[rancid] Panrancid with PAN 6.0
Peter Jackson
peterjackson1610 at gmail.com
Mon Sep 15 18:30:05 UTC 2014
Chip, did you get RANCID working with PAN 6? I had the same or similar
issue as you and we are running HA.
I had updated to Doug's latest version of panrancid but was on an old
version of panlogin (that set 'pager off'). After I updated panlogin
RANCID works as expected.
On Wed, Jun 18, 2014 at 1:27 PM, Chip Pleasants <wpleasants at gmail.com>
wrote:
> I can open a ticket, but I'm concerned that I can not show them an example
> of it broke besides the script. They may work with me if can't show its
> broke manually. Thanks again Doug for assistance.
>
> -Chip
> On Jun 18, 2014 1:14 PM, "Hughes, Doug" <Douglas.Hughes at deshawresearch.com>
> wrote:
>
>> EatCommand just takes care of registering and aligning for the next
>> command since that command doesn’t produce any ouput, but you still need to
>> do something with what echoes back to expect.
>>
>>
>>
>> Your below panlogin to firewallv5 worked perfectly.
>>
>> You can see it repeating each word and building until cli scripting-mode
>> is on, and then everything after that works ok.
>>
>>
>>
>> Yet it didn’t work for firewallv6. This seems like a bug. I’d open a case
>> with support.paloaltonetworks.com to see what’s going on. Something
>> weird is causing the cli scripting-mode on to fail.
>>
>>
>>
>>
>>
>> *From:* Chip Pleasants [mailto:wpleasants at gmail.com]
>> *Sent:* Wednesday, June 18, 2014 12:12 PM
>> *To:* Hughes, Doug
>> *Cc:* rancid-discuss at shrubbery.net
>> *Subject:* Re: [rancid] Panrancid with PAN 6.0
>>
>>
>>
>> I think I see what you are talking about now. Here are the two examples.
>> One from a version 6 and one from a version 5. Now the odd part is when
>> I perform this test manually turning on 'set cli scripting-mode on' it
>> doesn't auto-complete on versions 6.0.2 or 5.0.11. Would there be
>> a difference with the EatCommand portion of the script? Thanks for taking
>> the time to work with me Doug.
>>
>>
>>
>>
>>
>> [rancid at cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d
>> FIREWALLV5.domain.com
>>
>> executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
>> off;show system info;show config running" FIREWALLV5.domain.com
>>
>> line: FIREWALLV5.domain.com
>>
>> line: rancid at FIREWALLV5(active)>
>>
>> line: rancid at FIREWALLV5(active)> set rancid at FIREWALLV5(active)> set cli
>> rancid at FIREWALLV5(active)> set cli scripting-mode rancid at FIREWALLV5(active)>
>> set cli scripting-mode on
>>
>> PROMPT MATCH: rancid at FIREWALLV5\(active\)[#>]
>>
>> HIT COMMAND:rancid at FIREWALLV5(active)> set rancid at FIREWALLV5(active)>
>> set cli rancid at FIREWALLV5(active)> set cli scripting-mode
>> rancid at FIREWALLV5(active)> set cli scripting-mode on
>>
>>
>>
>> COMMAND is: set cli scripting-mode on|EatCommand
>>
>> HIT COMMAND:rancid at FIREWALLV5(active)> set cli pager off
>>
>>
>>
>> COMMAND is: set cli pager off|EatCommand
>>
>> HIT COMMAND:rancid at FIREWALLV5(active)> show system info
>>
>>
>>
>> COMMAND is: show system info|ShowInfo
>>
>> In ShowInfo:: rancid at FIREWALLV5(active)> show system info
>>
>> HIT COMMAND:rancid at FIREWALLV5(active)> show config running
>>
>>
>>
>> COMMAND is: show config running|ShowConfig
>>
>> In ShowConfig: rancid at FIREWALLV5(active)> show config running
>>
>> line:
>>
>> exiting
>>
>> [rancid at cmh1vlobs01 rancid]$
>>
>>
>>
>>
>>
>>
>>
>> [rancid at cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d
>> FIREWALLV6.domain.com
>>
>> executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
>> off;show system info;show config running" FIREWALLV6.domain.com
>>
>> line: FIREWALLV6.domain.com
>>
