 ID424328 ID273176 ID429187 ID426874 ID426742 ID426929 ID432748 ID431393 ID427955 ID431744 ID430848 ID430551 ID421045 ID431900 ID428698 ID428700 ID432711 ID425090 ID428622 ID429127 ID419082 ID429580 ID420883 ID425603 ID432805 ID420335 ID427415 ID431742 ID431292 ID425003 ID431660 ID431212 ID420718 ID427673 ID428031 ID428843 Sys::Hardware Chassis Fan Status Index Status Fan Speed(rpm) 1 up 9642 2 up 10546 3 up 9926 Thanks, Matt From: Matt Almgren > Date: Wednesday, March 26, 2014 2:22 PM To: "Rancid-discuss at shrubbery.net" > Subject: Is there a working f5rancid script for 10.1 and 11.4 ? Hi all, I'm looking for a working f5rancid script for the following: We have a mix of f5 devices that are running either 10.1/10.2(bigpipe) or 11.4 (tmsh). Our configured "rancid" user is logging in via TACACS and is dropped into the advanced shell. Using the original f5rancid script, of course there's no tmsh commands, so it fails for the 11.4 devices. So I downloaded the latest f5rancid script from the github repo here: https://github.com/dotwaffle/rancid-git/blob/master/bin/f5rancid.in, which has tmsh commands in it, but it doesn't work as I think it should and brings up more questions. When I run the f5rancid script manually I see that it doesn't look like it's choosing the tmsh commands. Is there something I am missing to tell it to use tmsh? I would think it can grok that from the command prompt, but I'm not sure of the logic. I tried looking at the f5rancid script and I see where it's supposed to make the choice, but my perl skills suck. [rancid at sfo-admin007 bin]$ ./f5rancid -d mtv-lb001 executing clogin -t 90 -c "bigpipe version 2>&1" mtv-lb001 executing clogin -t 90 -c "bigpipe version;bigpipe platform;cat /config/bigip.license;bigpipe monitor list all;bigpipe profile list;bigpipe base list;bigpipe db show;bigpipe route static show;bigpipe list" mtv-lb001 sh: clogin: command not found mtv-lb001: missed cmd(s): bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,bigpipe version,bigpipe profile list,bigpipe list mtv-lb001: missed cmd(s): bigpipe route static show,bigpipe base list,cat /config/bigip.license,bigpipe platform,bigpipe db show,bigpipe monitor list all,bigpipe version,bigpipe profile list,bigpipe list mtv-lb001: End of run not found mtv-lb001: End of run not found # [rancid at sfo-admin007 bin]$ Clogin shows that it is able to login and lands in the advanced shell: [rancid at sfo-admin007 root]$ /usr/local/rancid/bin/clogin mtv-lb001 mtv-lb001 spawn ssh -c 3des -x -l rancid mtv-lb001 Password: Last login: Wed Mar 26 13:58:46 2014 from 10.102.128.27 [rancid at mtv-lb001:Active:Standalone] ~ # Anyone got a working f5 script and brief README they can share with me? Thanks, Matt -- Matt Almgren | Sr. Network Engineer 779 Evelyn Ave, Suite 200 Mountain View, CA 94041 Mobile: 408.499.9669 [cid:1CFB777E-88E3-4BCE-BCDD-3AB882F248DB] ________________________________ This message is being sent by Skyfire Labs. It is intended exclusively for the individuals and entities to which it is addressed. This communication, including any attachments, may contain information that is proprietary, privileged, confidential, or otherwise subject to restrictions on disclosure pursuant to applicable law. If you are not the named addressee, you are not authorized to read, print, retain copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of this message. This message is protected by applicable legal privileges and is confidential. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 59F43D28-06AA-430E-8E95-7B1F1F738B61.png Type: image/png Size: 14827 bytes Desc: 59F43D28-06AA-430E-8E95-7B1F1F738B61.png URL: From heas at shrubbery.net Mon Mar 31 00:33:30 2014 From: heas at shrubbery.net (heasley) Date: Mon, 31 Mar 2014 00:33:30 +0000 Subject: [rancid] -cloginrc ip range In-Reply-To: <53303737.2080209@gmail.com> References: <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49214@prometheus> <53302022.2070709@gmail.com> <9BDA0B754D62C64FBE6B0CFFA429C47A24E6E49216@prometheus> <53303737.2080209@gmail.com> Message-ID: <20140331003330.GK89679@shrubbery.net> Mon, Mar 24, 2014 at 03:46:31PM +0200, Alan McKinnon: > There was a very similar question posed about a month back, the poster > was asking if clogin could use regexes instead of globs for the hostname > field. expect glob does support []s, so just be careful about escaping and you can use a\.b\.c\.