From arlarndk at gmail.com  Thu Oct  2 11:36:16 2014
From: arlarndk at gmail.com (Arne Larsen)
Date: Thu, 02 Oct 2014 13:36:16 +0200
Subject: [rancid] vs nexus5596 and port-profile
Message-ID: <542D38B0.5030206@gmail.com>

Hi all.

Can someone give me a hint what to do.

We are using port-profiles on the nexus boxes, but the output from show 
running are missing characters.

How can I add a command like show port-profile to nx-rancid, or how can 
I get around the missing number of characthers

/Arne

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141002/70bbcb1e/attachment.html>

From lee.e.rian at census.gov  Thu Oct  2 20:35:29 2014
From: lee.e.rian at census.gov (lee.e.rian at census.gov)
Date: Thu, 2 Oct 2014 16:35:29 -0400
Subject: [rancid] show sdm prefer
Message-ID: <OF546477C8.1CFFA0ED-ON85257D65.00711CDA-85257D65.00711CDC@census.gov>

When processing "show sdm prefer" seems to me the "On next reload" value is worth saving in rancid.

ios.pm in sub ShowSDM {
  if (/current template is|next reload/) { 

gives me this bit for a box waiting to be reloaded:
!
!SDM:  The current template is "desktop routing" template.
!SDM:  On next reload, template will be "desktop IPv4 and IPv6 default" template.
!


& any reason for not saving all of it?

c3750#sh sdm pre
?The current template is "desktop routing" template.
?The selected template optimizes the resources in
?the switch to support this level of features for
?8 routed interfaces and 1024 VLANs.

? number of unicast mac addresses:????????????????? 3K
? number of IPv4 IGMP groups + multicast routes:??? 1K
? number of IPv4 unicast routes:??????????????????? 11K
??? number of directly-connected IPv4 hosts:??????? 3K
??? number of indirect IPv4 routes:???????????????? 8K
? number of IPv4 policy based routing aces:???????? 0.5K
? number of IPv4/MAC qos aces:????????????????????? 0.5K
? number of IPv4/MAC security aces:???????????????? 1K

?On next reload, template will be "desktop IPv4 and IPv6 default" template.

c3750#

Regards,
Lee

From dan.w.anderson at gmail.com  Thu Oct  2 17:24:07 2014
From: dan.w.anderson at gmail.com (Dan Anderson)
Date: Thu, 2 Oct 2014 13:24:07 -0400
Subject: [rancid] vs nexus5596 and port-profile
In-Reply-To: <542D38B0.5030206@gmail.com>
References: <542D38B0.5030206@gmail.com>
Message-ID: <CACtj+7dyBvOCZr43vEPWyxmGiftaxC=76rCKNUKJuaQiTQs+yA@mail.gmail.com>

I'm guessing that you mean switch-profiles, as those commands aren't always
in the running config. Port-profiles should be visible, although ports
using them would only have an "inherit port-profile" line in place of all
of the inherited configuration.

The very quick and dirty way would be to edit nxrancid and find the line
that says:

    {'show running-config'      => 'WriteTerm'},

and add a line above it similar to:

    {'show running-config switch-profile'      => 'WriteTerm'},

A cleaner approach would be to clone the WriteTerm sub in the nxrancid to
something like WriteTermSwitchProfile and call that, making sure to change
the:

    return(-1) if (/\% Invalid command at /);

line to

    return(1) if (/\% Invalid command at /);

to accommodate switches that don't take that command. You could also clean
up all of the username/snmp matches in that config, as most of that can't
be replicated to other switches via the switch-profile.


HTH

On Thu, Oct 2, 2014 at 7:36 AM, Arne Larsen <arlarndk at gmail.com> wrote:

>  Hi all.
>
>
>
> Can someone give me a hint what to do.
>
> We are using port-profiles on the nexus boxes, but the output from show
> running are missing characters.
>
> How can I add a command like show port-profile to nx-rancid, or how can I
> get around the missing number of characthers
>
>
>
> /Arne
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>



-- 
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141002/b4d72752/attachment.html>

From LArntz at host.net  Fri Oct  3 18:34:40 2014
From: LArntz at host.net (Luke Arntz)
Date: Fri, 3 Oct 2014 18:34:40 +0000
Subject: [rancid] issue with missed cmd(s)
Message-ID: <673e574ea04f44fbb5a12f0a4700727f@mbx01.corp.host.net>

Hi everyone!

I'm trying to resolve an issue with missed commands.  We have many devices that work properly with no errors.  We are using version 2.3.6.  I've tried a separate install of 3.1 and it has the same issue.  I did copy the cvs repository for use with 3.1.

The device is a Cisco 2921. I've searched through the message boards as thoroughly as I could, but I haven't come up with an answer that works.  Originally the missed command was write term.  I commented that out in the rancid and cat5command files.  Now I just get the same error with show running-config.

Any help would be greatly appreciated!  Thank you.

Here are the logs....

Trying to get all of the configs.
xx.xx.xx.net: missed cmd(s): show running-config
=====================================
Getting missed routers: round 1.
xx.xx.xx.net: missed cmd(s): show running-config
=====================================
Getting missed routers: round 2.
xx.xx.xx.net: missed cmd(s): show running-config
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141003/d9b3b203/attachment.html>

From alan.mckinnon at gmail.com  Fri Oct  3 19:27:28 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Fri, 03 Oct 2014 21:27:28 +0200
Subject: [rancid] issue with missed cmd(s)
In-Reply-To: <673e574ea04f44fbb5a12f0a4700727f@mbx01.corp.host.net>
References: <673e574ea04f44fbb5a12f0a4700727f@mbx01.corp.host.net>
Message-ID: <542EF8A0.2070205@gmail.com>

On 03/10/2014 20:34, Luke Arntz wrote:
> Hi everyone!
> 
>  
> 
> I?m trying to resolve an issue with missed commands.  We have many
> devices that work properly with no errors.  We are using version 2.3.6. 
> I?ve tried a separate install of 3.1 and it has the same issue.  I did
> copy the cvs repository for use with 3.1.
> 
>  
> 
> The device is a Cisco 2921. I?ve searched through the message boards as
> thoroughly as I could, but I haven?t come up with an answer that works. 
> Originally the missed command was write term.  I commented that out in
> the rancid and cat5command files.  Now I just get the same error with
> show running-config.
> 
>  
> 
> Any help would be greatly appreciated!  Thank you.
> 
>  
> 
> Here are the logs?.
> 
>  
> 
> Trying to get all of the configs.
> 
> xx.xx.xx.net: missed cmd(s): show running-config
> 
> =====================================
> 
> Getting missed routers: round 1.
> 
> xx.xx.xx.net: missed cmd(s): show running-config
> 
> =====================================
> 
> Getting missed routers: round 2.
> 
> xx.xx.xx.net: missed cmd(s): show running-config


That's a common catch-all error, what it means is that rancid knows it
fired off the command but can't find the point in the output where it
starts. That's all the script knows so it can't give a more specific
error message. There are quite a few reasons I've seen why this can
happen, they all require manual intervention and eyeballs.

Assuming your 2921 is configured as a cisco run

rancid -d <device_name>

and read the output closely. Also run the exact clogin command that
rancid launches and look at the result closely. It's very likely you
will have a "#" or ">" in your banner, that really messes up the works
as rancid can't reliably find the command prompt.



-- 
Alan McKinnon
alan.mckinnon at gmail.com


From LArntz at host.net  Fri Oct  3 20:24:32 2014
From: LArntz at host.net (Luke Arntz)
Date: Fri, 3 Oct 2014 20:24:32 +0000
Subject: [rancid] issue with missed cmd(s)
In-Reply-To: <542EF8A0.2070205@gmail.com>
References: <673e574ea04f44fbb5a12f0a4700727f@mbx01.corp.host.net>
 <542EF8A0.2070205@gmail.com>
Message-ID: <6d9780610bf4418fa862799f6d148499@mbx01.corp.host.net>

Thank you Alan! You are a God among men!

There was a cisco password expiration warning  upon login that contained a few '>' characters. 

Problem resolved!  Have a great weekend. 



-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon
Sent: Friday, October 03, 2014 3:27 PM
To: rancid-discuss at shrubbery.net
Subject: Re: [rancid] issue with missed cmd(s)

On 03/10/2014 20:34, Luke Arntz wrote:
> Hi everyone!
> 
>  
> 
> I'm trying to resolve an issue with missed commands.  We have many
> devices that work properly with no errors.  We are using version 2.3.6. 
> I've tried a separate install of 3.1 and it has the same issue.  I did
> copy the cvs repository for use with 3.1.
> 
>  
> 
> The device is a Cisco 2921. I've searched through the message boards as
> thoroughly as I could, but I haven't come up with an answer that works. 
> Originally the missed command was write term.  I commented that out in
> the rancid and cat5command files.  Now I just get the same error with
> show running-config.
> 
>  
> 
> Any help would be greatly appreciated!  Thank you.
> 
>  
> 
> Here are the logs....
> 
>  
> 
> Trying to get all of the configs.
> 
> xx.xx.xx.net: missed cmd(s): show running-config
> 
> =====================================
> 
> Getting missed routers: round 1.
> 
> xx.xx.xx.net: missed cmd(s): show running-config
> 
> =====================================
> 
> Getting missed routers: round 2.
> 
> xx.xx.xx.net: missed cmd(s): show running-config


That's a common catch-all error, what it means is that rancid knows it
fired off the command but can't find the point in the output where it
starts. That's all the script knows so it can't give a more specific
error message. There are quite a few reasons I've seen why this can
happen, they all require manual intervention and eyeballs.

Assuming your 2921 is configured as a cisco run

rancid -d <device_name>

and read the output closely. Also run the exact clogin command that
rancid launches and look at the result closely. It's very likely you
will have a "#" or ">" in your banner, that really messes up the works
as rancid can't reliably find the command prompt.



-- 
Alan McKinnon
alan.mckinnon at gmail.com

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

From alan.mckinnon at gmail.com  Sun Oct  5 16:49:55 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Sun, 05 Oct 2014 18:49:55 +0200
Subject: [rancid] issue with missed cmd(s)
In-Reply-To: <6d9780610bf4418fa862799f6d148499@mbx01.corp.host.net>
References: <673e574ea04f44fbb5a12f0a4700727f@mbx01.corp.host.net>
 <542EF8A0.2070205@gmail.com>
 <6d9780610bf4418fa862799f6d148499@mbx01.corp.host.net>
Message-ID: <543176B3.6070408@gmail.com>

On 03/10/2014 22:24, Luke Arntz wrote:
> Thank you Alan! You are a God among men!
> 
> There was a cisco password expiration warning  upon login that contained a few '>' characters. 
> 
> Problem resolved!  Have a great weekend. 



:-)

Thanks for the vote of confidence but I'm just a regular guy who's had
to deal with networking kit for a while, some of it sunk in eventually.

Unfortunately, it's things like this that rancid can't reliably detect
so in the real world you'll find you need your eyeballs and brains every
now and then.



> 
> 
> 
> -----Original Message-----
> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alan McKinnon
> Sent: Friday, October 03, 2014 3:27 PM
> To: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] issue with missed cmd(s)
> 
> On 03/10/2014 20:34, Luke Arntz wrote:
>> Hi everyone!
>>
>>  
>>
>> I'm trying to resolve an issue with missed commands.  We have many
>> devices that work properly with no errors.  We are using version 2.3.6. 
>> I've tried a separate install of 3.1 and it has the same issue.  I did
>> copy the cvs repository for use with 3.1.
>>
>>  
>>
>> The device is a Cisco 2921. I've searched through the message boards as
>> thoroughly as I could, but I haven't come up with an answer that works. 
>> Originally the missed command was write term.  I commented that out in
>> the rancid and cat5command files.  Now I just get the same error with
>> show running-config.
>>
>>  
>>
>> Any help would be greatly appreciated!  Thank you.
>>
>>  
>>
>> Here are the logs....
>>
>>  
>>
>> Trying to get all of the configs.
>>
>> xx.xx.xx.net: missed cmd(s): show running-config
>>
>> =====================================
>>
>> Getting missed routers: round 1.
>>
>> xx.xx.xx.net: missed cmd(s): show running-config
>>
>> =====================================
>>
>> Getting missed routers: round 2.
>>
>> xx.xx.xx.net: missed cmd(s): show running-config
> 
> 
> That's a common catch-all error, what it means is that rancid knows it
> fired off the command but can't find the point in the output where it
> starts. That's all the script knows so it can't give a more specific
> error message. There are quite a few reasons I've seen why this can
> happen, they all require manual intervention and eyeballs.
> 
> Assuming your 2921 is configured as a cisco run
> 
> rancid -d <device_name>
> 
> and read the output closely. Also run the exact clogin command that
> rancid launches and look at the result closely. It's very likely you
> will have a "#" or ">" in your banner, that really messes up the works
> as rancid can't reliably find the command prompt.
> 
> 
> 


-- 
Alan McKinnon
alan.mckinnon at gmail.com


From gavinj84 at gmail.com  Tue Oct  7 07:27:48 2014
From: gavinj84 at gmail.com (Gavin Jones)
Date: Tue, 7 Oct 2014 18:27:48 +1100
Subject: [rancid] RHEL7 RANCID 3.1 SSH KeyExchange
Message-ID: <CALHDtgLYXpQ1KJFW8vRtH5hgWZ6JMJBonbJpiQLj4T0hEVpKQg@mail.gmail.com>

Hi All,

There I have an issue for RHEL7 with SSH and older Cisco IOS's to login.

