[rancid] 3.2 rancid-run not working with PAN devices

Wed Jul 29 20:48:08 UTC 2015

I can run “panlogin" and I can get output from our Palo Alto Firewall, but rancid-run fails:

———

rancid at sjc-nettools02:~$ bin/panlogin -t 90 -c"show system info" sjc-fw01-sec
sjc-fw01-sec
spawn ssh -c 3des -x -l rancid sjc-fw01-sec
* * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
  __________________________________________________________________________
 /This computer system is the property of SurveyMonkey and may be accessed   \
<REDACTED>
Password:
Last login: Wed Jul 29 20:22:49 2015 from sjc-nettools02.endor.lan
Welcome rancid.

rancid at sjc-fw01-sec(active)>
rancid at sjc-fw01-sec(active)>
rancid at sjc-fw01-sec(active)> show system info

hostname: sjc-fw01-sec
<REDACTED>
family: 3000
model: PA-3020
<REDACTED>
multi-vsys: off

rancid at sjc-fw01-sec(active)> exit
Connection to sjc-fw01-sec closed.
rancid at sjc-nettools02:~$

———

The router.db:

…
sjc-fw01-sec.endor.lan;paloalto;up
…

The .clogin:

# PAN
add method sjc-fw01-sec ssh
add passprompt sjc-fw01-sec {"\[Pp]assword:"}
add user sjc-fw01-sec {rancid}
add password sjc-fw01-sec {REDACTED!}
add noenable sjc-fw01-sec 1

But when rancid-run kicks off, I get nothing.  Logs show:

=====================================
Getting missed routers: round 1.
sjc-fw01-sec.endor.lan: missed cmd(s): all commands
sjc-fw01-sec.endor.lan: End of run not found
#
=====================================
Getting missed routers: round 2.
sjc-fw01-sec.endor.lan: missed cmd(s): all commands
sjc-fw01-sec.endor.lan: End of run not found
Etc…

Debugs with rancid:

<snip>
expect: does "rancid at sjc-fw01-sec(active)> " (spawn_id exp6) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no
"^(.+>)"? Gate "*>"? gate=yes re=yes
expect: set expect_out(0,string) "rancid at sjc-fw01-sec(active)>"
expect: set expect_out(1,string) "rancid at sjc-fw01-sec(active)>"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "rancid at sjc-fw01-sec(active)>"
tty_raw_noecho: was raw = 0  echo = 1
spawn id exp0 sent <\r>
spawn id exp6 sent <\r\n>

spawn id exp6 sent <rancid at sjc-fw01-sec(active)> >

I noticed on some forums that there was a pan rancid file, but I don’t have on in the 3.2 install.  I see in some notes that it was converted to a module, so I assume it’s not needed.

Any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150729/7694b3e1/attachment.html>