\[0-9]. http://my.safaribooksonline.com/book/operating-systems-and-server-administration/unix/9781565920903/glob-patterns-and-other-basics/glob_patterns_and_other_basics > IIRC one of the replies was a reasonable design about how it could be > done, you might want to find that in the archives and read further. It > would mean you'd have to patch and maintain clogin locally. > > > On 24/03/2014 15:43, Josten, Michael wrote: > > Thanks for your answer. I'll put some thoughts into those intelligent settings ;P some address ranges allow the use of wildcards. > > I already did some testing and it works quite well so far. > > > > > > -----Urspr?ngliche Nachricht----- > > Von: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Alan McKinnon > > Gesendet: Montag, 24. M?rz 2014 13:08 > > An: rancid-discuss at shrubbery.net > > Betreff: Re: [rancid] -cloginrc ip range > > > > .cloginrc supports the use of globs in the hostname/address field. > > It's a glob and not a regex, so you are somewhat limited in how you can express ranges. But nonetheless I can prove very useful. > > > > > > I can think of two other ways to make your life easier: > > > > - use default settings intelligently and only configure method for those devices that are different. > > > > - consider whether this aspect really needs optimizing or not. My devices across the board take an average of 30 seconds for clogin to login and finish running all commands and rancid runs 30 jobs in parallel. Failed ssh and telnet connections fail in about half a second. > > When added up the amount of time spent on failed connection attempts is miniscule and not worth bothering about. True, my devices send an explicit reset so I don't have to wait 30 seconds every time because port 23 went to some bit bucket in the sky :-) Not every network is set up like mine though. > > > > On 24/03/2014 10:23, Josten, Michael wrote: > >> Hello everyone, > >> > >> > >> > >> instead of using > >> > >> > >> > >> add method * {telnet} {ssh} > >> > >> > >> > >> I want to speed up everything by avoiding failed telnet login attempts > >> on switches that are accessed via ssh as long as > >> > >> We haven't configured every switch to ssh access only. > >> > >> I am wondering if there is a way to configure ip address ranges as > >> this example looks kinda bloated > >> > >> > >> > >> add method x.x.x.1 {ssh:10022} > >> > >> add method x.x.x.2 {telnet} > >> > >> add method x.x.x.3 {telnet} > >> > >> add method x.x.x.4 {telnet} > >> > >> add method x.x.x.5 {telnet} > >> > >> add method x.x.x.6 {telnet} > >> > >> add method x.x.x.8 {ssh:22} > >> > >> add method * {telnet} {ssh} > >> > >> > >> > >> best regards > >> > >> michael > >> > >> > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > >> > > > > > > -- > > Alan McKinnon > > alan.mckinnon at gmail.com > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Mar 31 03:57:54 2014 From: heas at shrubbery.net (heasley) Date: Mon, 31 Mar 2014 03:57:54 +0000 Subject: [rancid] Cisco Banner Issue In-Reply-To: <532C12E7.8010906@chalmers.se> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> <532B08A5.30305@gmail.com> <532C12E7.8010906@chalmers.se> Message-ID: <20140331035754.GJ93763@shrubbery.net> Fri, Mar 21, 2014 at 11:22:31AM +0100, Per-Olof Olsson: > Alan McKinnon skrev 2014-03-20 16:26: > > On 20/03/2014 16:13, Alex DEKKER wrote: > >> On 20/03/14 09:59, Alan McKinnon wrote: > >>> On 20/03/2014 11:27, Hans Mueller wrote: > >>>> * Auftragsnummer: XY#763743 * > >>>> One possibility is ignore lines containing "#" that also have whitespace > >>>> earlier in the line. Those always seem to be banner text and real-life > >>>> cli prompts seldom contain whitespace > >>>> > >> Yeah, surely the only time that the # is a prompt is when it's the last > >> character on a line *and* no further output is forthcoming? > >> > >> alexd > > > > > > > > In an ideal, theoretical world that is true. Neither of us live in such > > a world and prompts are often not what they should be. > > > > > > Yes and it's simple to fix. > > *** clogin 2014-03-21 11:14:48.163493260 +0100 > --- clogin.new 2014-03-21 11:06:19.711260482 +0100 > *************** > *** 572,577 **** > --- 572,580 ---- > send -- "$passphrase\r" > exp_continue > } > + -re "\[#>]+\[^\r\n]*\[\r\n]+" { > + exp_continue > + } i maintain the assertion that you can not rely upon receiving complete lines. expect may see b or blah# or blah# or blah# there is no way to know what will be in the input buffer. ie: you may get lucky, but this is not