What happens is the KeyExchange stops the SSH Connection from retrieving
the config from the switch.

[rancid at ranc01 ~]# ssh -v user at switch1

debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by switch1


- The fix is to change the keyexchange algorithm for the host. (but this
does not fix rancid)

vim /etc/ssh/ssh_config  &&  ~/.ssh/config
chmod -v 600  ~/.ssh/config

[root at ranc01 ~]#

Host 192.168.1.1
      KexAlgorithms diffie-hellman-group14-sha1
Host 192.168.1.1
      KexAlgorithms diffie-hellman-group14-sha1


Now I can ssh fine from the terminal, however in RANCID it still fails.

 I see you have cyphertype as a parameter for the .cloginrc but NO
 KexAlgorithms option, you can have a read in the man ssh_config for more
info.


Had issues on both these IOS's:

sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9_NPE-M), Version
15.0(1)M3, RELEASE SOFTWARE (fc2)


sh ver
Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(20)T6,
RELEASE SOFTWARE (fc2)

Here is the version of SSH:

[root at ranc01 ~]# rpm -qa | grep -i openssh-clients
openssh-clients-6.4p1-8.el7.x86_64

These are the errors I get in the RANCID log:

switch01: missed cmd(s): all commands
switch01 clogin error: Error: Connection closed (ssh): switch01
switch01: End of run not found

Anyone else had similar experiences?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141007/a09111a4/attachment.html>

From heas at shrubbery.net  Tue Oct  7 18:11:16 2014
From: heas at shrubbery.net (heasley)
Date: Tue, 7 Oct 2014 18:11:16 +0000
Subject: [rancid] RHEL7 RANCID 3.1 SSH KeyExchange
In-Reply-To: <CALHDtgLYXpQ1KJFW8vRtH5hgWZ6JMJBonbJpiQLj4T0hEVpKQg@mail.gmail.com>
References: <CALHDtgLYXpQ1KJFW8vRtH5hgWZ6JMJBonbJpiQLj4T0hEVpKQg@mail.gmail.com>
Message-ID: <20141007181116.GN82566@shrubbery.net>

Tue, Oct 07, 2014 at 06:27:48PM +1100, Gavin Jones:
> Hi All,
> 
> There I have an issue for RHEL7 with SSH and older Cisco IOS's to login.
> 
> What happens is the KeyExchange stops the SSH Connection from retrieving
> the config from the switch.
> 
> [rancid at ranc01 ~]# ssh -v user at switch1
> 
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> Connection closed by switch1
> 
> 
> - The fix is to change the keyexchange algorithm for the host. (but this
> does not fix rancid)

it should not be any different via rancid; it does not ignore the .ssh/config.
the host matching in your ssh config may not be correct; eg: IP vs hostname.

> vim /etc/ssh/ssh_config  &&  ~/.ssh/config
> chmod -v 600  ~/.ssh/config
> 
> [root at ranc01 ~]#
> 
> Host 192.168.1.1
>       KexAlgorithms diffie-hellman-group14-sha1
> Host 192.168.1.1
>       KexAlgorithms diffie-hellman-group14-sha1

you can use Host * and include multiple algorithms.

> 
> Now I can ssh fine from the terminal, however in RANCID it still fails.
> 
>  I see you have cyphertype as a parameter for the .cloginrc but NO
>  KexAlgorithms option, you can have a read in the man ssh_config for more
> info.
> 
> 
> Had issues on both these IOS's:
> 
> sh ver
> Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9_NPE-M), Version
> 15.0(1)M3, RELEASE SOFTWARE (fc2)
> 
> 
> sh ver
> Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 12.4(20)T6,
> RELEASE SOFTWARE (fc2)
> 
> Here is the version of SSH:
> 
> [root at ranc01 ~]# rpm -qa | grep -i openssh-clients
> openssh-clients-6.4p1-8.el7.x86_64
> 
> These are the errors I get in the RANCID log:
> 
> switch01: missed cmd(s): all commands
> switch01 clogin error: Error: Connection closed (ssh): switch01
> switch01: End of run not found
> 
> Anyone else had similar experiences?
> 
> Thanks

From perand at abc.se  Wed Oct  8 14:48:06 2014
From: perand at abc.se (Per Andersson)
Date: Wed, 8 Oct 2014 16:48:06 +0200
Subject: [rancid] Rancid and Checkpoint Gaia.
Message-ID: <CALWOmw+uX39HuoBkitvsFgeTuHvhfM_oBSTF6QR2T2v1zfFGYQ@mail.gmail.com>

Hello.

Has anybody done a *rancid for Gaia yet ? I am trying to get one running,
but my programming skills are limited. Basically all one needs is to execute
"set clienv rows 0" after login to disable pager, and then "show
configuration" to
collect all local configuration such as ntp, authentication, routing,
interfaces.

/Per
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141008/78c56792/attachment.html>

From bgmilne at staff.telkomsa.net  Thu Oct  9 08:01:15 2014
From: bgmilne at staff.telkomsa.net (Buchan Milne)
Date: Thu, 09 Oct 2014 10:01:15 +0200
Subject: [rancid] xrrancid vs. IOS-XR on Cisco ASR9000 (ASR9K)
Message-ID: <1412841675.12945.10.camel@seaknight.telkomsa.net>

We have been using rancid successfully with IOS- and IOS-XE-based
devices for some time, and we haven't had any real problems.

However, we have replaced some of these devices with Cisco ASR9000s, and
have had trouble with rancid on these. At present we are running IOS-XR
4.3.1 on most, but we have a few running 5.1.2.

The problem seems to be that xrrancid doesn't realise it has retrieved
all the results of the commands, and thus times out waiting for more
data.

If I manually run xrrancid, this still happens:

$ time xrrancid -d $device
executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt
no-timestamp;admin show version;admin show install summary;admin show
license;admin show variables boot;show redundancy secondary;show install
active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all
compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all
disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all
disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
harddiska:;dir /all harddiskb:;dir /all slavenvram:;dir /all
slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all
slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all
slavedisk2:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all
sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
controllers;admin show running;admin show diag;admin show inventory
raw;show vlan;show debug;show rpl maximum;show running-config" $device

...

$device: missed cmd(s): show running-config,dir /all slot0:,admin show
env all,show debug,show vlan,show rpl maximum
$device: missed cmd(s): show running-config,dir /all slot0:,admin show
env all,show debug,show vlan,show rpl maximum
$device: End of run not found
$device: End of run not found
!

real    3m46.481s
user    0m0.900s
sys     0m0.120s


Naturally, if I use clogin and run the commands manually, they complete.

How can I troubleshoot this further?

This far I have been using the distro-supplied tcl/expect packages in
production, but I have applied the patches on my workstation, but they
made no difference.

On my workstation I am using the 2.3.8-1 package I created for Mageia:
http://svnweb.mageia.org/packages/cauldron/rancid/current/

(I have a 3.1 build, but need to consider whether I should add
post-upgrade scripts to change : to ; in router.db files - the behaviour
above was the same with this package)

Incidentally, I have in the past done some terminal-scraping with
IPC::Run, is there a reason why rancid still uses expect, when it might
be more reliable to handle this in the rancid perl script?

Regards,
Buchan


From alan.mckinnon at gmail.com  Thu Oct  9 09:09:59 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Thu, 09 Oct 2014 11:09:59 +0200
Subject: [rancid] xrrancid vs. IOS-XR on Cisco ASR9000 (ASR9K)
In-Reply-To: <1412841675.12945.10.camel@seaknight.telkomsa.net>
References: <1412841675.12945.10.camel@seaknight.telkomsa.net>
Message-ID: <543650E7.30707@gmail.com>

On 09/10/2014 10:01, Buchan Milne wrote:
> We have been using rancid successfully with IOS- and IOS-XE-based
> devices for some time, and we haven't had any real problems.
> 
> However, we have replaced some of these devices with Cisco ASR9000s, and
> have had trouble with rancid on these. At present we are running IOS-XR
> 4.3.1 on most, but we have a few running 5.1.2.
> 
> The problem seems to be that xrrancid doesn't realise it has retrieved
> all the results of the commands, and thus times out waiting for more
> data.
> 
> If I manually run xrrancid, this still happens:
> 
> $ time xrrancid -d $device
> executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt
> no-timestamp;admin show version;admin show install summary;admin show
> license;admin show variables boot;show redundancy secondary;show install
> active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all
> compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all
> disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all
> disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
> harddiska:;dir /all harddiskb:;dir /all slavenvram:;dir /all
> slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all
> slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all
> slavedisk2:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all
> sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
> sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
> controllers;admin show running;admin show diag;admin show inventory
> raw;show vlan;show debug;show rpl maximum;show running-config" $device
> 
> ...
> 
> $device: missed cmd(s): show running-config,dir /all slot0:,admin show
> env all,show debug,show vlan,show rpl maximum
> $device: missed cmd(s): show running-config,dir /all slot0:,admin show
> env all,show debug,show vlan,show rpl maximum
> $device: End of run not found
> $device: End of run not found
> !
> 
> real    3m46.481s
> user    0m0.900s
> sys     0m0.120s
> 
> 
> Naturally, if I use clogin and run the commands manually, they complete.
> 
> How can I troubleshoot this further?
> 
> This far I have been using the distro-supplied tcl/expect packages in
> production, but I have applied the patches on my workstation, but they
> made no difference.
> 
> On my workstation I am using the 2.3.8-1 package I created for Mageia:
> http://svnweb.mageia.org/packages/cauldron/rancid/current/
> 
> (I have a 3.1 build, but need to consider whether I should add
> post-upgrade scripts to change : to ; in router.db files - the behaviour
> above was the same with this package)
> 
> Incidentally, I have in the past done some terminal-scraping with
> IPC::Run, is there a reason why rancid still uses expect, when it might
> be more reliable to handle this in the rancid perl script?
> 
> Regards,
> Buchan

Hi Buchan

[ it's been a while :-) ]

You're on the right track, rancid is not detecting the start of a
command in the output (or perhaps not detecting the end of the previous
command).

Ideally I'd need the entire output of an xrrancid -d run on a failing
device, but that's not usually feasible, let's try this instead:

For each failing command, grab 5 or so lines of text from the output of
xrrancid -d above and below where clogin runs that command. There will
be something there that confuses the prompt detection code:

There's a regex that searches for /^$prompt/ and it gets easily
confused. I well recall one case with IS's XRs where one of the admin
show commands output wasn't ending properly with a newline making the
regex fail. Those are the kinds of oddities you need to look for.

There's also the old classic problem of having "#" or ">" characters in
your login banner, that one causes the entire run to fail.





-- 
Alan McKinnon
alan.mckinnon at gmail.com


From krok at krok.za.net  Sat Oct 11 17:59:37 2014
From: krok at krok.za.net (Shaun Krok)
Date: Sat, 11 Oct 2014 20:59:37 +0300
Subject: [rancid] rancid workinging with partitions v11.x tmsh F5 LTM
Message-ID: <ec5a2d7f35ccffb364148ab63d1e249e@krok.za.net>

Hi

I am busy to integrate Rancid into our network and have an issue with 
partitions on BIG IP LTM v11.x
All  works fine but Rancid does not backup all partitions ?
I am using the script from GIT with TMSH commands

This command work from bash : tmsh -q -c "cd /; list recursive" but 
does not from the script ..


This is a snip from the forum where the issue was identified but is 
anyone aware if there is a fix :

Thanks

Shaun

here is a working tmsh version in the rancid git repo.