>> line: rancid at FIREWALLV6(active)>
>>
>> line: rancid at FIREWALLV6(active)> set rancid at FIREWALLV6(active)> set cli
>> rancid at FIREWALLV6(active)> set cli scripting-mode rancid at FIREWALLV6(active)>
>> set cli scripting-mode on
>>
>> PROMPT MATCH: rancid at FIREWALLV6\(active\)[#>]
>>
>> HIT COMMAND:rancid at FIREWALLV6(active)> set rancid at FIREWALLV6(active)>
>> set cli rancid at FIREWALLV6(active)> set cli scripting-mode
>> rancid at FIREWALLV6(active)> set cli scripting-mode on
>>
>>
>>
>> COMMAND is: set cli scripting-mode on|EatCommand
>>
>> HIT COMMAND:rancid at FIREWALLV6(active)> set rancid at FIREWALLV6(active)>
>> set cli rancid at FIREWALLV6(active)> set cli pager rancid at FIREWALLV6(active)>
>> set cli pager off
>>
>>
>>
>> COMMAND is: set cli pager off|EatCommand
>>
>> HIT COMMAND:rancid at FIREWALLV6(active)> show rancid at FIREWALLV6(active)>
>> show system rancid at FIREWALLV6(active)> show system info
>>
>>
>>
>> COMMAND is: show system info|ShowInfo
>>
>> In ShowInfo:: rancid at FIREWALLV6(active)> show rancid at FIREWALLV6(active)>
>> show system rancid at FIREWALLV6(active)> show system info
>>
>> FIREWALLV6.domain.com: missed cmd(s): show config running
>>
>> FIREWALLV6.domain.com: missed cmd(s): show config running
>>
>> FIREWALLV6.domain.com: End of run not found
>>
>> FIREWALLV6.domain.com: End of run not found
>>
>> #
>>
>> [rancid at cmh1vlobs01 rancid]$ !
>>
>>
>>
>>
>>
>>
>>
>> -Chip
>>
>>
>>
>>
>>
>> On Wed, Jun 18, 2014 at 11:35 AM, Hughes, Doug <
>> Douglas.Hughes at deshawresearch.com> wrote:
>>
>> It doesn’t look like it is from your very first debugging output:
>>
>> COMMAND is: show system info|ShowInfo
>> In ShowInfo:: rancid at FIREWALL(active)> show rancid at FIREWALL(active)>
>> show system rancid at FIREWALL(active)> show system info
>>
>>
>> if scripting-mode was on, we wouldn’t see the stuff in red. (html mode on
>> to read). The fact that the extra prompts show up indicates that it is
>> intercepting the spaces and attempting to do ‘helpful command completion’.
>>
>>
>>
>>
>>
>>
>>
>> *From:* Chip Pleasants [mailto:wpleasants at gmail.com]
>> *Sent:* Wednesday, June 18, 2014 8:52 AM
>>
>>
>> *To:* Hughes, Doug
>> *Cc:* rancid-discuss at shrubbery.net
>> *Subject:* Re: [rancid] Panrancid with PAN 6.0
>>
>>
>>
>> It doesn't appear to be a bug, because I think its operating as you
>> describe. When I turn on 'set cli scripting-mode on' it doesn't
>> autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be
>> going on?
>>
>>
>>
>> Thanks,
>>
>> Chip
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <
>> Douglas.Hughes at deshawresearch.com> wrote:
>>
>> Hrm. Yes, I had it correct the first time. (oof, busy day)
>>
>> ‘on’ is needed to prevent this ‘feature’:
>>
>> line: rancid at FIREWALL(active)> set rancid at FIREWALL(active)> set cli
>> rancid at FIREWALL(active)> set cli pager rancid at FIREWALL(active)> set cli
>> pager off
>>
>> After each space, it does essentially a rewrite of the line as it tried
>> to ‘auto-correct’ you from typing the wrong thing. This gets in the way of
>> parsing with expect quite heavily, so I attempt to disable it as soon as
>> possible. If set cli scripting-mode on does not cause this to stop (and it
>> looks like it doesn’t), then that appears to be a bug. You can also see
>> this by using type script:
>>
>> Here’s how it looks at the command line:
>> Drdgpfs0002:/tmp$ script
>> drdgpfs0002:/tmp$ ssh -l admin paloalto.en
>> admin at paloalto.en's password:
>> Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
>> Welcome admin.
>> admin at paloalto.en> set cli scripting-mode on
>> admin at paloalto.en> set cli ? <ENTER here>
>>
>> Invalid syntax.