a reliable fix. the only reliable fixes what i can think of would be to be more specific about prompt match (eg: a new clogin setting) for the given device or develop a process to wait to see if anything follows the # or >, which has its own set of pitfalls. if you disagree, please explain why. > -re "$u_prompt" { > send -- "$user\r" > set uprompt_seen 1 > > > Also tested and include in hlogin. > > Then you can have how many # and > you like in banners. > > > /Peo > ---------------------------------------------------------- > Per-Olof Olsson Email: peo at chalmers.se > Chalmers tekniska h?gskola IT-service > Arvid Hedvalls backe 6 412 96 G?teborg > Tel: 031/772 6738 Fax: 031/772 8680 > ---------------------------------------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From rancid_mueller at gmx.de Mon Mar 31 13:51:28 2014 From: rancid_mueller at gmx.de (Hans Mueller) Date: Mon, 31 Mar 2014 15:51:28 +0200 Subject: [rancid] Alcatel-Lucent Support 7330 ISAM FTTN (ANSI) Message-ID: An HTML attachment was scrubbed... URL: From rancid at ale.cx Mon Mar 31 20:34:33 2014 From: rancid at ale.cx (Alex DEKKER) Date: Mon, 31 Mar 2014 21:34:33 +0100 Subject: [rancid] Cisco Banner Issue In-Reply-To: <20140331035754.GJ93763@shrubbery.net> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> <532B08A5.30305@gmail.com> <532C12E7.8010906@chalmers.se> <20140331035754.GJ93763@shrubbery.net> Message-ID: <5339D159.8000409@ale.cx> On 31/03/14 04:57, heasley wrote: > develop a process to wait to see if > anything follows the # or >, which has its own set of pitfalls. I [sitting in my armchair, not being the developer] think this idea has some mileage. Would it be unreasonable to wait n seconds after a # to determine that it's a prompt? Obviously if you do this then you'd have to add a knob to tweak for those who are taking backups over satellite links &c. Perhaps you could be a bit cleverer - if a router is delivering 20 lines/sec of output, then you'll know within 0.5sec if it's finished, although some seem to always be slow when delivering certain sections of config. Pitfalls indeed! alexd From alan.mckinnon at gmail.com Mon Mar 31 21:20:47 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 31 Mar 2014 23:20:47 +0200 Subject: [rancid] Cisco Banner Issue In-Reply-To: <5339D159.8000409@ale.cx> References: <532AB476.2060509@gmx.de> <532ABC14.4090109@gmail.com> <532AF782.3010901@ale.cx> <532B08A5.30305@gmail.com> <532C12E7.8010906@chalmers.se> <20140331035754.GJ93763@shrubbery.net> <5339D159.8000409@ale.cx> Message-ID: <5339DC2F.4070200@gmail.com> On 31/03/2014 22:34, Alex DEKKER wrote: > On 31/03/14 04:57, heasley wrote: >> develop a process to wait to see if >> anything follows the # or >, which has its own set of pitfalls. > > I [sitting in my armchair, not being the developer] think this idea has > some mileage. Would it be unreasonable to wait n seconds after a # to > determine that it's a prompt? Obviously if you do this then you'd have > to add a knob to tweak for those who are taking backups over satellite > links &c. > > Perhaps you could be a bit cleverer - if a router is delivering 20 > lines/sec of output, then you'll know within 0.5sec if it's finished, > although some seem to always be slow when delivering certain sections of > config. Pitfalls indeed! There have been many good suggestions on dealing with prompts, and all of them are quite workable when the prompt behaves as it should. Some solutions are tweaked for specific hardware but they still work within that definition. The downfall however is this thing called real life, it seldom does what it should. I've lost count of the number of bizarre behaviours I see in real life around prompts: here's a common one our entire team has given up on and learned to just live with: ^C^C^C^ #^C^C^C What on earth is 0x03 doing in there? I really have no idea, but I have to deal with it, and with similar junk. Eventually I had to get pragmatic and issue a decree from on high that the first > and # will indicate the prompt. I'm lucky in that I can get away with this, other sites are not so lucky. All in all I believe John's stance is the correct one for the supported shipped versions of *login. However a case can be made for hosting a few patchsets that modify prompt detection and clearly document the requirements that must be in place to use them properly. Admins can then use these at their discretion. -- Alan McKinnon alan.mckinnon at gmail.com