From rancid at ale.cx Tue May 2 16:52:42 2017 From: rancid at ale.cx (Alex DEKKER) Date: Tue, 2 May 2017 17:52:42 +0100 Subject: [rancid] Collaborative development for rancid (e.g. git / github) In-Reply-To: <1423237280.15902.16.camel@seaknight.telkomsa.net> References: <1423237280.15902.16.camel@seaknight.telkomsa.net> Message-ID: On 06/02/15 15:41, Buchan Milne wrote: > Wouldn't it make sense to have a public repo for rancid, preferably git, > and if there is no other infrastructure planned, github is probably the > easiest. Did this ever get anywhere? I want to work on adding a new device type and would like to start with the latest source. alexd From peo at chalmers.se Wed May 3 08:17:23 2017 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 3 May 2017 10:17:23 +0200 Subject: [rancid] rancid with hp5412 J8697A or hp5406 In-Reply-To: <06c401d2a4e1$46fb0ae0$d4f120a0$@asprack.com> References: <06c401d2a4e1$46fb0ae0$d4f120a0$@asprack.com> Message-ID: <6bcc4e28-43f5-0470-4a34-a9a5f0bb01ff@chalmers.se> Hello For info. This patch is also needed for HP/Aruab-2920 switches running WB_16_03_0004 Possible all *_16_03_0004. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-avdelningen Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Mob: 0707 88 3708 ---------------------------------------------------------- On 03/24/2017 09:57 PM, Kalani Sanders wrote: > I believe this should do it. Fixed it for me. > > > > Replaces ?[?7h?, ?[1L?, and ?[1M? with CR. > > > > According to http://www.inwap.com/pdp10/ansicode.txt > > [1L Insert blank line at current row (shift screen down) > > [1M Delete the current line (shift screen up) > > [?7h = DECAWM - AutoWrap Mode, start newline after column 80 > > > > > > > > --- hpuifilter.c.ORIG 2017-03-24 13:49:49.991710473 -0700 > > +++ hpuifilter.c 2017-03-24 13:50:35.467645620 -0700 > > @@ -545,8 +545,8 @@ > > filter(char *buf, int len) > > { > > static regmatch_t pmatch[1]; > > -#define N_REG 16 /* number of regexes in reg[][] */ > > -#define N_CRs 2 /* number of CR replacements */ > > +#define N_REG 19 /* number of regexes in reg[][] */ > > +#define N_CRs 5 /* number of CR replacements */ > > static regex_t preg[N_REG]; > > static char reg[N_REG][50] = { /* vt100/220 escape codes */ > > "\x1B""7\x1B\\[1;24r\x1B""8", /* ds */ > > @@ -570,6 +570,9 @@ > > /* replace these with CR */ > > "\x1B\\[0m", /* me */ > > "\x1B""E", > > + "\x1B\\[\\?7h", > > + "\x1B\\[1L", > > + "\x1B\\[1M", > > }; > > char bufstr[3] = {ESC, '\x07', '\0'}, > > ebuf[256]; > > > > -- > *Kalani Sanders* *| System Administrator* > ksanders at asprack.com > (714) 902-2019 > (714) 902-2019 Fax > www.advancestorage.com > Advance > > *Advance Storage Products* > 15302 Pipeline Lane > Huntington Beach, CA 92649 > > *Quality You Trust* > > > The contents of this e-mail message and any attachments are */confidential/* and are intended solely for > addressee. > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From lucacomes at hotmail.it Mon May 8 14:23:19 2017 From: lucacomes at hotmail.it (luca comes) Date: Mon, 8 May 2017 14:23:19 +0000 Subject: [rancid] Alcatel Lucent switches Message-ID: Hi all, this is my first message on the list so I apologize in advance for any mistake. I've got a working rancid 3.6.2 installation on a CentOS 7 platform who is working on Cisco/HP switches with no problems. Now I need to include in it also some Alcatel Lucent platforms, OS 6850 and OS 6450 but it seems they aren't supported yet. I'm not a programmer but I tried to adapt some existing script login/rancid to get all the information I need but I have two problems. First of all seems that the script cannot parse the exit command so always an "end of run not found" is showed even if all the commands work fine. The second issue is that if I run the script manually from the bin directory it works well and the .new file is written. But if I try to get it working via rancid-run nothing happen. I've obviously added the right types in rancid.types.conf as: alcatel;script;alurancid -t alcatel alcatel;login;alulogin Aand populated router.db file, can someone help me? Attached the scripts used. Thank in advance Luca -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: alulogin Type: application/octet-stream Size: 23472 bytes Desc: alulogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: alurancid Type: application/octet-stream Size: 14933 bytes Desc: alurancid URL: From heas at shrubbery.net Tue May 9 21:17:06 2017 From: heas at shrubbery.net (heasley) Date: Tue, 9 May 2017 21:17:06 +0000 Subject: [rancid] Alcatel Lucent switches In-Reply-To: References: Message-ID: <20170509211706.GC77494@shrubbery.net> Mon, May 08, 2017 at 02:23:19PM +0000, luca comes: > Hi all, > > this is my first message on the list so I apologize in advance for any mistake. I've got a working rancid 3.6.2 installation on a CentOS 7 platform who is working on Cisco/HP switches with no problems. Now I need to include in it also some Alcatel Lucent platforms, OS 6850 and OS 6450 but it seems they aren't supported yet. I'm not a programmer but I tried to adapt some existing script login/rancid to get all the information I need but I have two problems. First of all seems that the script cannot parse the exit command so always an "end of run not found" is showed even if all the commands work fine. The second issue is that if I run the script manually from the bin directory it works well and the .new file is written. But if I try to get it working via rancid-run nothing happen. I've obviously added the right types in rancid.types.conf as: > if you can try ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.99.99.tar.gz sros (nokia/alcatel/insert the other 50 names for it) support has been added. Needs a bit more work, but it is stable. From heas at shrubbery.net Wed May 10 19:40:47 2017 From: heas at shrubbery.net ('Heasley') Date: Wed, 10 May 2017 19:40:47 +0000 Subject: [rancid] Rancid In-Reply-To: <2364AA7280B24E4AB43B6D7BFA4F9F9FCAA40CA9@EXMBX01V.cei-dom.ceicmhb> References: <2364AA7280B24E4AB43B6D7BFA4F9F9FCAA40CA9@EXMBX01V.cei-dom.ceicmhb> Message-ID: <20170510194047.GM54562@shrubbery.net> Sun, Apr 23, 2017 at 01:24:23AM +0000, Graham Mitchell: > > Could you show us what that looked like, prompt to prompt? > > Right-3945E-U25to27#config t > Enter configuration commands, one per line. End with CNTL/Z. > Right-3945E-U25to27(config)#file prompt noisy > Right-3945E-U25to27(config)#end > Right-3945E-U25to27#more system:running-config > Display filename [running-config]? > > thanks. Looks like 'no file prompt' might remove this altogether. This ought to correct the collection w/ it enabled: Index: bin/clogin.in =================================================================== --- bin/clogin.in (revision 3645) +++ bin/clogin.in (working copy) @@ -400,6 +400,10 @@ -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } + -re "^Display filename \\\[\[^]]*]\\?" { + send "\r" + exp_continue + } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " > > > Graham Mitchell|None > Senior Systems Engineer > Community Mental Health Authority of Clinton, Eaton, Ingham Counties > > telephone: 517 346 9523 > fax: > email: mitchell at ceicmh.org > website: www.ceicmh.org > > > > > > > -----Original Message----- > From: Heasley [mailto:heas at shrubbery.net] > Sent: Saturday, April 22, 2017 6:32 PM > To: Graham Mitchell > Cc: rancid-discuss at shrubbery.net > Subject: Re: Rancid > > > > > Am 22.04.2017 um 16:57 schrieb Graham Mitchell : > > > > I?ve just been having an issue with 3.4.1 for a couple of weeks which was driving me mad. I didn?t have much chance to look at it till today - and I did an upgrade to 3.6.2, and the issue was still there. > > > > I had been having an issue with one of our Cisco 3945E routers. All the others were fine, and 4 new ones I set up a couple of weeks ago were working well too. In the interim, we?ve also updated the IOS code on the router from c3900e-universalk9-mz.SPA.155-3.M1.bin to c3900e-universalk9-mz.SPA.155-3.M5.bin with no resolution of the problem. > > > > After poking around for a couple of hours (I?m not at all familiar with the RANCID internals), I tracked the issue down to the > > > > more system:running-config;write term > > > > command that was being run. I did a clogin test > > > > ./clogin -t 90 -c "more system:running-config;write term" c1-r00-3945e-a > > > > Which eventually timed out. Manually running the command on the router seemed to work as expected, and running on the new ones worked as expected too. However, after paying closer attention, the router giving me the issue was prompting me with the file name before doing the more, whereas the others were not. > > > > Checking through the configuration, the router giving me the issue had > > > > file prompt noisy > > > > set. The others did not. > > Could you show us what that looked like, prompt to prompt? > > > I?m not 100% sure why this was set on the one router (I need to check something on Monday), but setting it either ?alert? or ?quiet? fixes the issue for the moment. > > > > I?m certainly in no position to offer a patch to the RANCID code to make it work when it?s set to noisy, but just want to bring it to the maintainers attention. > > > > Graham Mitchell|None > > Senior Systems Engineer > > Community Mental Health Authority of Clinton, Eaton, Ingham Counties > > > > telephone: 517 346 9523 > > fax: > > email: mitchell at ceicmh.org > > website: www.ceicmh.org > > > > > > > > > > > > > > > > This email might contain confidential patient or other information that is protected by federal and state law. If you believe that this email reached you accidentally please reply back to notify me about the error, and please do not share this email with anybody else. If you are not the intended recipient do not review, distribute or duplicate any portion of this email. > > > > From Wayne.Eisenberg at CarolinasIT.com Wed May 10 21:44:05 2017 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Wed, 10 May 2017 21:44:05 +0000 Subject: [rancid] ssh problems Message-ID: Hi all, I was setting up a new ASA 5545 to be part of our happy family, and it would not let rancid/ssh login to it, although putty has no problem. The output I get is: [rancid at hosted]$ ssh -vvv -c aes256-cbc -x -l <***> OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/rancid/.ssh/identity type -1 debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/rancid/.ssh/id_rsa type 1 debug1: identity file /home/rancid/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host The relevant part of the firewall config: ssh scopy enable ssh y.y.y.y z.z.z.z outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 30 ssh key-exchange group dh-group1-sha1 I suspect the key-exchange group line is the issue, but dang if I can figure out how to resolve it. I do not have any problems with using ssh on any other device at all. So yes, I have an id_rsa file that seems to be just fine since I connect to all the other devices. The /etc/ssh/ssh_config file is only comments, no commands in there. If I try to add a line for KexAlgorithms, ssh gives me an error, 'bad configuration option'. ssh -V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 ssh -Q is not a valid option Any ideas? Thanks, Wayne ________________________________ The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Wed May 10 21:48:02 2017 From: scott.granados at gmail.com (Scott Granados) Date: Wed, 10 May 2017 17:48:02 -0400 Subject: [rancid] ssh problems In-Reply-To: References: Message-ID: You didn?t by chance generate this key your using on a windows device and then SCP it to your asa did you? All the white space errors are jumping out at me making me think there?s a problem in the CR / LF handling but that?s an absolute pure guess so please add as many grains of salt as you feel is warranted.:) > On May 10, 2017, at 5:44 PM, Wayne Eisenberg wrote: > > Hi all, > > I was setting up a new ASA 5545 to be part of our happy family, and it would not let rancid/ssh login to it, although putty has no problem. The output I get is: > > [rancid at hosted]$ ssh -vvv -c aes256-cbc -x -l <***> > OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to [x.x.x.x] port 22. > debug1: Connection established. > debug1: identity file /home/rancid/.ssh/identity type -1 > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/rancid/.ssh/id_rsa type 1 > debug1: identity file /home/rancid/.ssh/id_dsa type -1 > ssh_exchange_identification: Connection closed by remote host > > The relevant part of the firewall config: > ssh scopy enable > ssh y.y.y.y z.z.z.z outside > ssh 0.0.0.0 0.0.0.0 inside > ssh timeout 30 > ssh key-exchange group dh-group1-sha1 > > I suspect the key-exchange group line is the issue, but dang if I can figure out how to resolve it. I do not have any problems with using ssh on any other device at all. So yes, I have an id_rsa file that seems to be just fine since I connect to all the other devices. > > The /etc/ssh/ssh_config file is only comments, no commands in there. If I try to add a line for KexAlgorithms, ssh gives me an error, ?bad configuration option?. > > ssh ?V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 > ssh ?Q is not a valid option > > > Any ideas? > > Thanks, > Wayne > > > > The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From doug.hughes at keystonenap.com Thu May 11 01:42:15 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Wed, 10 May 2017 21:42:15 -0400 Subject: [rancid] ssh problems In-Reply-To: References: Message-ID: <16c3904f-8bcd-c7c0-2f7b-bdf686741e37@keystonenap.com> I had some problems with newer ASAs too. Try this in your .cloginrc add cyphertype aes256-cbc On 5/10/2017 5:44 PM, Wayne Eisenberg wrote: > > Hi all, > > > > I was setting up a new ASA 5545 to be part of our happy family, and it > would not let rancid/ssh login to it, although putty has no problem. > The output I get is: > > > > [rancid at hosted]$ ssh -vvv -c aes256-cbc -x -l <***> > > OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to [x.x.x.x] port 22. > > debug1: Connection established. > > debug1: identity file /home/rancid/.ssh/identity type -1 > > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > > debug2: key_type_from_name: unknown key type '-----BEGIN' > > debug3: key_read: missing keytype > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug3: key_read: missing whitespace > > debug2: key_type_from_name: unknown key type '-----END' > > debug3: key_read: missing keytype > > debug1: identity file /home/rancid/.ssh/id_rsa type 1 > > debug1: identity file /home/rancid/.ssh/id_dsa type -1 > > ssh_exchange_identification: Connection closed by remote host > > > > The relevant part of the firewall config: > > ssh scopy enable > > ssh y.y.y.y z.z.z.z outside > > ssh 0.0.0.0 0.0.0.0 inside > > ssh timeout 30 > > ssh key-exchange group dh-group1-sha1 > > > > I suspect the key-exchange group line is the issue, but dang if I can > figure out how to resolve it. I do not have any problems with using > ssh on any other device at all. So yes, I have an id_rsa file that > seems to be just fine since I connect to all the other devices. > > > > The /etc/ssh/ssh_config file is only comments, no commands in there. > If I try to add a line for KexAlgorithms, ssh gives me an error, ?bad > configuration option?. > > > > ssh ?V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 > > ssh ?Q is not a valid option > > > > > > Any ideas? > > > > Thanks, > > Wayne > > > > > ------------------------------------------------------------------------ > > The information in this Internet e-mail (and any attachments) is > confidential, may be legally privileged and is intended solely for the > Addressee(s) named above. If you are not the intended recipient, or > the employee or agent responsible for delivering it to the intended > recipient, then any dissemination or copying of this e-mail (and any > attachments) is prohibited and may be unlawful. If you received this > e-mail in error, please immediately notify us by e-mail or telephone, > then delete the message. Thank you. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From lucacomes at hotmail.it Wed May 10 07:29:03 2017 From: lucacomes at hotmail.it (luca comes) Date: Wed, 10 May 2017 07:29:03 +0000 Subject: [rancid] Alcatel Lucent switches In-Reply-To: <20170509211706.GC77494@shrubbery.net> References: , <20170509211706.GC77494@shrubbery.net> Message-ID: Hi Heasley, I will give it a try many thanks. Luca ________________________________ Da: heasley Inviato: marted? 9 maggio 2017 23.17 A: luca comes Cc: rancid-discuss at shrubbery.net Oggetto: Re: [rancid] Alcatel Lucent switches Mon, May 08, 2017 at 02:23:19PM +0000, luca comes: > Hi all, > > this is my first message on the list so I apologize in advance for any mistake. I've got a working rancid 3.6.2 installation on a CentOS 7 platform who is working on Cisco/HP switches with no problems. Now I need to include in it also some Alcatel Lucent platforms, OS 6850 and OS 6450 but it seems they aren't supported yet. I'm not a programmer but I tried to adapt some existing script login/rancid to get all the information I need but I have two problems. First of all seems that the script cannot parse the exit command so always an "end of run not found" is showed even if all the commands work fine. The second issue is that if I run the script manually from the bin directory it works well and the .new file is written. But if I try to get it working via rancid-run nothing happen. I've obviously added the right types in rancid.types.conf as: > if you can try ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.99.99.tar.gz sros (nokia/alcatel/insert the other 50 names for it) support has been added. Needs a bit more work, but it is stable. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Wayne.Eisenberg at CarolinasIT.com Thu May 11 04:41:38 2017 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Thu, 11 May 2017 04:41:38 +0000 Subject: [rancid] ssh problems In-Reply-To: References: Message-ID: The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it. You didn?t by chance generate this key your using on a windows device and then SCP it to your asa did you? All the white space errors are jumping out at me making me think there?s a problem in the CR / LF handling but that?s an absolute pure guess so please add as many grains of salt as you feel is warranted.:) On May 10, 2017, at 5:44 PM, Wayne Eisenberg > wrote: Hi all, I was setting up a new ASA 5545 to be part of our happy family, and it would not let rancid/ssh login to it, although putty has no problem. The output I get is: [rancid at hosted]$ ssh -vvv -c aes256-cbc -x -l <***> OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/rancid/.ssh/identity type -1 debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/rancid/.ssh/id_rsa type 1 debug1: identity file /home/rancid/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host The relevant part of the firewall config: ssh scopy enable ssh y.y.y.y z.z.z.z outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 30 ssh key-exchange group dh-group1-sha1 I suspect the key-exchange group line is the issue, but dang if I can figure out how to resolve it. I do not have any problems with using ssh on any other device at all. So yes, I have an id_rsa file that seems to be just fine since I connect to all the other devices. The /etc/ssh/ssh_config file is only comments, no commands in there. If I try to add a line for KexAlgorithms, ssh gives me an error, ?bad configuration option?. ssh ?V => OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 ssh ?Q is not a valid option Any ideas? Thanks, Wayne ________________________________ The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu May 11 14:43:54 2017 From: heas at shrubbery.net (heasley) Date: Thu, 11 May 2017 14:43:54 +0000 Subject: [rancid] ssh problems In-Reply-To: References: Message-ID: <20170511144354.GB7377@shrubbery.net> Thu, May 11, 2017 at 04:41:38AM +0000, Wayne Eisenberg: > The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it. well, it seems to be in the wrong format; given the error, probably PKCS. > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' move it aside, and % ssh-keygen -t rsa From heas at shrubbery.net Thu May 11 17:52:46 2017 From: heas at shrubbery.net (heasley) Date: Thu, 11 May 2017 17:52:46 +0000 Subject: [rancid] Collaborative development for rancid (e.g. git / github) In-Reply-To: References: <1423237280.15902.16.camel@seaknight.telkomsa.net> Message-ID: <20170511175246.GL7377@shrubbery.net> Tue, May 02, 2017 at 05:52:42PM +0100, Alex DEKKER: > On 06/02/15 15:41, Buchan Milne wrote: > > Wouldn't it make sense to have a public repo for rancid, preferably git, > > and if there is no other infrastructure planned, github is probably the > > easiest. > > Did this ever get anywhere? I want to work on adding a new device type > and would like to start with the latest source. > > alexd We have decided, today, that we will make available an interface to the repo. I first need to separate some proprietary info from the repo that can not be made public. We need to decided which method is easiest for us; it will either be an interface to the svn repo, to which git has a builtin "bridge" as git calls it in the docs, or i'll push to github on a regular basis. In the meantime, ftp://ftp.shrubbery.net/pub/rancid/alpah/ is kept reasonably up to date with HEAD. From heas at shrubbery.net Thu May 11 19:19:09 2017 From: heas at