The only thing that doesn't work when adjusting the script to list all
partition co config is a tmsh -q -c "cd /; list recursive" - it errors 
out
due to extra double quotes required by the -c option.
On Dec 6, 2012 8:57 PM, "Darius Seroka" <dariusjs at gmail.com> wrote:


Shaun Krok
Network Team


-- 
Shaun Krok
Tel: 050 2424 381

From krok at krok.za.net  Sun Oct 12 04:27:25 2014
From: krok at krok.za.net (Shaun Krok)
Date: Sun, 12 Oct 2014 07:27:25 +0300
Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM
Message-ID: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>

Hi

I am busy to integrate Rancid into our network and have an issue with 
partitions on BIG IP LTM v11.x
All  works fine but Rancid does not backup all partitions ?
I am using the script from GIT with TMSH commands

This command work from bash : tmsh -q -c "cd /; list recursive" but 
does not from the script ..


This is a snip from the forum where the issue was identified but is 
anyone aware if there is a fix :

Thanks

Shaun

here is a working tmsh version in the rancid git repo.

The only thing that doesn't work when adjusting the script to list all
partition co config is a tmsh -q -c "cd /; list recursive" - it errors 
out
due to extra double quotes required by the -c option.
On Dec 6, 2012 8:57 PM, "Darius Seroka" <dariusjs at gmail.com> wrote:


Shaun Krok
Network Team


-- 
Shaun Krok
Tel: 050 2424 381

From krok at krok.za.net  Mon Oct 13 05:13:15 2014
From: krok at krok.za.net (Shaun Krok)
Date: Mon, 13 Oct 2014 08:13:15 +0300
Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM
In-Reply-To: <CAM7FjJe5Or1ZuC0xD-XxcMrH38sXra_gUnBfZZrE2C--H+gqsA@mail.gmail.com>
References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>
 <CAM7FjJe5Or1ZuC0xD-XxcMrH38sXra_gUnBfZZrE2C--H+gqsA@mail.gmail.com>
Message-ID: <b0048098a46f1d0d57ce9c87b3133712@krok.za.net>

Thank your for the reply ---

i have created a bash script on the F5 and it works creating a 
test.file with all the config
the file is in /root/f5part

#!/bin/bash
tmsh -q -c 'cd / ;list recursive'

how do i call from f5rancid or do i have this all wrong ?


{'tmsh -q list' => 'WriteTermTMSH'},
#{'tmsh -q -c /"cd /;list recursive"/' => 'WriteTermTMSH'},



On 2014-10-13 06:13, Mick O'Rourke wrote:
> We found easiestquickest way to modify rancid-f5 - post 11.x version
> checkdetect, call a bash script under /root/bin which runs "tmsh -q 
> -c
> cd / ;list recursive" working around the rancid limitationerrors that
> resulted when ?cd / ;list recursive was added to rancid-f5 itself.
>
> On 12 October 2014 15:27, Shaun Krok <krok at krok.za.net [4]> wrote:
>
>> Hi
>>
>> I am busy to integrate Rancid into our network and have an issue
>> with partitions on BIG IP LTM v11.x
>> All? works fine but Rancid does not backup all partitions ?
>> I am using the script from GIT with TMSH commands
>>
>> This command work from bash : tmsh -q -c "cd /; list recursive" but
>> does not from the script ..
>>
>> This is a snip from the forum where the issue was identified but is
>> anyone aware if there is a fix :
>>
>> Thanks
>>
>> Shaun
>>
>> here is a working tmsh version in the rancid git repo.
>>
>> The only thing that doesnt work when adjusting the script to list
>> all
>> partition co config is a tmsh -q -c "cd /; list recursive" - it
>> errors out
>> due to extra double quotes required by the -c option.
>> On Dec 6, 2012 8:57 PM, "Darius Seroka" <dariusjs at gmail.com [1]>
>> wrote:
>>
>> Shaun Krok
>> Network Team
>>
>> --
>> Shaun Krok
>> Tel: 050 2424 381
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net [2]
>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss [3]
>
>
>
> Links:
> ------
> [1] http://gmail.com
> [2] mailto:Rancid-discuss at shrubbery.net
> [3] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> [4] mailto:krok at krok.za.net

-- 
Shaun Krok
Tel: 050 2424 381

From mkorourke at gmail.com  Mon Oct 13 03:13:34 2014
From: mkorourke at gmail.com (Mick O'Rourke)
Date: Mon, 13 Oct 2014 14:13:34 +1100
Subject: [rancid] rancid not working with partitions v11.x tmsh F5 LTM
In-Reply-To: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>
References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>
Message-ID: <CAM7FjJe5Or1ZuC0xD-XxcMrH38sXra_gUnBfZZrE2C--H+gqsA@mail.gmail.com>

We found easiest\quickest way to modify rancid-f5 - post 11.x version
check\detect, call a bash script under /root/bin which runs "tmsh -q -c 'cd
/ ;list recursive'" working around the rancid limitation\errors that
resulted when  'cd / ;list recursive' was added to rancid-f5 itself.

On 12 October 2014 15:27, Shaun Krok <krok at krok.za.net> wrote:

> Hi
>
> I am busy to integrate Rancid into our network and have an issue with
> partitions on BIG IP LTM v11.x
> All  works fine but Rancid does not backup all partitions ?
> I am using the script from GIT with TMSH commands
>
> This command work from bash : tmsh -q -c "cd /; list recursive" but does
> not from the script ..
>
>
> This is a snip from the forum where the issue was identified but is anyone
> aware if there is a fix :
>
> Thanks
>
> Shaun
>
> here is a working tmsh version in the rancid git repo.
>
> The only thing that doesn't work when adjusting the script to list all
> partition co config is a tmsh -q -c "cd /; list recursive" - it errors out
> due to extra double quotes required by the -c option.
> On Dec 6, 2012 8:57 PM, "Darius Seroka" <dariusjs at gmail.com> wrote:
>
>
> Shaun Krok
> Network Team
>
>
> --
> Shaun Krok
> Tel: 050 2424 381
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141013/6e696766/attachment.html>

From pdefinis at outsourceitcorp.com  Mon Oct 13 19:35:09 2014
From: pdefinis at outsourceitcorp.com (Pete DeFinis)
Date: Mon, 13 Oct 2014 19:35:09 +0000
Subject: [rancid] Error: check your password
Message-ID: <6DE04E2A60C8AD40844D70189A0E7EDA025C2D46E9@MAIL1.outsourceit.com>

HI,

  I'm having trouble getting RANCID to lo gin properly

WE have 4 switches with SSH only enabled and we authenticate to RADIUs.  So at the SSH prompt, we have to have a username and password and the n type en to enable priv exec.

I'm having trouble configuring RANIC dot authenticate, this is what we have now: (obviously sanitized)

Add 10.5.x.x autoenable 1
add method 10.5.x.x.* ssh
add user 10.5.x.x  rancidadmin
add password rancidpass

Can anyone help?

Thank you

Peter J. DeFinis

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141013/ab0e4586/attachment.html>

From alan.mckinnon at gmail.com  Mon Oct 13 19:46:18 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Mon, 13 Oct 2014 21:46:18 +0200
Subject: [rancid] Error: check your password
In-Reply-To: <6DE04E2A60C8AD40844D70189A0E7EDA025C2D46E9@MAIL1.outsourceit.com>
References: <6DE04E2A60C8AD40844D70189A0E7EDA025C2D46E9@MAIL1.outsourceit.com>
Message-ID: <543C2C0A.80205@gmail.com>

On 13/10/2014 21:35, Pete DeFinis wrote:
> HI,
> 
>  
> 
>   I?m having trouble getting RANCID to lo gin properly
> 
>  
> 
> WE have 4 switches with SSH only enabled and we authenticate to RADIUs. 
> So at the SSH prompt, we have to have a username and password and the n
> type en to enable priv exec. 
> 
>  
> 
> I?m having trouble configuring RANIC dot authenticate, this is what we
> have now: (obviously sanitized)
> 
>  
> 
> Add 10.5.x.x autoenable 1
> 
> add method 10.5.x.x.* ssh
> 
> add user 10.5.x.x  rancidadmin
> 
> add password rancidpass
> 
>  
> 
> Can anyone help?

Hi Peter,

What kind of errors do you get, and is it at the login stage, or the
enable stage?

If oyu run "clogin <ip address>" manually, does that work?

Lastly, what equipment is this that's giving you trouble (vendor, model,
OS)?


-- 
Alan McKinnon
alan.mckinnon at gmail.com


From ler762 at gmail.com  Mon Oct 13 21:03:04 2014
From: ler762 at gmail.com (Lee)
Date: Mon, 13 Oct 2014 17:03:04 -0400
Subject: [rancid] Error: check your password
In-Reply-To: <6DE04E2A60C8AD40844D70189A0E7EDA025C2D46E9@MAIL1.outsourceit.com>
References: <6DE04E2A60C8AD40844D70189A0E7EDA025C2D46E9@MAIL1.outsourceit.com>
Message-ID: <CAD8GWstWptn+jss9BfTnCiiYXaA=-UxRZyFdsdNDs9uXXTNjRg@mail.gmail.com>

On 10/13/14, Pete DeFinis <pdefinis at outsourceitcorp.com> wrote:
> HI,
>
>   I'm having trouble getting RANCID to lo gin properly
>
> WE have 4 switches with SSH only enabled and we authenticate to RADIUs.  So
> at the SSH prompt, we have to have a username and password and the n type en
> to enable priv exec.
>
> I'm having trouble configuring RANIC dot authenticate, this is what we have
> now: (obviously sanitized)
>
> Add 10.5.x.x autoenable 1

close:
add autoenable {10.5.x.x} 1


> add method 10.5.x.x.* ssh

Do you still have some telnet only devices?  I prefer everything does
ssh except for these few devices - eg:

add method    (10.5.x.y} {telnet}
add method    (10.5.x.z} {telnet}
add method    *   {ssh}

> add user 10.5.x.x  rancidadmin
> add password rancidpass

fixing the autoenable syntax might be all you need, but having the
enablePassword won't hurt
add password {rancidpass}  {rancidpass}

Regards,
Lee


>
> Can anyone help?
>
> Thank you
>
> Peter J. DeFinis

From bgmilne at staff.telkomsa.net  Tue Oct 14 08:04:24 2014
From: bgmilne at staff.telkomsa.net (Buchan Milne)
Date: Tue, 14 Oct 2014 10:04:24 +0200
Subject: [rancid] xrrancid vs. IOS-XR on Cisco ASR9000 (ASR9K)
In-Reply-To: <1412841675.12945.10.camel@seaknight.telkomsa.net>
References: <1412841675.12945.10.camel@seaknight.telkomsa.net>
Message-ID: <1413273864.22368.6.camel@seaknight.telkomsa.net>

On Thu, 2014-10-09 at 10:01 +0200, Buchan Milne wrote:
> We have been using rancid successfully with IOS- and IOS-XE-based
> devices for some time, and we haven't had any real problems.
> 
> However, we have replaced some of these devices with Cisco ASR9000s, and
> have had trouble with rancid on these. At present we are running IOS-XR
> 4.3.1 on most, but we have a few running 5.1.2.
> 
> The problem seems to be that xrrancid doesn't realise it has retrieved
> all the results of the commands, and thus times out waiting for more
> data.
> 
> If I manually run xrrancid, this still happens:
> 
> $ time xrrancid -d $device
> executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt
> no-timestamp;admin show version;admin show install summary;admin show
> license;admin show variables boot;show redundancy secondary;show install
> active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all
> compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all
> disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all
> disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
> harddiska:;dir /all harddiskb:;dir /all slavenvram:;dir /all
> slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all
> slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all
> slavedisk2:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all
> sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
> sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
> controllers;admin show running;admin show diag;admin show inventory
> raw;show vlan;show debug;show rpl maximum;show running-config" $device
> 
> ...
> 
> $device: missed cmd(s): show running-config,dir /all slot0:,admin show
> env all,show debug,show vlan,show rpl maximum
> $device: missed cmd(s): show running-config,dir /all slot0:,admin show
> env all,show debug,show vlan,show rpl maximum
> $device: End of run not found
> $device: End of run not found
> !
> 
> real    3m46.481s
> user    0m0.900s
> sys     0m0.120s
> 
> 
> Naturally, if I use clogin and run the commands manually, they complete.