>> admin at paloalto.en> exit
>>
>>
>> Here's how it looks in the corresponding typescript file:
>> i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
>> drdgpfs0002:/tmp$ ssh -l admin paloalto
>> admin at paloalto.en's password: ^M
>> Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
>> ^M^M
>> Welcome admin.^M
>> admin at paloalto.en> set ^M^[[Kadmin at paloalto.en> set cli
>> ^M^[[Kadmin at paloalto.en>
>> set cli scripting-mode ^M^[[Kadmin at paloalto.en> set cli scripting-mode
>> on^M
>> admin at paloalto.en> set cli ?^M
>> ^M
>> Invalid syntax.^M
>> admin at paloalto.en> exit^M
>> Connection to paloalto.en closed.^M^M
>> drdgpfs0002:/tmp$ exit^M^M
>> exit^M
>>
>> Script done on Tue 17 Jun 2014 03:25:34 PM EDT
>>
>> If 'set cli scripting-mode on' doesn't disable the 'space' feature, then
>> the rest of the expect is very iffy at best and difficult to manage
>>
>> Here's another way to confirm the behavior
>>
>> Type config <space>
>>
>> If it autocompletes to 'configure', then cli scripting-mode is not on and
>> results *will* vary.
>> Disabling the pager is also important since it disables the --more-- when
>> show config is running.
>>
>> I am running 6.0.2 but no HA on PA-3020 and PA-2050
>>
>>
>>
>>
>> From: Chip Pleasants [mailto:wpleasants at gmail.com]
>>
>> Sent: Tuesday, June 17, 2014 3:21 PM
>>
>> To: Hughes, Doug
>> Cc: rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] Panrancid with PAN 6.0
>>
>> Tried it on both versions. Seems like they both yield the same result.
>> Doesn't the script turn cli scripting-mode on? Or do we don't really care
>> that's its on or off?
>>
>>
>>
>>
>> user at FIREWALLV6(active)> set cli scripting-mode off
>> user at FIREWALLV6(active)> set cli scripting-mode
>> off off
>> on on
>>
>> user at FIREWALLV6(active)> set cli scripting-mode
>>
>>
>>
>>
>>
>>
>> user at FIREWALLV5(active)> set cli scripting-mode off
>> user at FIREWALLV5(active)> set cli scripting-mode
>> off off
>> on on
>>
>> user at FIREWALLV5(active)> set cli scripting-mode
>>
>>
>>
>> -Chip
>>
>>
>> On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <
>> Douglas.Hughes at deshawresearch.com> wrote:
>> Sorry, I meant ‘off’, you need to set it to off and then try the ? test.
>>
>> From: Chip Pleasants [mailto:wpleasants at gmail.com]
>> Sent: Tuesday, June 17, 2014 2:48 PM
>>
>> To: Hughes, Doug
>> Cc: rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] Panrancid with PAN 6.0
>>
>> Here's what I get. I get the same result from a version 5.x PA. I removed
>> the "set cli scripting-mode on" from the script to test. Version 5.x PA
>> works and version 6.x PA end up with the same result.
>>
>>
>> user at FIREWALL(active)> set cli scripting-mode on
>> user at FIREWALL(active)> set cli scripting-mode ?
>> ? is not one of <on|off>
>>
>> Invalid syntax.
>> user at FIREWALL(active)>
>>
>>
>>
>> line: rancid at FIREWALL(active)> set rancid at FIREWALL(active)> set cli
>> rancid at FIREWALL(active)> set cli pager rancid at FIREWALL(active)> set cli
>> pager off
>> PROMPT MATCH: rancid at FIREWALL\(active\)[#>]
>> HIT COMMAND:rancid at FIREWALL(active)> set rancid at FIREWALL(active)> set
>> cli rancid at FIREWALL(active)> set cli pager rancid at FIREWALL(active)> set
>> cli pager off
>>
>> COMMAND is: set cli pager off|EatCommand
>> HIT COMMAND:rancid at FIREWALL(active)> show rancid at FIREWALL(active)> show
>> system rancid at FIREWALL(active)> show system info
>>
>> COMMAND is: show system info|ShowInfo
>> In ShowInfo:: rancid at FIREWALL(active)> show rancid at FIREWALL(active)>
>> show system rancid at FIREWALL(active)> show system info
>> FIREWALL.dswinc.net: missed cmd(s): show config running
>> FIREWALL.dswinc.net: missed cmd(s): show config running
>> FIREWALL.dswinc.net: End of run not found
>> FIREWALL.dswinc.net: End of run not found
>> #
>> [rancid at server rancid]$
>>
>>
>>
>>
>> On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <
>> Douglas.Hughes at deshawresearch.com> wrote:
>> Ah, you are running in HA mode I see. That could be throwing things off,
>> but I think I fixed that in 2013 sometime.
>> (I don’t run any in HA)
>>
>> It looks to me like ‘set cli scripting-mode on’ is failing
>>
>> To confirm this, login to the PA at command line, then type set cli
>> scripting-mode on
>>
>> Now type “set cli scripting-mode ?”