shrubbery.net (heasley) Date: Thu, 11 May 2017 19:19:09 +0000 Subject: [rancid] ASAs with multiple contexts In-Reply-To: <1492638188.192654.949858288.5B0A6584@webmail.messagingengine.com> References: <1492638188.192654.949858288.5B0A6584@webmail.messagingengine.com> Message-ID: <20170511191909.GT7377@shrubbery.net> Wed, Apr 19, 2017 at 04:43:08PM -0500, Mark Felder: > It seems this horse has been beaten to death for many years, but no > single solution exists that I've been able to locate. Even the Oxidized > folks haven't solved it yet, but they have a patch in progress. [1] > > Is there a solution for RANCID users yet or are people still hacking > away at the code to make it work for their specific > environments/devices? I thought that one of these caught the contexts of the ASA: cisco;command;ios::WriteTerm;more system:running-config;ASA/PIX cisco;command;ios::WriteTerm;show running-config view full;workaround for role-based CLI Others have used separate router.db entries for each context on the PIX. And, the a10 has some similar configuration that is apparently (I do not have one and am not familiar with it) not dumped with the rest of the config. To collect that, a10login had some weird stuff, which was buggy, that attempt to parse the output from one of the commands in the command list for a10 and insert other commands into the output. To do that more generically - and not in tcl, i started adding a way to insert commands. eg: a10;command;acos::ShowAflex;show aflex all-partitions +a10;precommand;acos::AflexCmds;show aflex;#requires the command above a10;command;acos::ShowRunningConfig;show running-config all-partitions rancid would run the precommand(s), which could insert commands into the command list or a postcommand list to collect output for each of the configured partitions. It does mean multiple logins, but feh. Is this appealing for the ASA (another platform I have little experience with) problem? > Thanks! > > [1] https://github.com/ytti/oxidized/pull/479 > > -- > Mark Felder > feld at feld.me > From skyeh at uidaho.edu Thu May 11 20:41:20 2017 From: skyeh at uidaho.edu (Hagen, Skye (skyeh@uidaho.edu)) Date: Thu, 11 May 2017 20:41:20 +0000 Subject: [rancid] ASAs with multiple contexts In-Reply-To: <20170511191909.GT7377@shrubbery.net> References: <1492638188.192654.949858288.5B0A6584@webmail.messagingengine.com> <20170511191909.GT7377@shrubbery.net> Message-ID: <33C88C59-0849-413A-9E69-9DFC1A272ADF@uidaho.edu> It sounds like it might work. The tricky part could the fact the prompt might change. With a multi-context ASA, one of the contexts will be an admin context. It does not have to be named ?admin?, but anTo get a context configuration, there are two choices. You can login to each context, or login to the admin context, and changeto a different context. A standard ?show run? will get you the config, with passwords automatically blanked. In addition, there is a system context, which you cannot log into directly, it can only be accessed by doing a ?changeto system? command from the admin context. (To change between contexts, the command is ?changeto context ?.) When changing between contexts, the prompt may change. The format of the prompt is in the system context. I?ve included a snippet showing parts of the system context. A single ?exit? command will log you off the ASA. I?m running an old copy of RANCID, and using the usercmd patch to backup the system context on my ASA. Here?s how I did it. add method asa-system.its.uidaho.edu {usercmd} add usercmd asa-system.its.uidaho.edu {clogin} {fw1.its.uidaho.edu} add usercmd_chat asa-system.its.uidaho.edu {#} {changeto system\r} {#} {terminal pager 0\r} Skye. ----- lib-asa1/FW1/act/pri> en Password: **************** lib-asa1/FW1/act/pri# changeto system < Here?s the ?changeto system? command, note the prompt change on the next line. lib-asa1/act/pri# show run : Saved : ! interface GigabitEthernet0/3 description ** crlk xxxborder Gi1/20 ** channel-group 13 mode active ! interface Port-channel13 description ** Quad 1Gbps xxxborder crlk ** ! interface Port-channel13.47 vlan 47 ! admin-context FW1 < here?s where the admin context is defined. context FW1 allocate-interface Port-channel33.35 config-url disk0:/FW1 ! context admin allocate-interface Management0/0 config-url disk0:/admin.cfg ! prompt hostname context state priority < Here?s where the format of the prompt is set. This applies to all contexts. Cryptochecksum:1308a3bcb393b090191708a6cb9b6d0f : end lib-asa1/act/pri# exit Logoff Connection to asa1-FW1 closed. ----- On 5/11/17, 12:19 PM, "Rancid-discuss on behalf of heasley" wrote: Wed, Apr 19, 2017 at 04:43:08PM -0500, Mark Felder: > It seems this horse has been beaten to death for many years, but no > single solution exists that I've been able to locate. Even the Oxidized > folks haven't solved it yet, but they have a patch in progress. [1] > > Is there a solution for RANCID users yet or are people still hacking > away at the code to make it work for their specific > environments/devices? I thought that one of these caught the contexts of the ASA: cisco;command;ios::WriteTerm;more system:running-config;ASA/PIX cisco;command;ios::WriteTerm;show running-config view full;workaround for role-based CLI Others have used separate router.db entries for each context on the PIX. And, the a10 has some similar configuration that is apparently (I do not have one and am not familiar with it) not dumped with the rest of the config. To collect that, a10login had some weird stuff, which was buggy, that attempt to parse the output from one of the commands in the command list for a10 and insert other commands into the output. To do that more generically - and not in tcl, i started adding a way to insert commands. eg: a10;command;acos::ShowAflex;show aflex all-partitions +a10;precommand;acos::AflexCmds;show aflex;#requires the command above a10;command;acos::ShowRunningConfig;show running-config all-partitions rancid would run the precommand(s), which could insert commands into the command list or a postcommand list to collect output for each of the configured partitions. It does mean multiple logins, but feh. Is this appealing for the ASA (another platform I have little experience with) problem? > Thanks! > > [1] https://github.com/ytti/oxidized/pull/479 > > -- > Mark Felder > feld at feld.me > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From rancid at ale.cx Thu May 11 21:29:10 2017 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 11 May 2017 22:29:10 +0100 Subject: [rancid] Collaborative development for rancid (e.g. git / github) In-Reply-To: <20170511175246.GL7377@shrubbery.net> References: <1423237280.15902.16.camel@seaknight.telkomsa.net> <20170511175246.GL7377@shrubbery.net> Message-ID: <2bd5ba3e-ef58-3daa-95fc-9df5017fb98e@ale.cx> On 11/05/17 18:52, heasley wrote: > > We have decided, today, that we will make available an interface to the > repo. I first need to separate some proprietary info from the repo that > can not be made public. > > We need to decided which method is easiest for us; it will either be an > interface to the svn repo, to which git has a builtin "bridge" as git > calls