The problem seems to stem from the following configuration we had on our
IOS-XR boxes:

line default
 cli whitespace completion

(which completes commands when you hit space, rather than requiring tab)


This seems to be confusing xrrancid, as I was getting lines like this
from the debug output:

HIT COMMAND:RP/0/RSP0/CPU0:ROUTERNAME#terminalRP/0/RSP0/CPU0:ROUTERNAME#terminal execRP/0/RSP0/CPU0:ROUTERNAME#terminal exec promptRP/0/RSP0/CPU0:ROUTERNAME#terminal exec prompt no-timestamp


Having compared the output to a router running IOS, I saw that the prompt wasn't repeating.

After disabling 'cli whitespace completion', the debug logs look like this:

HIT COMMAND:RP/0/RSP0/CPU0:NBSC-TI-PR-OMICRON-00#terminal exec prompt no-timestamp
    In FilterAll: RP/0/RSP0/CPU0:NBSC-TI-PR-OMICRON-00#terminal exec prompt no-timestamp


And now the run completes with all commands and output in 22s.

Unfortunately, it seems Cisco professional services likes to enable this feature by default. It would be nice if xrrancid could be improved to work with this feature enabled.

Regards,
Buchan


From bgmilne at staff.telkomsa.net  Tue Oct 14 15:04:59 2014
From: bgmilne at staff.telkomsa.net (Buchan Milne)
Date: Tue, 14 Oct 2014 17:04:59 +0200
Subject: [rancid] xrrancid vs. IOS-XR on Cisco ASR9000 (ASR9K)
In-Reply-To: <1413273864.22368.6.camel@seaknight.telkomsa.net>
References: <1412841675.12945.10.camel@seaknight.telkomsa.net>
 <1413273864.22368.6.camel@seaknight.telkomsa.net>
Message-ID: <1413299099.22368.10.camel@seaknight.telkomsa.net>

On Tue, 2014-10-14 at 10:04 +0200, Buchan Milne wrote:
> On Thu, 2014-10-09 at 10:01 +0200, Buchan Milne wrote:
> > We have been using rancid successfully with IOS- and IOS-XE-based
> > devices for some time, and we haven't had any real problems.
> > 
> > However, we have replaced some of these devices with Cisco ASR9000s, and
> > have had trouble with rancid on these. At present we are running IOS-XR
> > 4.3.1 on most, but we have a few running 5.1.2.
> > 
> > The problem seems to be that xrrancid doesn't realise it has retrieved
> > all the results of the commands, and thus times out waiting for more
> > data.
> > 
> > If I manually run xrrancid, this still happens:
> > 
> > $ time xrrancid -d $device
> > executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt
> > no-timestamp;admin show version;admin show install summary;admin show
> > license;admin show variables boot;show redundancy secondary;show install
> > active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all
> > compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all
> > disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all
> > disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
> > harddiska:;dir /all harddiskb:;dir /all slavenvram:;dir /all
> > slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all
> > slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all
> > slavedisk2:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all
> > sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
> > sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
> > controllers;admin show running;admin show diag;admin show inventory
> > raw;show vlan;show debug;show rpl maximum;show running-config" $device
> > 
> > ...
> > 
> > $device: missed cmd(s): show running-config,dir /all slot0:,admin show
> > env all,show debug,show vlan,show rpl maximum
> > $device: missed cmd(s): show running-config,dir /all slot0:,admin show
> > env all,show debug,show vlan,show rpl maximum
> > $device: End of run not found
> > $device: End of run not found
> > !
> > 
> > real    3m46.481s
> > user    0m0.900s
> > sys     0m0.120s
> > 
> > 
> > Naturally, if I use clogin and run the commands manually, they complete.
> 
> The problem seems to stem from the following configuration we had on our
> IOS-XR boxes:
> 
> line default
>  cli whitespace completion
> 
> (which completes commands when you hit space, rather than requiring tab)
> 
> 
> This seems to be confusing xrrancid, as I was getting lines like this
> from the debug output:
> 
> HIT COMMAND:RP/0/RSP0/CPU0:ROUTERNAME#terminalRP/0/RSP0/CPU0:ROUTERNAME#terminal execRP/0/RSP0/CPU0:ROUTERNAME#terminal exec promptRP/0/RSP0/CPU0:ROUTERNAME#terminal exec prompt no-timestamp
> 
> 
> Having compared the output to a router running IOS, I saw that the prompt wasn't repeating.
> 
> After disabling 'cli whitespace completion', the debug logs look like this:
> 
> HIT COMMAND:RP/0/RSP0/CPU0:NBSC-TI-PR-OMICRON-00#terminal exec prompt no-timestamp
>     In FilterAll: RP/0/RSP0/CPU0:NBSC-TI-PR-OMICRON-00#terminal exec prompt no-timestamp
> 
> 
> And now the run completes with all commands and output in 22s.
> 


Last remaining problem is that the file harddisk:ce_switch.log seems to
change very regularly, with contents such as:

Oct 14 14:31:15.340::ce_switch_set_port_led() line:2675 set port:1 to LED state:3


I have made the following change to get rid of it:

@@ -581,8 +581,8 @@
        return(-1) if (/command authorization failed/i);
        return(1) if (/(Open device \S+ failed|Error opening \S+:)/);
        # filter frequently changing files from IOX bootflash / hardiska
-       if ($dev =~ /(bootflash|harddiska)/) {
-           if (/(temp_cont|uptime_cont|volt_cont)\s*$/) {
+       if ($dev =~ /(bootflash|harddiska|harddisk)/) {
+           if (/(temp_cont|uptime_cont|volt_cont|ce_switch.log)\s*$/) {
                if (/(\s*\d+\s+\S+\s+)(\d+)(\s+)(\w+ \w+\s+\d+ \d+:\d+:\d+ \d+)/) {
                    my($a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $');
                    my($szl, $dtl) = (length($sz), length($dt));
@@ -1342,6 +1342,7 @@


Regards,
Buchan


From heas at shrubbery.net  Tue Oct 14 15:05:56 2014
From: heas at shrubbery.net (heasley)
Date: Tue, 14 Oct 2014 15:05:56 +0000
Subject: [rancid] xrrancid vs. IOS-XR on Cisco ASR9000 (ASR9K)
In-Reply-To: <1413273864.22368.6.camel@seaknight.telkomsa.net>
References: <1412841675.12945.10.camel@seaknight.telkomsa.net>
 <1413273864.22368.6.camel@seaknight.telkomsa.net>
Message-ID: <20141014150556.GB39018@shrubbery.net>

Tue, Oct 14, 2014 at 10:04:24AM +0200, Buchan Milne:
> The problem seems to stem from the following configuration we had on our
> IOS-XR boxes:
> 
> line default
>  cli whitespace completion
> 
> (which completes commands when you hit space, rather than requiring tab)
> 
> 
> This seems to be confusing xrrancid, as I was getting lines like this
> from the debug output:
> 
> HIT COMMAND:RP/0/RSP0/CPU0:ROUTERNAME#terminalRP/0/RSP0/CPU0:ROUTERNAME#terminal execRP/0/RSP0/CPU0:ROUTERNAME#terminal exec promptRP/0/RSP0/CPU0:ROUTERNAME#terminal exec prompt no-timestamp
> 
> 
> Having compared the output to a router running IOS, I saw that the prompt wasn't repeating.
> 
> After disabling 'cli whitespace completion', the debug logs look like this:
> 
> HIT COMMAND:RP/0/RSP0/CPU0:NBSC-TI-PR-OMICRON-00#terminal exec prompt no-timestamp
>     In FilterAll: RP/0/RSP0/CPU0:NBSC-TI-PR-OMICRON-00#terminal exec prompt no-timestamp
> 
> 
> And now the run completes with all commands and output in 22s.
> 
> Unfortunately, it seems Cisco professional services likes to enable this feature by default. It would be nice if xrrancid could be improved to work with this feature enabled.

given that the entire command is there, with no completion required,
it should not have output/printed anything.  This would be difficult to
filter.  if they love it so much, perhaps they will open a DDTS to have
it fixed?  or, you, as the customer, can forbid them from enabling it.


From buoy at clear.net.nz  Tue Oct 14 23:33:37 2014
From: buoy at clear.net.nz (Jos)
Date: Wed, 15 Oct 2014 12:33:37 +1300
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
Message-ID: <D0641A21.24664%buoy@clear.net.nz>

Hi

Am new to this list and hoping someone can help me with a problem please
that I can?t figure out yet or find an earlier posting and solution for.
We are running the latest rancid version 3.1 on a centos vm and collecting
a bunch of cisco configs, all is good except for our iosxr ASR9K?s and
numbered ACL?s. 
Rancid seems to strip out part of the lines as below:

Real config:
ipv4 access-list no-rfc1918

 10 remark Deny traffic to RFC 1918
20 deny ipv4 10.0.0.0/8 any
 30 deny ipv4 any 10.0.0.0/8
 40 deny ipv4 172.16.0.0/12 any
 50 deny ipv4 any 172.16.0.0/12
 60 deny ipv4 192.168.0.0/16 any
 70 deny ipv4 any 192.168.0.0/16
 80 permit ipv4 any any


Rancid collected config:
ipv4 access-list no-rfc1918
 remark Deny traffic to RFC 1918
 deny ipv4 10.0.0.0/8 any
 deny ipv4 any 10
 deny ipv4 172.16.0.0/12 any
 deny ipv4 any 172
 deny ipv4 192.168.0.0/16 any
 deny ipv4 any 192
 permit ipv4 any any


A minor problem where the ACL is obvious as above, but this is the
exception.
Can someone suggest a good fix or workaround for this please (preferably
without changing the ASR9K config), I trust it affects others with this
sort of config?
I can see earlier posts mention xrrancid but can?t find that in our 3.1
install.

Regards,
Jos 




From alan.mckinnon at gmail.com  Wed Oct 15 05:22:23 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Wed, 15 Oct 2014 07:22:23 +0200
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <D0641A21.24664%buoy@clear.net.nz>
References: <D0641A21.24664%buoy@clear.net.nz>
Message-ID: <543E048F.6030502@gmail.com>

On 15/10/2014 01:33, Jos wrote:
> Hi
> 
> Am new to this list and hoping someone can help me with a problem please
> that I can?t figure out yet or find an earlier posting and solution for.
> We are running the latest rancid version 3.1 on a centos vm and collecting
> a bunch of cisco configs, all is good except for our iosxr ASR9K?s and
> numbered ACL?s. 
> Rancid seems to strip out part of the lines as below:
> 
> Real config:
> ipv4 access-list no-rfc1918
> 
>  10 remark Deny traffic to RFC 1918
> 20 deny ipv4 10.0.0.0/8 any
>  30 deny ipv4 any 10.0.0.0/8
>  40 deny ipv4 172.16.0.0/12 any
>  50 deny ipv4 any 172.16.0.0/12
>  60 deny ipv4 192.168.0.0/16 any
>  70 deny ipv4 any 192.168.0.0/16
>  80 permit ipv4 any any
> 
> 
> Rancid collected config:
> ipv4 access-list no-rfc1918
>  remark Deny traffic to RFC 1918
>  deny ipv4 10.0.0.0/8 any
>  deny ipv4 any 10
>  deny ipv4 172.16.0.0/12 any
>  deny ipv4 any 172
>  deny ipv4 192.168.0.0/16 any
>  deny ipv4 any 192
>  permit ipv4 any any
> 
> 
> A minor problem where the ACL is obvious as above, but this is the
> exception.
> Can someone suggest a good fix or workaround for this please (preferably
> without changing the ASR9K config), I trust it affects others with this
> sort of config?
> I can see earlier posts mention xrrancid but can?t find that in our 3.1
> install.

This appears to be rancid's acl renumbering, which is the designed
behaviour for good reasons.

Access list numbers are problematic as they are subject to being
renumbered when the device reloads the list. However, all that changes
is the interval between numbers, the logic of what the li8st achieves
stays the same. This causes unnecessary noise in the diffs as there
isn't an actual change, just a change of a bunch of redundant leading
numbers.

Rancid's solution is to strip out the numbers, gather contiguous series
of allows or denies and reorder those based on IP addresses. This works
because if you have 5 denys in a row affecting different ranges, it does
not matter what order they are applied in. Thus the router can renumber
ACLs all it likes and the rancid diff does not change, reducing noise.


I don't know about 3.2 but the 2.3 series had a knob to disable this. If
memory serves it was called ACL_SORT and is documented in the config
file. The topic has also been discussed at length here on the list
before, you can find the threads in the on-line archives, there's more
info there than I can give in one shortish reply.