>>
>> If you get any sort of command completion, the cli scripting mode setting
>> is not working and needs to be turned into a PA bug report. That is what it
>> looks like it is happening by looking at the command staggering for
>> subsequent lines.
>>
>> From: Chip Pleasants [mailto:wpleasants at gmail.com]
>> Sent: Tuesday, June 17, 2014 1:39 PM
>> To: Hughes, Doug
>> Cc: rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] Panrancid with PAN 6.0
>>
>> Thanks Doug. I am running the most recent version, but for grins I
>> replaced them anyway. Still seeing the issue on two sets. The others seem
>> to work fine. Anything I provide that help find the trouble?
>>
>> -Chip
>>
>>
>> On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
>> Douglas.Hughes at deshawresearch.com> wrote:
>> Yes, it’s working for me. Are you using the latest? (attached)
>>
>>
>> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On
>> Behalf Of Chip Pleasants
>> Sent: Monday, June 16, 2014 2:01 PM
>> To: rancid-discuss at shrubbery.net
>> Subject: [rancid] Panrancid with PAN 6.0
>>
>> Does anyone have Panrancid working with PAN version 6.0.2? I have four
>> sets running PAN version 5.0.11 without an issues. Once I upgraded one set
>> the script times out. Below is a debug. Let me know if you have any
>> questions.
>>
>> Cheers,
>>
>> Chip
>>
>>
>> [rancid at cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d
>> cmh1-z4-f01.domain.com
>> executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
>> off;show system info;show config running" cmh1-z4-f01.domain.com
>> line: cmh1-z4-f01.domain.com
>> line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
>> line: NOTICE TO USERS
>> line: This is an official computer system and is the property of POOP
>> Incorporated.
>> line: It is for authorized users only. Unauthorized users are
>> prohibited.
>> line: Users (authorized or unauthorized) have no explicit or implicit
>> expectation of
>> line: privacy. Any or all uses of this system may be subject to one or
>> more of the
>> line: following actions: interception, monitoring, recording,
>> auditing, inspection and
>> line: disclosing to security personnel and law enforcement personnel,
>> as well as
>> line: authorized officials of other agencies, both domestic and
>> foreign. By using this
>> line: system, the user consents to these actions. Unauthorized or
>> improper use of
>> line: this system may result in administrative disciplinary action and
>> civil and criminal
>> line: penalties. By accessing this system you indicate your awareness
>> of and
>> line: consent to these terms and conditions of use. Discontinue access
>> immediately
>> line: if you do not agree to the conditions stated in this notice.
>> line:
>> line: Password:
>> line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
>> line: Welcome rancid.
>> line:
>> line: rancid at CMH1-Z4-F01(active)>
>> line: rancid at CMH1-Z4-F01(active)>
>> line: rancid at CMH1-Z4-F01(active)> set rancid at CMH1-Z4-F01(active)> set
>> cli rancid at CMH1-Z4-F01(active)> set cli scripting-mode rancid at CMH1-Z4-F01(active)>
>> set cli scripting-mode on
>> PROMPT MATCH: rancid at CMH1-Z4-F01\(active\)[#>]
>> HIT COMMAND:rancid at CMH1-Z4-F01(active)> set rancid at CMH1-Z4-F01(active)>
>> set cli rancid at CMH1-Z4-F01(active)> set cli scripting-mode
>> rancid at CMH1-Z4-F01(active)> set cli scripting-mode on
>>
>> COMMAND is: set cli scripting-mode on|EatCommand
>> HIT COMMAND:rancid at CMH1-Z4-F01(active)> set rancid at CMH1-Z4-F01(active)>
>> set cli rancid at CMH1-Z4-F01(active)> set cli pager rancid at CMH1-Z4-F01(active)>
>> set cli pager off
>>
>> COMMAND is: set cli pager off|EatCommand
>> HIT COMMAND:rancid at CMH1-Z4-F01(active)> show rancid at CMH1-Z4-F01(active)>
>> show system rancid at CMH1-Z4-F01(active)> show system info
>>
>> COMMAND is: show system info|ShowInfo
>> In ShowInfo:: rancid at CMH1-Z4-F01(active)> show rancid at CMH1-Z4-F01(active)>
>> show system rancid at CMH1-Z4-F01(active)> show system info
>> cmh1-z4-f01.domain.com : missed cmd(s): show config running
>> cmh1-z4-f01.domain.com : missed cmd(s): show config running
>> cmh1-z4-f01.domain.com : End of run not found
>> cmh1-z4-f01.domain.com : End of run not found
>>
>>
>>
>>
>>
>>
>>
>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20140915/446568ca/attachment.html>
More information about the Rancid-discuss
mailing list