-- 
Alan McKinnon
alan.mckinnon at gmail.com


From heas at shrubbery.net  Wed Oct 15 05:27:02 2014
From: heas at shrubbery.net (heasley)
Date: Wed, 15 Oct 2014 05:27:02 +0000
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <543E048F.6030502@gmail.com>
References: <D0641A21.24664%buoy@clear.net.nz>
 <543E048F.6030502@gmail.com>
Message-ID: <20141015052702.GB61521@shrubbery.net>

Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
> > Rancid collected config:
> > ipv4 access-list no-rfc1918
> >  remark Deny traffic to RFC 1918
> >  deny ipv4 10.0.0.0/8 any
> >  deny ipv4 any 10
> >  deny ipv4 172.16.0.0/12 any
> >  deny ipv4 any 172
> >  deny ipv4 192.168.0.0/16 any
> >  deny ipv4 any 192
> >  permit ipv4 any any
> > 
> > 
> > A minor problem where the ACL is obvious as above, but this is the
> > exception.
> > Can someone suggest a good fix or workaround for this please (preferably
> > without changing the ASR9K config), I trust it affects others with this
> > sort of config?
> > I can see earlier posts mention xrrancid but can?t find that in our 3.1
> > install.
> 
> This appears to be rancid's acl renumbering, which is the designed
> behaviour for good reasons.

I dont think so; yes its removing the line numbers, but its botching every
other line.

From alan.mckinnon at gmail.com  Wed Oct 15 05:28:52 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Wed, 15 Oct 2014 07:28:52 +0200
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <20141015052702.GB61521@shrubbery.net>
References: <D0641A21.24664%buoy@clear.net.nz> <543E048F.6030502@gmail.com>
 <20141015052702.GB61521@shrubbery.net>
Message-ID: <543E0614.5060001@gmail.com>

On 15/10/2014 07:27, heasley wrote:
> Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>>> Rancid collected config:
>>> ipv4 access-list no-rfc1918
>>>  remark Deny traffic to RFC 1918
>>>  deny ipv4 10.0.0.0/8 any
>>>  deny ipv4 any 10
>>>  deny ipv4 172.16.0.0/12 any
>>>  deny ipv4 any 172
>>>  deny ipv4 192.168.0.0/16 any
>>>  deny ipv4 any 192
>>>  permit ipv4 any any
>>>
>>>
>>> A minor problem where the ACL is obvious as above, but this is the
>>> exception.
>>> Can someone suggest a good fix or workaround for this please (preferably
>>> without changing the ASR9K config), I trust it affects others with this
>>> sort of config?
>>> I can see earlier posts mention xrrancid but can?t find that in our 3.1
>>> install.
>>
>> This appears to be rancid's acl renumbering, which is the designed
>> behaviour for good reasons.
> 
> I dont think so; yes its removing the line numbers, but its botching every
> other line.
> 


Is "deny ipv4 any 192" a valid Cisco config?

-- 
Alan McKinnon
alan.mckinnon at gmail.com


From howie at thingy.com  Wed Oct 15 10:22:05 2014
From: howie at thingy.com (Howard Jones)
Date: Wed, 15 Oct 2014 11:22:05 +0100
Subject: [rancid] wraprancid for rancid 3.x?
Message-ID: <543E4ACD.2020403@thingy.com>

Before I dig in, has anyone else already updated Jethro Binks' 
wraprancid script to deal with RANCID 3.x? Since rancid-fe is driven by 
rancid-types.conf now, I am assuming it will need some love.

I'm trying to merge two different department's internal RANCID servers, 
one fairly standard 3.x and one 2.x with some wrapper scripts for 
strange devices.

Thanks for any pointers,

Howie

From krok at krok.za.net  Wed Oct 15 15:24:32 2014
From: krok at krok.za.net (Shaun Krok)
Date: Wed, 15 Oct 2014 18:24:32 +0300
Subject: [rancid] change email diff subject line : $Group/$Device router
	config diffs
In-Reply-To: <b0048098a46f1d0d57ce9c87b3133712@krok.za.net>
References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>
 <CAM7FjJe5Or1ZuC0xD-XxcMrH38sXra_gUnBfZZrE2C--H+gqsA@mail.gmail.com>
 <b0048098a46f1d0d57ce9c87b3133712@krok.za.net>
Message-ID: <2193ee8c11c2504cfdb9f6b077a2b2c8@krok.za.net>

Hi

I know this probably has been queried  and resolved before but I am 
struggling to make rancid
include $Group/$Device in the subject line.

I know this works when using -r command line option but this works only 
for a single host (from router.db)

any help with this would be much appreciated !

running version 3.1

Shaun



From heas at shrubbery.net  Wed Oct 15 16:02:09 2014
From: heas at shrubbery.net (heasley)
Date: Wed, 15 Oct 2014 16:02:09 +0000
Subject: [rancid] wraprancid for rancid 3.x?
In-Reply-To: <543E4ACD.2020403@thingy.com>
References: <543E4ACD.2020403@thingy.com>
Message-ID: <20141015160209.GC78337@shrubbery.net>

Wed, Oct 15, 2014 at 11:22:05AM +0100, Howard Jones:
> Before I dig in, has anyone else already updated Jethro Binks' 
> wraprancid script to deal with RANCID 3.x? Since rancid-fe is driven by 
> rancid-types.conf now, I am assuming it will need some love.

I am not familiar with that script, but in general, it is not necessary to
update scripts - though I hope that they will eventually be - they just
need an appropriate entry in rancid.types.{base,conf}.  See the arista
entry.  For 3.2, it will benefit from having login defined for the device
type too.

arista;script;arrancid
arista;login;clogin


From heas at shrubbery.net  Wed Oct 15 16:43:47 2014
From: heas at shrubbery.net (heasley)
Date: Wed, 15 Oct 2014 16:43:47 +0000
Subject: [rancid] change email diff subject line : $Group/$Device router
 config diffs
In-Reply-To: <2193ee8c11c2504cfdb9f6b077a2b2c8@krok.za.net>
References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>
 <CAM7FjJe5Or1ZuC0xD-XxcMrH38sXra_gUnBfZZrE2C--H+gqsA@mail.gmail.com>
 <b0048098a46f1d0d57ce9c87b3133712@krok.za.net>
 <2193ee8c11c2504cfdb9f6b077a2b2c8@krok.za.net>
Message-ID: <20141015164347.GF78337@shrubbery.net>

Wed, Oct 15, 2014 at 06:24:32PM +0300, Shaun Krok:
> Hi
> 
> I know this probably has been queried  and resolved before but I am 
> struggling to make rancid
> include $Group/$Device in the subject line.
> 
> I know this works when using -r command line option but this works only 
> for a single host (from router.db)

it does not do that; how would that work for multiple hosts, say 100 devices
in a group?

> any help with this would be much appreciated !
> 
> running version 3.1
> 
> Shaun
> 
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

From Shaun.Krok at 888holdings.com  Wed Oct 15 17:09:50 2014
From: Shaun.Krok at 888holdings.com (Shaun Krok)
Date: Wed, 15 Oct 2014 17:09:50 +0000
Subject: [rancid] change email diff subject line : $Group/$Device router
 config diffs
In-Reply-To: <20141015164347.GF78337@shrubbery.net>
References: <4af36d957d1a558df4aae345ea3b1b6a@krok.za.net>
 <CAM7FjJe5Or1ZuC0xD-XxcMrH38sXra_gUnBfZZrE2C--H+gqsA@mail.gmail.com>
 <b0048098a46f1d0d57ce9c87b3133712@krok.za.net>
 <2193ee8c11c2504cfdb9f6b077a2b2c8@krok.za.net>
 <20141015164347.GF78337@shrubbery.net>
Message-ID: <57FD84723C05BB4FA3BB5F66AC609F64068647E7@XCH-IL-MB2.888holdings.corp>

Thanks but when I run : rancid-run -r 'hostname' & it works..
Looking for the same but when running the same script but without the -r option

Is this not done with control_rancid ?




-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley
Sent: Wednesday, October 15, 2014 7:44 PM
To: krok at krok.za.net
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] change email diff subject line : $Group/$Device router config diffs

Wed, Oct 15, 2014 at 06:24:32PM +0300, Shaun Krok:
> Hi
>
> I know this probably has been queried  and resolved before but I am
> struggling to make rancid include $Group/$Device in the subject line.
>
> I know this works when using -r command line option but this works
> only for a single host (from router.db)

it does not do that; how would that work for multiple hosts, say 100 devices in a group?

> any help with this would be much appreciated !
>
> running version 3.1
>
> Shaun
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the ?888 Group?) and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you

From buoy at clear.net.nz  Wed Oct 15 07:59:08 2014
From: buoy at clear.net.nz (Jos)
Date: Wed, 15 Oct 2014 20:59:08 +1300
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <20141015052702.GB61521@shrubbery.net>
References: <D0641A21.24664%buoy@clear.net.nz> <543E048F.6030502@gmail.com>
 <20141015052702.GB61521@shrubbery.net>
Message-ID: <D06488B1.246C8%buoy@clear.net.nz>

Hi Guys

Thanks to you both for the replies. I should have mentioned I?ve tried the
ACL-SORT option being disabled/enabled in config without seeing any
success, I had this line in rancid.conf:

# if ACLSORT is NO, access-lists will NOT be sorted.
ACLSORT=NO; export ACLSORT
#

I have tried removing ?export ACLSORT? with no luck either.


I have 4 or 5 ASR9K?s running 4.3.x and all do the same thing. Perhaps a
better example is this one:

Rancid backs up this:
ipv4 access-list name
 permit ipv4 any 166
 remark the below subnet is currently not in use
 permit ipv4 any 166

What we have configured is:
ipv4 access-list name
 10 permit ipv4 any 166.1xx.xx.xx/28
 20 remark the below subnet is currently not in use
 30 permit ipv4 any 166.1xx.xx.xxx/28


 - so the rancid backup leaves a bit to be desired here I think.

I have:
expect version 5.44.1.15
This is on centos 6.5, I had the packaged version of rancid installed, an
old 2.3.8 or something but then grabbed 3.1 and compiled it and have
removed the package.


Thanks for all your help with this, I can share more config if you let me
know what exactly.

Cheers, Jos


On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:

>Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>> > Rancid collected config:
>> > ipv4 access-list no-rfc1918
>> >  remark Deny traffic to RFC 1918
>> >  deny ipv4 10.0.0.0/8 any
>> >  deny ipv4 any 10
>> >  deny ipv4 172.16.0.0/12 any
>> >  deny ipv4 any 172
>> >  deny ipv4 192.168.0.0/16 any
>> >  deny ipv4 any 192
>> >  permit ipv4 any any
>> > 
>> > 
>> > A minor problem where the ACL is obvious as above, but this is the
>> > exception.
>> > Can someone suggest a good fix or workaround for this please
>>(preferably
>> > without changing the ASR9K config), I trust it affects others with
>>this
>> > sort of config?
>> > I can see earlier posts mention xrrancid but can?t find that in our
>>3.1
>> > install.
>> 
>> This appears to be rancid's acl renumbering, which is the designed
>> behaviour for good reasons.
>
>I dont think so; yes its removing the line numbers, but its botching every
>other line.
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss



From alan.mckinnon at gmail.com  Wed Oct 15 21:14:09 2014
From: alan.mckinnon at gmail.com (Alan McKinnon)
Date: Wed, 15 Oct 2014 23:14:09 +0200
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <D06488B1.246C8%buoy@clear.net.nz>
References: <D0641A21.24664%buoy@clear.net.nz> <543E048F.6030502@gmail.com>
 <20141015052702.GB61521@shrubbery.net> <D06488B1.246C8%buoy@clear.net.nz>
Message-ID: <543EE3A1.5090703@gmail.com>

On 15/10/2014 09:59, Jos wrote:
> Hi Guys
> 
> Thanks to you both for the replies. I should have mentioned I?ve tried the
> ACL-SORT option being disabled/enabled in config without seeing any
> success, I had this line in rancid.conf:
> 
> # if ACLSORT is NO, access-lists will NOT be sorted.
> ACLSORT=NO; export ACLSORT
> #
> 
> I have tried removing ?export ACLSORT? with no luck either.
> 
> 
> I have 4 or 5 ASR9K?s running 4.3.x and all do the same thing. Perhaps a
> better example is this one:
> 
> Rancid backs up this:
> ipv4 access-list name
>  permit ipv4 any 166
>  remark the below subnet is currently not in use
>  permit ipv4 any 166
> 
> What we have configured is:
> ipv4 access-list name
>  10 permit ipv4 any 166.1xx.xx.xx/28
>  20 remark the below subnet is currently not in use
>  30 permit ipv4 any 166.1xx.xx.xxx/28
> 
> 
>  - so the rancid backup leaves a bit to be desired here I think.


The truncated address is due to this code in WriteTerm():

if (/^ipv(4|6) access-list (\S+)\s*$/) {
    ...
    while (<INPUT>) {
       ...
       ($seq, $cmd, $misc, $ip) = ($_ =~ /^\s+(\d+) (\w+) (.*\s)(\w+)/);
                if ($cmd =~ /(permit|deny)/) {
                    ProcessHistory("ACL $nlri $key $cmd",
"$aclsort","$ip", " $cmd $misc$ip\n");
                ...
    }
}


That final (\w+) stops at the first dot.

I'm no Cisco guru and don't know all the permutations of how XR lists
access-lists, but I imagine the address must be everything after
"ipv(4|6) any ", so the regex should probably become:


($_ =~ /^\s+(\d+) (\w+) (.*\s)(.*)/)


This is for 2.3.8 (I don't have a 3.x install to hand to check)

> 
> I have:
> expect version 5.44.1.15
> This is on centos 6.5, I had the packaged version of rancid installed, an
> old 2.3.8 or something but then grabbed 3.1 and compiled it and have
> removed the package.
> 
> 
> Thanks for all your help with this, I can share more config if you let me
> know what exactly.
> 
> Cheers, Jos
> 
> 
> On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:
> 
>> Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>>>> Rancid collected config:
>>>> ipv4 access-list no-rfc1918
>>>>  remark Deny traffic to RFC 1918
>>>>  deny ipv4 10.0.0.0/8 any
>>>>  deny ipv4 any 10
>>>>  deny ipv4 172.16.0.0/12 any
>>>>  deny ipv4 any 172
>>>>  deny ipv4 192.168.0.0/16 any
>>>>  deny ipv4 any 192
>>>>  permit ipv4 any any
>>>>
>>>>
>>>> A minor problem where the ACL is obvious as above, but this is the
>>>> exception.
>>>> Can someone suggest a good fix or workaround for this please
>>> (preferably
>>>> without changing the ASR9K config), I trust it affects others with
>>> this
>>>> sort of config?
>>>> I can see earlier posts mention xrrancid but can?t find that in our
>>> 3.1
>>>> install.
>>>
>>> This appears to be rancid's acl renumbering, which is the designed
>>> behaviour for good reasons.
>>
>> I dont think so; yes its removing the line numbers, but its botching every
>> other line.
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> 


-- 
Alan McKinnon
alan.mckinnon at gmail.com


From peterjackson1610 at gmail.com  Wed Oct 15 20:52:40 2014
From: peterjackson1610 at gmail.com (Peter Jackson)
Date: Wed, 15 Oct 2014 16:52:40 -0400
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <D06488B1.246C8%buoy@clear.net.nz>
References: <D0641A21.24664%buoy@clear.net.nz> <543E048F.6030502@gmail.com>
 <20141015052702.GB61521@shrubbery.net> <D06488B1.246C8%buoy@clear.net.nz>
Message-ID: <C15976FC-4EA6-44AA-929D-97BF45ECC5DC@gmail.com>

I looked over the script last night and I think the tail end of the lines are being dropped because the regex needs to be tweaked.  \w in Perl regex doesn't match a period, does it?  If not, then the regex matches only up to the first period in the IP address and that is why the rest of the line is dropped.

I will look again when I get a chance.



> On Oct 15, 2014, at 3:59 AM, Jos <buoy at clear.net.nz> wrote:
> 
> Hi Guys
> 
> Thanks to you both for the replies. I should have mentioned I?ve tried the
> ACL-SORT option being disabled/enabled in config without seeing any
> success, I had this line in rancid.conf:
> 
> # if ACLSORT is NO, access-lists will NOT be sorted.
> ACLSORT=NO; export ACLSORT
> #
> 
> I have tried removing ?export ACLSORT? with no luck either.
> 
> 
> I have 4 or 5 ASR9K?s running 4.3.x and all do the same thing. Perhaps a
> better example is this one:
> 
> Rancid backs up this:
> ipv4 access-list name
> permit ipv4 any 166
> remark the below subnet is currently not in use
> permit ipv4 any 166
> 
> What we have configured is:
> ipv4 access-list name
> 10 permit ipv4 any 166.1xx.xx.xx/28
> 20 remark the below subnet is currently not in use
> 30 permit ipv4 any 166.1xx.xx.xxx/28
> 
> 
> - so the rancid backup leaves a bit to be desired here I think.
> 
> I have:
> expect version 5.44.1.15
> This is on centos 6.5, I had the packaged version of rancid installed, an
> old 2.3.8 or something but then grabbed 3.1 and compiled it and have
> removed the package.
> 
> 
> Thanks for all your help with this, I can share more config if you let me
> know what exactly.
> 
> Cheers, Jos
> 
> 
>> On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:
>> 
>> Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>>>> Rancid collected config:
>>>> ipv4 access-list no-rfc1918
>>>> remark Deny traffic to RFC 1918
>>>> deny ipv4 10.0.0.0/8 any
>>>> deny ipv4 any 10
>>>> deny ipv4 172.16.0.0/12 any
>>>> deny ipv4 any 172
>>>> deny ipv4 192.168.0.0/16 any
>>>> deny ipv4 any 192
>>>> permit ipv4 any any
>>>> 
>>>> 
>>>> A minor problem where the ACL is obvious as above, but this is the
>>>> exception.
>>>> Can someone suggest a good fix or workaround for this please
>>> (preferably
>>>> without changing the ASR9K config), I trust it affects others with
>>> this
>>>> sort of config?
>>>> I can see earlier posts mention xrrancid but can?t find that in our
>>> 3.1
>>>> install.
>>> 
>>> This appears to be rancid's acl renumbering, which is the designed
>>> behaviour for good reasons.
>> 
>> I dont think so; yes its removing the line numbers, but its botching every
>> other line.
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

From anson.maddock at gmx.com  Thu Oct 16 01:19:57 2014
From: anson.maddock at gmx.com (Anson Maddock)
Date: Thu, 16 Oct 2014 03:19:57 +0200
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
Message-ID: <trinity-a7b8c0cd-c36b-418c-a99f-2d8c6bc4f9c1-1413422397121@3capp-mailcom-lxa13>

An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141016/1593a303/attachment.html>

From buoy at clear.net.nz  Thu Oct 16 01:37:56 2014
From: buoy at clear.net.nz (Jos)
Date: Thu, 16 Oct 2014 14:37:56 +1300
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <trinity-a7b8c0cd-c36b-418c-a99f-2d8c6bc4f9c1-1413422397121@3capp-mailcom-lxa13>
References: <trinity-a7b8c0cd-c36b-418c-a99f-2d8c6bc4f9c1-1413422397121@3capp-mailcom-lxa13>
Message-ID: <D0658872.24924%buoy@clear.net.nz>

Hi

Thanks for this, perhaps it?s as stupid as this, in my 3.1 install I don?t
have a xrrancid file, does it ship as part of the standalone 3.1 zipped
download?

Cheers, Jos

On 16/10/14 14:19, "Anson Maddock" <anson.maddock at gmx.com> wrote:

>I'm utilizing Rancid 3.1 on Debian currently, I also have the
>repositories and CVS from when we were running 2.3.8. We do not have
>ACLSORT enabled and we are not seeing the problems you are describing.
>Our ASR9Ks are running 4.3.2 code. We are not not showing any truncation
>in the configs/CVS from our 2.3.8 database.
>Here is the sort from our xrrancid 3.1 distribution file. Can you confirm
>that the xrrancid file is a 3.1 version?
>
># This is a sort routine that will sort on the
># ip address when the ip address is anywhere in
># the strings.
>sub ipsort {
>local(%lines) = @_;
>local($i) = 0;
>local(@sorted_lines);
>foreach $addr (sort sortbyipaddr keys %lines) {
>$sorted_lines[$i] = $lines{$addr};
>$i++;
>}
>@sorted_lines;
>}
>
># These two routines will sort based upon IP addresses
>sub ipaddrval {
>my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#);
>$a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0]));
>}
>sub sortbyipaddr {
>&ipaddrval($a) <=> &ipaddrval($b);
>}
>
>-----Original Message-----
>On Wed, 15 Oct 2014 23:14:09 +0200
>Alan McKinnon <alan.mckinnon at gmail.com> wrote:
>
>On 15/10/2014 09:59, Jos wrote:
>> Hi Guys
>>
>> Thanks to you both for the replies. I should have mentioned I?ve tried
>>the
>> ACL-SORT option being disabled/enabled in config without seeing any
>> success, I had this line in rancid.conf:
>>
>> # if ACLSORT is NO, access-lists will NOT be sorted.
>> ACLSORT=NO; export ACLSORT
>> #
>>
>> I have tried removing ?export ACLSORT? with no luck either.
>>
>>
>> I have 4 or 5 ASR9K?s running 4.3.x and all do the same thing. Perhaps a
>> better example is this one:
>>
>> Rancid backs up this:
>> ipv4 access-list name
>> permit ipv4 any 166
>> remark the below subnet is currently not in use
>> permit ipv4 any 166
>>
>> What we have configured is:
>> ipv4 access-list name
>> 10 permit ipv4 any 166.1xx.xx.xx/28
>> 20 remark the below subnet is currently not in use
>> 30 permit ipv4 any 166.1xx.xx.xxx/28
>>
>>
>> - so the rancid backup leaves a bit to be desired here I think.
>
>
>The truncated address is due to this code in WriteTerm():
>
>if (/^ipv(4|6) access-list (\S+)\s*$/) {
>...
>while (<INPUT>) {
>...
>($seq, $cmd, $misc, $ip) = ($_ =~ /^\s+(\d+) (\w+) (.*\s)(\w+)/);
>if ($cmd =~ /(permit|deny)/) {
>ProcessHistory("ACL $nlri $key $cmd",
>"$aclsort","$ip", " $cmd $misc$ip\n");
>...
>}
>}
>
>
>That final (\w+) stops at the first dot.
>
>I'm no Cisco guru and don't know all the permutations of how XR lists
>access-lists, but I imagine the address must be everything after
>"ipv(4|6) any ", so the regex should probably become:
>
>
>($_ =~ /^\s+(\d+) (\w+) (.*\s)(.*)/)
>
>
>This is for 2.3.8 (I don't have a 3.x install to hand to check)
>
>>
>> I have:
>> expect version 5.44.1.15
>> This is on centos 6.5, I had the packaged version of rancid installed,
>>an
>> old 2.3.8 or something but then grabbed 3.1 and compiled it and have
>> removed the package.
>>
>>
>> Thanks for all your help with this, I can share more config if you let
>>me
>> know what exactly.
>>
>> Cheers, Jos
>>
>>
>> On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:
>>
>>> Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>>>>> Rancid collected config:
>>>>> ipv4 access-list no-rfc1918
>>>>> remark Deny traffic to RFC 1918
>>>>> deny ipv4 10.0.0.0/8 any
>>>>> deny ipv4 any 10
>>>>> deny ipv4 172.16.0.0/12 any
>>>>> deny ipv4 any 172
>>>>> deny ipv4 192.168.0.0/16 any
>>>>> deny ipv4 any 192
>>>>> permit ipv4 any any
>>>>>
>>>>>
>>>>> A minor problem where the ACL is obvious as above, but this is the
>>>>> exception.
>>>>> Can someone suggest a good fix or workaround for this please
>>>> (preferably
>>>>> without changing the ASR9K config), I trust it affects others with
>>>> this
>>>>> sort of config?
>>>>> I can see earlier posts mention xrrancid but can?t find that in our
>>>> 3.1
>>>>> install.
>>>>
>>>> This appears to be rancid's acl renumbering, which is the designed
>>>> behaviour for good reasons.
>>>
>>> I dont think so; yes its removing the line numbers, but its botching
>>>every
>>> other line.
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>
>>
>
>
>--
>Alan McKinnon
>alan.mckinnon at gmail.com
>
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss



From anson.maddock at gmx.com  Thu Oct 16 01:59:42 2014
From: anson.maddock at gmx.com (Anson Maddock)
Date: Thu, 16 Oct 2014 03:59:42 +0200
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
Message-ID: <trinity-5ed12061-09a6-4521-80fc-bf992a5fbd2b-1413424782008@3capp-mailcom-lxa15>

An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141016/30a16a8d/attachment.html>

From buoy at clear.net.nz  Thu Oct 16 08:08:41 2014
From: buoy at clear.net.nz (Jos)
Date: Thu, 16 Oct 2014 21:08:41 +1300
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <543EE3A1.5090703@gmail.com>
References: <D0641A21.24664%buoy@clear.net.nz> <543E048F.6030502@gmail.com>
 <20141015052702.GB61521@shrubbery.net> <D06488B1.246C8%buoy@clear.net.nz>
 <543EE3A1.5090703@gmail.com>
Message-ID: <D065E3D2.24982%buoy@clear.net.nz>

Thanks Alan and all those offering help with this. Your suggestion Alan of
using ?($_ =~ /^\s+(\d+) (\w+) (.*\s)(.*)/)? has worked for me, I have
extra line breaks between ACL entries, but the ACL?s hold all the key data
they should now so I?m happy.
In my 3.1 install I had to adjust /home/rancid/lib/rancid/iosxr.pm as
noted.
Not sure if this is a bug or not, should the ACLSORT=NO disable this
feature entirely?

Cheers, Jos


On 16/10/14 10:14, "Alan McKinnon" <alan.mckinnon at gmail.com> wrote:

>On 15/10/2014 09:59, Jos wrote:
>> Hi Guys
>> 
>> Thanks to you both for the replies. I should have mentioned I?ve tried
>>the
>> ACL-SORT option being disabled/enabled in config without seeing any
>> success, I had this line in rancid.conf:
>> 
>> # if ACLSORT is NO, access-lists will NOT be sorted.
>> ACLSORT=NO; export ACLSORT
>> #
>> 
>> I have tried removing ?export ACLSORT? with no luck either.
>> 
>> 
>> I have 4 or 5 ASR9K?s running 4.3.x and all do the same thing. Perhaps a
>> better example is this one:
>> 
>> Rancid backs up this:
>> ipv4 access-list name
>>  permit ipv4 any 166
>>  remark the below subnet is currently not in use
>>  permit ipv4 any 166
>> 
>> What we have configured is:
>> ipv4 access-list name
>>  10 permit ipv4 any 166.1xx.xx.xx/28
>>  20 remark the below subnet is currently not in use
>>  30 permit ipv4 any 166.1xx.xx.xxx/28
>> 
>> 
>>  - so the rancid backup leaves a bit to be desired here I think.
>
>
>The truncated address is due to this code in WriteTerm():
>
>if (/^ipv(4|6) access-list (\S+)\s*$/) {
>    ...
>    while (<INPUT>) {
>       ...
>       ($seq, $cmd, $misc, $ip) = ($_ =~ /^\s+(\d+) (\w+) (.*\s)(\w+)/);
>                if ($cmd =~ /(permit|deny)/) {
>                    ProcessHistory("ACL $nlri $key $cmd",
>"$aclsort","$ip", " $cmd $misc$ip\n");
>                ...
>    }
>}
>
>
>That final (\w+) stops at the first dot.
>
>I'm no Cisco guru and don't know all the permutations of how XR lists
>access-lists, but I imagine the address must be everything after
>"ipv(4|6) any ", so the regex should probably become:
>
>
>($_ =~ /^\s+(\d+) (\w+) (.*\s)(.*)/)
>
>
>This is for 2.3.8 (I don't have a 3.x install to hand to check)
>
>> 
>> I have:
>> expect version 5.44.1.15
>> This is on centos 6.5, I had the packaged version of rancid installed,
>>an
>> old 2.3.8 or something but then grabbed 3.1 and compiled it and have
>> removed the package.
>> 
>> 
>> Thanks for all your help with this, I can share more config if you let
>>me
>> know what exactly.
>> 
>> Cheers, Jos
>> 
>> 
>> On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:
>> 
>>> Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>>>>> Rancid collected config:
>>>>> ipv4 access-list no-rfc1918
>>>>>  remark Deny traffic to RFC 1918
>>>>>  deny ipv4 10.0.0.0/8 any
>>>>>  deny ipv4 any 10
>>>>>  deny ipv4 172.16.0.0/12 any
>>>>>  deny ipv4 any 172
>>>>>  deny ipv4 192.168.0.0/16 any
>>>>>  deny ipv4 any 192
>>>>>  permit ipv4 any any
>>>>>
>>>>>
>>>>> A minor problem where the ACL is obvious as above, but this is the
>>>>> exception.
>>>>> Can someone suggest a good fix or workaround for this please
>>>> (preferably
>>>>> without changing the ASR9K config), I trust it affects others with
>>>> this
>>>>> sort of config?
>>>>> I can see earlier posts mention xrrancid but can?t find that in our
>>>> 3.1
>>>>> install.
>>>>
>>>> This appears to be rancid's acl renumbering, which is the designed
>>>> behaviour for good reasons.
>>>
>>> I dont think so; yes its removing the line numbers, but its botching
>>>every
>>> other line.
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> 
>> 
>
>
>-- 
>Alan McKinnon
>alan.mckinnon at gmail.com
>
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss



From jethro.binks at strath.ac.uk  Mon Oct 20 11:58:03 2014
From: jethro.binks at strath.ac.uk (Jethro R Binks)
Date: Mon, 20 Oct 2014 12:58:03 +0100 (BST)
Subject: [rancid] wraprancid for rancid 3.x?
In-Reply-To: <543E4ACD.2020403@thingy.com>
References: <543E4ACD.2020403@thingy.com>
Message-ID: <alpine.BSF.2.02.1410201257110.22097@qrswnz.pp.fgengu.np.hx>

Hi Howie,

Just to say I haven't looked into it at all, sorry :-/ My dev cycles have 
completely gone for the last too-long-a-time.

Jethro.


On Wed, 15 Oct 2014, Howard 
Jones wrote:

> Before I dig in, has anyone else already updated Jethro Binks' wraprancid
> script to deal with RANCID 3.x? Since rancid-fe is driven by rancid-types.conf
> now, I am assuming it will need some love.
> 
> I'm trying to merge two different department's internal RANCID servers, one
> fairly standard 3.x and one 2.x with some wrapper scripts for strange devices.
> 
> Thanks for any pointers,
> 
> Howie
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

From heas at shrubbery.net  Mon Oct 20 23:13:56 2014
From: heas at shrubbery.net (heasley)
Date: Mon, 20 Oct 2014 23:13:56 +0000
Subject: [rancid] cisco-xr ASR9K and numbered ACL's
In-Reply-To: <C15976FC-4EA6-44AA-929D-97BF45ECC5DC@gmail.com>
References: <D0641A21.24664%buoy@clear.net.nz> <543E048F.6030502@gmail.com>
 <20141015052702.GB61521@shrubbery.net>
 <D06488B1.246C8%buoy@clear.net.nz>
 <C15976FC-4EA6-44AA-929D-97BF45ECC5DC@gmail.com>
Message-ID: <20141020231356.GI45956@shrubbery.net>

Wed, Oct 15, 2014 at 04:52:40PM -0400, Peter Jackson:
> I looked over the script last night and I think the tail end of the lines are being dropped because the regex needs to be tweaked.  \w in Perl regex doesn't match a period, does it?  If not, then the regex matches only up to the first period in the IP address and that is why the rest of the line is dropped.

Indeed that regex needs some adjustment.  What you suggest will fix the
truncation and is a good start, but the process needs to be expanded to
pick out the address properly.  thanks

> I will look again when I get a chance.
> 
> 
> 
> > On Oct 15, 2014, at 3:59 AM, Jos <buoy at clear.net.nz> wrote:
> > 
> > Hi Guys
> > 
> > Thanks to you both for the replies. I should have mentioned I?ve tried the
> > ACL-SORT option being disabled/enabled in config without seeing any
> > success, I had this line in rancid.conf:
> > 
> > # if ACLSORT is NO, access-lists will NOT be sorted.
> > ACLSORT=NO; export ACLSORT
> > #
> > 
> > I have tried removing ?export ACLSORT? with no luck either.
> > 
> > 
> > I have 4 or 5 ASR9K?s running 4.3.x and all do the same thing. Perhaps a
> > better example is this one:
> > 
> > Rancid backs up this:
> > ipv4 access-list name
> > permit ipv4 any 166
> > remark the below subnet is currently not in use
> > permit ipv4 any 166
> > 
> > What we have configured is:
> > ipv4 access-list name
> > 10 permit ipv4 any 166.1xx.xx.xx/28
> > 20 remark the below subnet is currently not in use
> > 30 permit ipv4 any 166.1xx.xx.xxx/28
> > 
> > 
> > - so the rancid backup leaves a bit to be desired here I think.
> > 
> > I have:
> > expect version 5.44.1.15
> > This is on centos 6.5, I had the packaged version of rancid installed, an
> > old 2.3.8 or something but then grabbed 3.1 and compiled it and have
> > removed the package.
> > 
> > 
> > Thanks for all your help with this, I can share more config if you let me
> > know what exactly.
> > 
> > Cheers, Jos
> > 
> > 
> >> On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:
> >> 
> >> Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
> >>>> Rancid collected config:
> >>>> ipv4 access-list no-rfc1918
> >>>> remark Deny traffic to RFC 1918
> >>>> deny ipv4 10.0.0.0/8 any
> >>>> deny ipv4 any 10
> >>>> deny ipv4 172.16.0.0/12 any
> >>>> deny ipv4 any 172
> >>>> deny ipv4 192.168.0.0/16 any
> >>>> deny ipv4 any 192
> >>>> permit ipv4 any any
> >>>> 
> >>>> 
> >>>> A minor problem where the ACL is obvious as above, but this is the
> >>>> exception.
> >>>> Can someone suggest a good fix or workaround for this please
> >>> (preferably
> >>>> without changing the ASR9K config), I trust it affects others with
> >>> this
> >>>> sort of config?
> >>>> I can see earlier posts mention xrrancid but can?t find that in our
> >>> 3.1
> >>>> install.
> >>> 
> >>> This appears to be rancid's acl renumbering, which is the designed
> >>> behaviour for good reasons.
> >> 
> >> I dont think so; yes its removing the line numbers, but its botching every
> >> other line.
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> > 
> > 
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss

From Shaun.Krok at 888holdings.com  Wed Oct 22 06:34:57 2014
From: Shaun.Krok at 888holdings.com (Shaun Krok)
Date: Wed, 22 Oct 2014 06:34:57 +0000
Subject: [rancid] Diff issue with Cisco ACE
Message-ID: <57FD84723C05BB4FA3BB5F66AC609F6406C459B3@XCH-IL-MB1.888holdings.corp>

Hi

I am running 3.1 Rancid and all is working exceptionally well.

Small diff issue with the following


###snip

+ !Unable to open device /dev/pfm_drv



How would I go about suppressing this in the diff email



Thanks



Shaun




Shaun Krok
Network Team

Herzliya Business Park
Herzliya Pituach 46140
Israel

Telephone: +972 (0)732889406
Mobile: +972 (0)50 2424381
email:shaun.krok at 888holdings.com

[Description: Description: Description: Description: Description: 888]
[Description: Description: 888]



This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the "888 Group") and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141022/5f82cf1c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 5415 bytes
Desc: image001.gif
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141022/5f82cf1c/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 13717 bytes
Desc: image002.gif
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141022/5f82cf1c/attachment-0001.gif>

From heas at shrubbery.net  Wed Oct 22 16:51:57 2014
From: heas at shrubbery.net (heasley)
Date: Wed, 22 Oct 2014 16:51:57 +0000
Subject: [rancid] Diff issue with Cisco ACE
In-Reply-To: <57FD84723C05BB4FA3BB5F66AC609F6406C459B3@XCH-IL-MB1.888holdings.corp>
References: <57FD84723C05BB4FA3BB5F66AC609F6406C459B3@XCH-IL-MB1.888holdings.corp>
Message-ID: <20141022165157.GE12029@shrubbery.net>

Wed, Oct 22, 2014 at 06:34:57AM +0000, Shaun Krok:
> Hi
> 
> I am running 3.1 Rancid and all is working exceptionally well.
> 
> Small diff issue with the following
> 
> 
> ###snip
> 
> + !Unable to open device /dev/pfm_drv
> 
> How would I go about suppressing this in the diff email

is it an intermittent failure?

you configure the ACE as device type cisco?

From krok at krok.za.net  Wed Oct 22 16:45:08 2014
From: krok at krok.za.net (Shaun Krok)
Date: Wed, 22 Oct 2014 19:45:08 +0300
Subject: [rancid] Diff issue with Cisco ACE
In-Reply-To: <20141022165157.GE12029@shrubbery.net>
References: <57FD84723C05BB4FA3BB5F66AC609F6406C459B3@XCH-IL-MB1.888holdings.corp>
 <20141022165157.GE12029@shrubbery.net>
Message-ID: <6012342feba9ffc63013f3f60c02d5ae@krok.za.net>

Hi

NO --- no failure --- config is collected in full without issue
The only problem is the diff that is generated witrh the diff email
Just want to remove from the diff email

thanks -- much appreciated

On 2014-10-22 19:51, heasley wrote:
> Wed, Oct 22, 2014 at 06:34:57AM +0000, Shaun Krok:
>> Hi
>>
>> I am running 3.1 Rancid and all is working exceptionally well.
>>
>> Small diff issue with the following
>>
>>
>> ###snip
>>
>> + !Unable to open device /dev/pfm_drv
>>
>> How would I go about suppressing this in the diff email
>
> is it an intermittent failure?
>
> you configure the ACE as device type cisco?
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

-- 
Shaun Krok
Tel: 050 2424 381

From nathan.burgerhout at gmail.com  Fri Oct 24 10:33:31 2014
From: nathan.burgerhout at gmail.com (Nathan Burgerhout)
Date: Fri, 24 Oct 2014 12:33:31 +0200
Subject: [rancid] Two Cisco device's on one WAN IP
In-Reply-To: <CAGtQWhU_YdwBkMkCZq=tgoH+zWT-OrGeRG2px_b7X-MkWoCYwg@mail.gmail.com>
References: <CAGtQWhWji3Vr2Uxei=jm1E0FgMeoOH_naShywD3ZTWH_wPUG-A@mail.gmail.com>
 <049a01cfc92e$b6f87ad0$24e97070$@softscape.ca>
 <CAGtQWhU9t5=O3wkmgLrKjsb-AfQMmS6YX9TTDRgcGQd0=mjZeg@mail.gmail.com>
 <04cf01cfc939$4a7cde90$df769bb0$@softscape.ca>
 <CAGtQWhU_YdwBkMkCZq=tgoH+zWT-OrGeRG2px_b7X-MkWoCYwg@mail.gmail.com>
Message-ID: <CAGtQWhUVvRqwK=ywoTafdMkTTAehSL4M11uqby+p=khTfbDiCg@mail.gmail.com>

Hello,

Tried different options, but I'm still stuck at this point. Can anyone help
me solve this last problem?
My new .cloginrc and output are bellow.

.cloginrc:
add method site02-redirected ssh telnet
add user site02-redirected sadmin
add password site02-redirected {boterkoek23}

add method site02 {usercmd}
add user site02 sadmin
add password site02 {boterkoek23} {boterkoek23}
add usercmd site02 {/usr/lib/rancid/bin/clogin} {-noenable}
{site02-redirected}
add usercmd_chat site02 {site-rt01>} {ssh -l sadmin 10.0.0.29\r}
{boterkoek23} {}
#add autoenable {01}
#add enableprompt site02 {boterkoek23}
#add usercmd_chat kogros02 {site-rt02>} {enable\r} {boterkoek23\r}

Output of ./clogin site02:
ruser at LNX01:/usr/lib/rancid/bin$ ./clogin site02
site02
spawn /usr/lib/rancid/bin/clogin -noenable site02-redirected
site02-redirected
spawn ssh -c 3des -x -l sadmin site02-redirected
Password:
site-rt01>ssh -l sadmin 10.0.0.29

site-rt01>ssh -l sadmin 10.0.0.29
Password:
% Password:  timeout expired!
[Connection to 10.0.0.29 aborted: error status 0]
site-rt01>exit

Timeout in usercmd_chat waiting for -re boterkoek23: punting with CR

site-rt01>boterkoek23
Translating "boterkoek23"...domain server (255.255.255.255)

% Bad IP address or host name
% Unknown command or computer name, or unable to find computer address
site-rt01>boterkoek23
% Bad IP address or host name
% Unknown command or computer name, or unable to find computer address
site-rt01>enable
Password:
site-rt01#
site-rt01#exit
Connection to site02-redirected closed by remote host.
Connection to site02-redirected closed.
ruser at LNX01:/usr/lib/rancid/bin$

---
Nathan

2014-09-09 16:40 GMT+02:00 Nathan Burgerhout <nathan.burgerhout at gmail.com>:

> See below for the .cloginrc config that I use now.
>
> .cloginrc:
>
> # Customer_A SSH login
> # Router 01
> add method Customer_A01 ssh telnet
> add user Customer_A01 {rancid}
> add password Customer_A01 {&g584g&agdf$VF$%*(#FHGFukt} {&^4g578$V784v78$*}
>
> # Router 02 behind router 01
> add method Customer_A02 {usercmd}
> add user Customer_A02 {sadmin}
> add password Customer_A02 {boterkoek23} {boterkoek23}
> add usercmd Customer_A02 {/usr/lib/rancid/bin/clogin} {Customer_A01}
> {boterkoek23}
> add usercmd_chat Customer_A02 {>} {ssh 10.0.0.253} {boterkoek23}
> {10.0.0.253}
>
> # General Login
> add user * {rancid}
> add password * {&g584g&agdf$VF$%*(#FHGFukt} {&^4g578$V784v78$*}
> add method * ssh telnet
>
>
> *J. Burgerhout*
> Krimpen aan den IJssel
> Tel.         (06) 83080710
> Web.      www.xentux.com/jonathan
>
>
>
> 2014-09-05 20:43 GMT+02:00 Bob B <bob at softscape.ca>:
>
>> Can you post your sanitized .cloginrc stanza?
>>
>> I'll compare it to what I have and see if anything stands out.
>>
>> BB
>>
>>
>>
>> > -----Original Message-----
>> > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On
>> > Behalf Of Nathan Burgerhout
>> > Sent: Friday, September 05, 2014 2:08 PM
>> > To: Bob B; rancid-discuss at shrubbery.net
>> > Subject: Re: [rancid] Two Cisco device's on one WAN IP
>> >
>> > Thank you Bob.
>> >
>> >
>> > I tried to do this, but it didn't work. It just stops at the point where
>> > it types the seconds SSH. The problem could be that my Cisco's
>> > authenticate through a Tacacs+ server. I'm going to try some more. At
>> > least I'm going in the right direction.
>> >
>> >
>> > ---
>> > Nathan
>> >
>> >
>> > 2014-09-05 19:27 GMT+02:00 Bob B <bob at softscape.ca>:
>> >
>> >
>> >       Nathan,
>> >
>> >       If it's any help, this is how we do it. We have many devices
>> fitting
>> > this exact scenario and it seems to work reasonably well.
>> >
>> >       The configuration is a bit more involved in the .cloginrc file,
>> but
>> > not overly complicated.
>> >
>> >       Bob.
>> >
>> >
>> >
>> >
>> >       > -----Original Message-----
>> >       > From: Rancid-discuss [mailto:
>> rancid-discuss-bounces at shrubbery.net]
>> > On
>> >       > Behalf Of Nathan Burgerhout
>> >       > Sent: Friday, September 05, 2014 8:40 AM
>> >       > To: rancid-discuss at shrubbery.net
>> >       > Subject: [rancid] Two Cisco device's on one WAN IP
>> >       >
>> >       > Hello everyone,
>> >       >
>> >       >
>> >       > I hope that I'm in the right place to ask this.
>> >       >
>> >       > Recently I installed Rancid so that I can backup the Cisco
>> devices
>> > from my
>> >       > customers. I have it working for one device. The second device
>> can
>> > only be
>> >       > accessed by using SSH from the first Cisco to the second Cisco.
>> >       >
>> >       >
>> >       > Rancid Server at work --> Internet --> Cisco A --> Cisco B
>> >       >
>> >       >
>> >       > Is this possible to do? The example in the link below is for a
>> > network
>> >       > where the Rancid server is local which isn't the case for me,
>> but
>> > it looks
>> >       > like I could use the usercmd method.
>> >       >
>> >       > http://www.shrubbery.net/pipermail/rancid-discuss/2008-
>> >       > September/003274.html
>> >       >
>> >       >
>> >       > Regards,
>> >       >
>> >       > Nathan
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141024/95dd6471/attachment.html>

From antonio.quesada at usan.com  Thu Oct 30 19:12:31 2014
From: antonio.quesada at usan.com (Antonio Quesada)
Date: Thu, 30 Oct 2014 19:12:31 +0000
Subject: [rancid] Using Ravin's patch to jump through a gateway device
 to probe device not working in 3.1?
Message-ID: <24DA785F724DBB40B9655CFA49DE78282C2CA99D@NOR2K8EXCH1.usanad.com>

Hi all,

Back in the 12th of June of 2014 Andrei Sabau inquired about Ravin's patch.

Andrei (or anyone else for that matter):  Did you get it to work?
Did you use the same patch as for version 2 (which I do not think so, but let me make sure). Would you mind sharing where you obtained the version 3 patch (or did you modify it yourself?)

I have a problem where using Ravin's patch may provide a solution.

Thank you!!

Antonio Quesada


This communication, and any attachments, is intended solely for the use of the individual or entity to which it is addressed and contains information that is proprietary, privileged and confidential. If you are not the intended recipient or the person responsible for delivering this communication to the intended recipient, you are prohibited from retaining, using, disseminating, forwarding, printing or copying this communication. If you have received this communication in error, please immediately notify the sender via return e-mail or telephone and delete the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141030/f35d4fd0/attachment.html>

From fanachos at gmail.com  Fri Oct 31 07:20:14 2014
From: fanachos at gmail.com (Andrei Sabau)
Date: Fri, 31 Oct 2014 09:20:14 +0200
Subject: [rancid] Rancid-discuss Digest, Vol 48, Issue 17
In-Reply-To: <mailman.1.1414699200.64076.rancid-discuss@shrubbery.net>
References: <mailman.1.1414699200.64076.rancid-discuss@shrubbery.net>
Message-ID: <CAFDP=4yKP8vO30Q6t2WuKDiM6ucsqRBZKbfzRj200P2JcOVWjA@mail.gmail.com>

Hello Antonio Quesada,

I did not manage to make it work, unfortunately. I cannot remember what
troubles I had but after some time I gave up. I believed i tried it on 2.1
because 3.1 was released later ?(not sure)

On 30 October 2014 22:00, <rancid-discuss-request at shrubbery.net> wrote:

> Send Rancid-discuss mailing list submissions to
>         rancid-discuss at shrubbery.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> or, via email, send a message with subject or body 'help' to
>         rancid-discuss-request at shrubbery.net
>
> You can reach the person managing the list at
>         rancid-discuss-owner at shrubbery.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Rancid-discuss digest..."
>
>
> Today's Topics:
>
>    1. Re: Using Ravin's patch to jump through a gateway device to
>       probe device not working in 3.1? (Antonio Quesada)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 30 Oct 2014 19:12:31 +0000
> From: Antonio Quesada <antonio.quesada at usan.com>
> To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Subject: Re: [rancid] Using Ravin's patch to jump through a gateway
>         device to probe device not working in 3.1?
> Message-ID:
>         <24DA785F724DBB40B9655CFA49DE78282C2CA99D at NOR2K8EXCH1.usanad.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi all,
>
> Back in the 12th of June of 2014 Andrei Sabau inquired about Ravin's patch.
>
> Andrei (or anyone else for that matter):  Did you get it to work?
> Did you use the same patch as for version 2 (which I do not think so, but
> let me make sure). Would you mind sharing where you obtained the version 3
> patch (or did you modify it yourself?)
>
> I have a problem where using Ravin's patch may provide a solution.
>
> Thank you!!
>
> Antonio Quesada
>
>
> This communication, and any attachments, is intended solely for the use of
> the individual or entity to which it is addressed and contains information
> that is proprietary, privileged and confidential. If you are not the
> intended recipient or the person responsible for delivering this
> communication to the intended recipient, you are prohibited from retaining,
> using, disseminating, forwarding, printing or copying this communication.
> If you have received this communication in error, please immediately notify
> the sender via return e-mail or telephone and delete the original message.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141030/f35d4fd0/attachment-0001.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
> ------------------------------
>
> End of Rancid-discuss Digest, Vol 48, Issue 17
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20141031/45a33a6e/attachment.html>