it in the docs, or i'll push to github on a regular basis. > > In the meantime, ftp://ftp.shrubbery.net/pub/rancid/alpah/ is kept > reasonably up to date with HEAD. > Great stuff! alexd From jason at biel-tech.com Fri May 12 10:30:35 2017 From: jason at biel-tech.com (Jason Biel) Date: Fri, 12 May 2017 05:30:35 -0500 Subject: [rancid] Collaborative development for rancid (e.g. git / github) In-Reply-To: <2bd5ba3e-ef58-3daa-95fc-9df5017fb98e@ale.cx> References: <1423237280.15902.16.camel@seaknight.telkomsa.net> <20170511175246.GL7377@shrubbery.net> <2bd5ba3e-ef58-3daa-95fc-9df5017fb98e@ale.cx> Message-ID: Github would be the best idea. Would easily allow for syncing of module changes/additions for devices. On Thu, May 11, 2017 at 4:29 PM, Alex DEKKER wrote: > On 11/05/17 18:52, heasley wrote: > >> >> We have decided, today, that we will make available an interface to the >> repo. I first need to separate some proprietary info from the repo that >> can not be made public. >> >> We need to decided which method is easiest for us; it will either be an >> interface to the svn repo, to which git has a builtin "bridge" as git >> calls it in the docs, or i'll push to github on a regular basis. >> >> In the meantime, ftp://ftp.shrubbery.net/pub/rancid/alpah/ is kept >> reasonably up to date with HEAD. >> >> Great stuff! > > alexd > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From jan.pata1 at cz.ibm.com Fri May 12 07:37:15 2017 From: jan.pata1 at cz.ibm.com (Jan Pata) Date: Fri, 12 May 2017 09:37:15 +0200 Subject: [rancid] Rancid Server installation support request Message-ID: Hallo, I am a PM working for IBM. I do have a question: currently we shall implement Rancid Servers to one of our client and due to we don?t have skills to do that I would like to know: a) do you provide on-line support b) can you share some service packages/prices/availability/time or provided service Thank you in advance for your response. Regards, Jan Pata Project Manager THINK ACADEMY Phone: 420-724 464 148 IBM E-mail: jan.pata1 at cz.ibm.com Technicka 21 Brno, 61600 Czech Republic -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 1B107099.gif Type: image/gif Size: 2481 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 1B814272.gif Type: image/gif Size: 2022 bytes Desc: not available URL: From Wayne.Eisenberg at CarolinasIT.com Fri May 12 15:33:27 2017 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Fri, 12 May 2017 15:33:27 +0000 Subject: [rancid] ssh problems In-Reply-To: <20170511144354.GB7377@shrubbery.net> References: <20170511144354.GB7377@shrubbery.net> Message-ID: I was just informed that there is some kind of network device sitting in front of the firewall, intercepting traffic. I will get that resolved first and then try rancid again, so this troubleshooting is temporarily on hold. Thanks for the suggestions, though. -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Thursday, May 11, 2017 10:44 AM To: Wayne Eisenberg Cc: 'Scott Granados'; 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] ssh problems Thu, May 11, 2017 at 04:41:38AM +0000, Wayne Eisenberg: > The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it. well, it seems to be in the wrong format; given the error, probably PKCS. > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' move it aside, and % ssh-keygen -t rsa ________________________________ The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. From heas at shrubbery.net Fri May 12 15:42:53 2017 From: heas at shrubbery.net ('heasley') Date: Fri, 12 May 2017 15:42:53 +0000 Subject: [rancid] ssh problems In-Reply-To: References: <20170511144354.GB7377@shrubbery.net> Message-ID: <20170512154253.GB22183@shrubbery.net> Fri, May 12, 2017 at 03:33:27PM +0000, Wayne Eisenberg: > I was just informed that there is some kind of network device sitting in front of the firewall, intercepting traffic. I will get that resolved first and then try rancid again, so this troubleshooting is temporarily on hold. Thanks for the suggestions, though. that is not the problem. that error is clearly from the client program, ie: local. > > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Thursday, May 11, 2017 10:44 AM > To: Wayne Eisenberg > Cc: 'Scott Granados'; 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] ssh problems > > Thu, May 11, 2017 at 04:41:38AM +0000, Wayne Eisenberg: > > The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it. > > well, it seems to be in the wrong format; given the error, probably PKCS. > > > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > > debug2: key_type_from_name: unknown key type '-----BEGIN' > > move it aside, and > > % ssh-keygen -t rsa > > ________________________________ > > The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. From gmourani at gmail.com Fri May 12 15:16:48 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 12 May 2017 11:16:48 -0400 Subject: [rancid] Fortigate backup fail when # character is present Message-ID: Hello, When # characters are present, Fortigate backup fail! I've to remove all # characters for the backup to successfully complete. Gerhard, From heas at shrubbery.net Fri May 12 18:31:17 2017 From: heas at shrubbery.net (heasley) Date: Fri, 12 May 2017 18:31:17 +0000 Subject: [rancid] Fortigate backup fail when # character is present In-Reply-To: References: Message-ID: <20170512183117.GG22183@shrubbery.net> Fri, May 12, 2017 at 11:16:48AM -0400, Gerhard Mourani: > Hello, > > When # characters are present, Fortigate backup fail! > I've to remove all # characters for the backup to successfully complete. how is anyone supposed to help you with such limited information? you havent told us the version of rancid or fortigate s/w, shown us the error or what you have removed, or the context of where the #s occur in the output from the device. From gmourani at gmail.com Fri May 12 18:50:08 2017 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 12 May 2017 14:50:08 -0400 Subject: [rancid] Fortigate backup fail when # character is present In-Reply-To: <20170512183117.GG22183@shrubbery.net> References: <20170512183117.GG22183@shrubbery.net> Message-ID: <0310C823-5195-4B64-A864-5BAC83C10E5B@gmail.com> Ooops, sorry. Rancid version: 3.6.2 Fortigate model: 1500 Fortigate version: 5.2 Here, a part of the config where the backup stop. edit "Web_RIMP_MedEcho" set uuid 607c4e8a-cae4-53e4-6d10-8a0d7a7980oe set type fqdn set comment "C2 # 1182274" set fqdn "www.prod.xxxx.xxxx.xx.xx" If I change the comment line for: set comment "C2 # 1182274" To set comment "C2 1182274" It will work through the next comment line where the # sign appears again. Gerhard, > On May 12, 2017, at 2:31 PM, heasley wrote: > > Fri, May 12, 2017 at 11:16:48AM -0400, Gerhard Mourani: >> Hello, >> >> When # characters are present, Fortigate backup fail! >> I've to remove all # characters for the backup to successfully complete. > > how is anyone supposed to help you with such limited information? you > havent told us the version of rancid or fortigate s/w, shown us the > error or what you have removed, or the context of where the #s occur > in the output from the device. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Sun May 14 22:55:14 2017 From: heas at shrubbery.net (heasley) Date: Sun, 14 May 2017 22:55:14 +0000 Subject: [rancid] Fortigate backup fail when # character is present In-Reply-To: <0310C823-5195-4B64-A864-5BAC83C10E5B@gmail.com> References: <20170512183117.GG22183@shrubbery.net> <0310C823-5195-4B64-A864-5BAC83C10E5B@gmail.com> Message-ID: <20170514225514.GC46761@shrubbery.net> Fri, May 12, 2017 at 02:50:08PM -0400, Gerhard Mourani: > Ooops, sorry. > > Rancid version: 3.6.2 > Fortigate model: 1500 > Fortigate version: 5.2 > > Here, a part of the config where the backup stop. > > edit "Web_RIMP_MedEcho" > set uuid 607c4e8a-cae4-53e4-6d10-8a0d7a7980oe > set type fqdn > set comment "C2 # 1182274" > set fqdn "www.prod.xxxx.xxxx.xx.xx" > > If I change the comment line for: > > set comment "C2 # 1182274" > To > set comment "C2 1182274" > > It will work through the next comment line where the # sign appears again. I see the problem; but am not sure of the fix. What does the prompt normally look like? i have some save output that seems like it is ^hostname [#\$] $ Is this accurate? > Gerhard, > > > On May 12, 2017, at 2:31 PM, heasley wrote: > > > > Fri, May 12, 2017 at 11:16:48AM -0400, Gerhard Mourani: > >> Hello, > >> > >> When # characters are present, Fortigate backup fail! > >> I've to remove all # characters for the backup to successfully complete. > > > > how is anyone supposed to help you with such limited information? you > > havent told us the version of rancid or fortigate s/w, shown us the > > error or what you have removed, or the context of where the #s occur > > in the output from the device. > From Wayne.Eisenberg at CarolinasIT.com Mon May 15 19:49:52 2017 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Mon, 15 May 2017 19:49:52 +0000 Subject: [rancid] ssh problems In-Reply-To: <20170512154253.GB22183@shrubbery.net> References: <20170511144354.GB7377@shrubbery.net> <20170512154253.GB22183@shrubbery.net> Message-ID: Well, I did as you suggested and nothing changed. There are no problems contacting dozens of other devices with the exact same key. I'll let you know how it goes once that other device is updated. -----Original Message----- From: 'heasley' [mailto:heas at shrubbery.net] Sent: Friday, May 12, 2017 11:43 AM To: Wayne Eisenberg Cc: 'heasley'; 'Scott Granados'; 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] ssh problems Fri, May 12, 2017 at 03:33:27PM +0000, Wayne Eisenberg: > I was just informed that there is some kind of network device sitting in front of the firewall, intercepting traffic. I will get that resolved first and then try rancid again, so this troubleshooting is temporarily on hold. Thanks for the suggestions, though. that is not the problem. that error is clearly from the client program, ie: local. > > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Thursday, May 11, 2017 10:44 AM > To: Wayne Eisenberg > Cc: 'Scott Granados'; 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] ssh problems > > Thu, May 11, 2017 at 04:41:38AM +0000, Wayne Eisenberg: > > The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it. > > well, it seems to be in the wrong format; given the error, probably PKCS. > > > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > > debug2: key_type_from_name: unknown key type '-----BEGIN' > > move it aside, and > > % ssh-keygen -t rsa > > ________________________________ > > The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. From vaniello at schonfeld.com Mon May 15 20:45:35 2017 From: vaniello at schonfeld.com (Vincent Aniello) Date: Mon, 15 May 2017 20:45:35 +0000 Subject: [rancid] Git support in RANCID 3.6.2 Message-ID: <7d1be8a5eff74564816b69d4f9348945@schonfeld.com> Is git still supported in Rancid 3.6.2? From the RANCID documentation it would appear that it is, but when I run configure with the option -with-git I get the error: configure: WARNING: unrecognized options: --with-git Is this a bug, a mistake on my part, or has git support been removed? Thank you. --Vincent This communication is for informational purposes only. It is not intended as an offer or solicitation or as an official confirmation. Market prices and other information are not guaranteed as to completeness or accuracy and are subject to change without notice. Schonfeld Group reserves the right to monitor and review the content of all messages sent to or from this e-mail address. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon May 15 22:13:13 2017 From: heas at shrubbery.net (heasley) Date: Mon, 15 May 2017 22:13:13 +0000 Subject: [rancid] Git support in RANCID 3.6.2 In-Reply-To: <7d1be8a5eff74564816b69d4f9348945@schonfeld.com> References: <7d1be8a5eff74564816b69d4f9348945@schonfeld.com> Message-ID: <20170515221313.GC20701@shrubbery.net> Mon, May 15, 2017 at 08:45:35PM +0000, Vincent Aniello: > Is git still supported in Rancid 3.6.2? From the RANCID documentation it would appear that it is, but when I run configure with the option -with-git I get the error: > > configure: WARNING: unrecognized options: --with-git > > Is this a bug, a mistake on my part, or has git support been removed? > > Thank you. > > --Vincent i distributed that without that option, by accident. it is fixed in the current alpha tarball. sorry about that. From heas at shrubbery.net Mon May 15 22:14:03 2017 From: heas at shrubbery.net ('heasley') Date: Mon, 15 May 2017 22:14:03 +0000 Subject: [rancid] ssh problems In-Reply-To: References: <20170511144354.GB7377@shrubbery.net> <20170512154253.GB22183@shrubbery.net> Message-ID: <20170515221403.GD20701@shrubbery.net> Mon, May 15, 2017 at 07:49:52PM +0000, Wayne Eisenberg: > Well, I did as you suggested and nothing changed. There are no problems contacting dozens of other devices with the exact same key. I'll let you know how it goes once that other device is updated. it should no longer produce the same error though; correct? > -----Original Message----- > From: 'heasley' [mailto:heas at shrubbery.net] > Sent: Friday, May 12, 2017 11:43 AM > To: Wayne Eisenberg > Cc: 'heasley'; 'Scott Granados'; 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] ssh problems > > Fri, May 12, 2017 at 03:33:27PM +0000, Wayne Eisenberg: > > I was just informed that there is some kind of network device sitting in front of the firewall, intercepting traffic. I will get that resolved first and then try rancid again, so this troubleshooting is temporarily on hold. Thanks for the suggestions, though. > > that is not the problem. that error is clearly from the client program, > ie: local. > > > > > -----Original Message----- > > From: heasley [mailto:heas at shrubbery.net] > > Sent: Thursday, May 11, 2017 10:44 AM > > To: Wayne Eisenberg > > Cc: 'Scott Granados'; 'rancid-discuss at shrubbery.net' > > Subject: Re: [rancid] ssh problems > > > > Thu, May 11, 2017 at 04:41:38AM +0000, Wayne Eisenberg: > > > The ASA? The key there existed before my involvement, so I have no idea where it was generated. But I thought this was a problem with the local key of the rancid host, which was generated on it. > > > > well, it seems to be in the wrong format; given the error, probably PKCS. > > > > > debug3: Not a RSA1 key file /home/rancid/.ssh/id_rsa. > > > debug2: key_type_from_name: unknown key type '-----BEGIN' > > > > move it aside, and > > > > % ssh-keygen -t rsa > > > > ________________________________ > > > > The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. From Robert.Remsik at colostate.edu Tue May 16 22:41:02 2017 From: Robert.Remsik at colostate.edu (Remsik,Robert) Date: Tue, 16 May 2017 22:41:02 +0000 Subject: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) Message-ID: Hello! I'm trying to troubleshoot a case where rancid's not backing up a device properly because it can't login. ... In the test.log file: ... starting: Tue May 16 15:37:25 MDT 2017 Trying to get all of the configs. couldn't compile regular expression pattern: parentheses () not balanced while executing "expect { -re "\[\n\r]+" { exp_continue } -re $reprompt {} }" (procedure "run_commands" line 12) invoked from within "run_commands $prompt $command" ("foreach" body line 159) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "/path-to-rancid/rancid-3.5.1/bin/hlogin" line 657)^M 10.100.116.17: missed cmd(s): all commands 10.100.116.17: End of run not found ... which after trying to run hrancid I get the same error and it doesn't write the correct debug file 'z'. Looking at the .new file I see it didn't process any of the commands. ... rancid at truck:~/bin$ hrancid -t z -d 10.100.116.17 executing hlogin -t 90 -c"show version;show flash;show system-information;show system information;show module;show stack;show tech transceivers;show config files;show config status;write term" 10.100.116.17 rancid at truck:~/bin$ ls z ls: cannot access 'z': No such file or directory rancid at truck:~/bin$ ls *.new 10.100.116.17.new rancid at truck:~/bin$ cat 10.100.116.17.new ;RANCID-CONTENT-TYPE: hp ; ; ; ; ; ; ; ; ; ... When I run hlogin with the -c option I get the same error. However when I remove the -c option to confirm if I can login at all, I can, with an artifact of (^[[53;211R) at the prompt. Logging in via SSH doesn't provide this artifact. ... rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc -c 'show ip' x.y.116.17 x.y.116.17 spawn hpuifilter -- ssh -x -l USER x.y.116.17 We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.hpe.com/networking/register USER at x.y.116.17's password: Aruba JL261A 2930F-24G-PoE+-4SFP Switch Software revision WC.16.02.0016 (C) Copyright 2017 Hewlett Packard Enterprise Development LP RESTRICTED RIGHTS LEGEND Confidential computer software. Valid license from Hewlett Packard Enterprise Development LP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Press any key to continueYour previous successful login (as x) was on 2017-05-16 16:28:23 from 10.100.1.219 hostname# couldn't compile regular expression pattern: parentheses () not balanced while executing "expect { -re "\[\n\r]+" { exp_continue } -re $reprompt {} }" (procedure "run_commands" line 12) invoked from within "run_commands $prompt $command" ("foreach" body line 159) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "./hlogin" line 657) rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc x.y.116.17 x.y.116.17 spawn ssh -x -l USER x.y.116.17 We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.hpe.com/networking/register USER at x.y.116.17's password: Aruba JL261A 2930F-24G-PoE+-4SFP Switch Software revision WC.16.02.0016 (C) Copyright 2017 Hewlett Packard Enterprise Development LP RESTRICTED RIGHTS LEGEND Confidential computer software. Valid license from Hewlett Packard Enterprise Development LP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Press any key to continue from x.y.1.219 HOSTNAME# ^[[53;211R HOSTNAME# ... Curiously the problem is not widespread. ~1% of my environment and after talking with a college (who's running the latest version of rancid - he reported the problem to me) it appears to be switch version dependant as only some specific versions of code. He confirmed by upgrading and downgrading code on an HP5412Rzl2 in his environment. I was able to locate 2 more versions of code that had the same error. Aruba JL261A 2930F-24G-PoE+-4SFP Switch Software revision WC.16.02.0016 HP J9851A Switch 5412Rzl2 Software revision KB.16.01.0012 Switch Version RANCID able to poll 16.03.0004 no 16.03.0003 yes 16.02.0018 no 16.02.0016 no 16.02.0015 yes 16.02.0013 yes Has anyone encountered this before or know how to remove the artifact? Thank you in advance, Robert Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From peo at chalmers.se Wed May 17 05:19:08 2017 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 17 May 2017 07:19:08 +0200 Subject: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) In-Reply-To: References: Message-ID: <25c14ca6-2501-a9f1-c790-2cb873c962ee@chalmers.se> Hello Is it new ESC-codes added in late HP/Aruba versionens that make the login problem? It's possible that You need to patch hpuifilter.c and add filters for ?[?7h?, ?[1L?, and ?[1M?. Look for Subject "rancid with hp5412 J8697A or hp5406" posted on this list mars 24 2017. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-avdelningen Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Mob: 0707 88 3708 ---------------------------------------------------------- On 05/17/2017 12:41 AM, Remsik,Robert wrote: > Hello! > > > I'm trying to troubleshoot a case where rancid's not backing up a device properly because it can't login. > > > ... In the test.log file: ... > > starting: Tue May 16 15:37:25 MDT 2017 > > > > Trying to get all of the configs. > couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect { > -re "\[\n\r]+" { exp_continue } > -re $reprompt {} > }" > (procedure "run_commands" line 12) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 159) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find t..." > (file "/path-to-rancid/rancid-3.5.1/bin/hlogin" line 657)^M > 10.100.116.17: missed cmd(s): all commands > 10.100.116.17: End of run not found > > ... which after trying to run hrancid I get the same error and it doesn't write the correct debug file 'z'. > Looking at the .new file I see it didn't process any of the commands. ... > > rancid at truck:~/bin$ hrancid -t z -d 10.100.116.17 > executing hlogin -t 90 -c"show version;show flash;show system-information;show system information;show > module;show stack;show tech transceivers;show config files;show config status;write term" 10.100.116.17 > > rancid at truck:~/bin$ ls z > ls: cannot access 'z': No such file or directory > > > rancid at truck:~/bin$ ls *.new > 10.100.116.17.new > > > > rancid at truck:~/bin$ cat 10.100.116.17.new > ;RANCID-CONTENT-TYPE: hp > ; > ; > ; > ; > ; > ; > ; > ; > ; > > > > ... When I run hlogin with the -c option I get the same error. However when I remove the -c option to confirm > if I can login at all, I can, with an artifact of (^[[53;211R) at the prompt. Logging in via SSH doesn't > provide this artifact. ... > > rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc -c 'show ip' x.y.116.17 > x.y.116.17 > spawn hpuifilter -- ssh -x -l USER x.y.116.17 > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > Please register your products now at: www.hpe.com/networking/register > > > USER at x.y.116.17's password: > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > (C) Copyright 2017 Hewlett Packard Enterprise Development LP > > RESTRICTED RIGHTS LEGEND > Confidential computer software. Valid license from Hewlett Packard Enterprise > Development LP required for possession, use or copying. Consistent with FAR > 12.211 and 12.212, Commercial Computer Software, Computer Software > Documentation, and Technical Data for Commercial Items are licensed to the > U.S. Government under vendor's standard commercial license. > > Press any key to continueYour previous successful login (as x) was on 2017-05-16 16:28:23 > from 10.100.1.219 > hostname# couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect { > -re "\[\n\r]+"{ exp_continue } > -re $reprompt{} > }" > (procedure "run_commands" line 12) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 159) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find t..." > (file "./hlogin" line 657) > > rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc x.y.116.17 > x.y.116.17 > spawn ssh -x -l USER x.y.116.17 > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > Please register your products now at: www.hpe.com/networking/register > > > USER at x.y.116.17's password: > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > (C) Copyright 2017 Hewlett Packard Enterprise Development LP > > RESTRICTED RIGHTS LEGEND > Confidential computer software. Valid license from Hewlett Packard Enterprise > Development LP required for possession, use or copying. Consistent with FAR > 12.211 and 12.212, Commercial Computer Software, Computer Software > Documentation, and Technical Data for Commercial Items are licensed to the > U.S. Government under vendor's standard commercial license. > > Press any key to continue > from x.y.1.219 > > > HOSTNAME# ^[[53;211R > HOSTNAME# > > ... Curiously the problem is not widespread. ~1% of my environment and after talking with a college (who's > running the latest version of rancid - he reported the problem to me) it appears to be switch version > dependant as only some specific versions of code. He confirmed by upgrading and downgrading code on an > HP5412Rzl2 in his environment. I was able to locate 2 more versions of code that had the same error. > > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > HP J9851A Switch 5412Rzl2 > Software revision KB.16.01.0012 > > *Switch Version RANCID able to poll* > 16.03.0004 no > 16.03.0003 yes > 16.02.0018 no > 16.02.0016 no > 16.02.0015 yes > 16.02.0013 yes > > > Has anyone encountered this before or know how to remove the artifact? Thank you in advance, > > > Robert > > > > > Robert Remsik > > ACNS > > Desk Phone: 970 491 7120 > > Robert.Remsik at colostate.edu > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > From Robert.Remsik at colostate.edu Wed May 17 15:45:34 2017 From: Robert.Remsik at colostate.edu (Remsik,Robert) Date: Wed, 17 May 2017 15:45:34 +0000 Subject: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) In-Reply-To: References: , <25c14ca6-2501-a9f1-c790-2cb873c962ee@chalmers.se>, Message-ID: Confirmed, that was the exact fix needed. Thank you all again! Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu ________________________________ From: Remsik,Robert Sent: Wednesday, May 17, 2017 8:55:07 AM To: Per-Olof Olsson; rancid-discuss at shrubbery.net Subject: Re: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) That looks to be almost, if not exactly what I'm looking for. Thank you. ? Did you just do a 'make', to compile the hpuifilter file? Or did you do 'make install' as well? I'm hoping I can just 'make' and then copy the compiled file to where I need. Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu ________________________________ From: Per-Olof Olsson Sent: Tuesday, May 16, 2017 11:19 PM To: Remsik,Robert; rancid-discuss at shrubbery.net Subject: Re: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) Hello Is it new ESC-codes added in late HP/Aruba versionens that make the login problem? It's possible that You need to patch hpuifilter.c and add filters for ?[?7h?, ?[1L?, and ?[1M?. Look for Subject "rancid with hp5412 J8697A or hp5406" posted on this list mars 24 2017. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-avdelningen Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Mob: 0707 88 3708 ---------------------------------------------------------- On 05/17/2017 12:41 AM, Remsik,Robert wrote: > Hello! > > > I'm trying to troubleshoot a case where rancid's not backing up a device properly because it can't login. > > > ... In the test.log file: ... > > starting: Tue May 16 15:37:25 MDT 2017 > > > > Trying to get all of the configs. > couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect { > -re "\[\n\r]+" { exp_continue } > -re $reprompt {} > }" > (procedure "run_commands" line 12) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 159) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find t..." > (file "/path-to-rancid/rancid-3.5.1/bin/hlogin" line 657)^M > 10.100.116.17: missed cmd(s): all commands > 10.100.116.17: End of run not found > > ... which after trying to run hrancid I get the same error and it doesn't write the correct debug file 'z'. > Looking at the .new file I see it didn't process any of the commands. ... > > rancid at truck:~/bin$ hrancid -t z -d 10.100.116.17 > executing hlogin -t 90 -c"show version;show flash;show system-information;show system information;show > module;show stack;show tech transceivers;show config files;show config status;write term" 10.100.116.17 > > rancid at truck:~/bin$ ls z > ls: cannot access 'z': No such file or directory > > > rancid at truck:~/bin$ ls *.new > 10.100.116.17.new > > > > rancid at truck:~/bin$ cat 10.100.116.17.new > ;RANCID-CONTENT-TYPE: hp > ; > ; > ; > ; > ; > ; > ; > ; > ; > > > > ... When I run hlogin with the -c option I get the same error. However when I remove the -c option to confirm > if I can login at all, I can, with an artifact of (^[[53;211R) at the prompt. Logging in via SSH doesn't > provide this artifact. ... > > rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc -c 'show ip' x.y.116.17 > x.y.116.17 > spawn hpuifilter -- ssh -x -l USER x.y.116.17 > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > Please register your products now at: www.hpe.com/networking/register > > > USER at x.y.116.17's password: > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > (C) Copyright 2017 Hewlett Packard Enterprise Development LP > > RESTRICTED RIGHTS LEGEND > Confidential computer software. Valid license from Hewlett Packard Enterprise > Development LP required for possession, use or copying. Consistent with FAR > 12.211 and 12.212, Commercial Computer Software, Computer Software > Documentation, and Technical Data for Commercial Items are licensed to the > U.S. Government under vendor's standard commercial license. > > Press any key to continueYour previous successful login (as x) was on 2017-05-16 16:28:23 > from 10.100.1.219 > hostname# couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect { > -re "\[\n\r]+"{ exp_continue } > -re $reprompt{} > }" > (procedure "run_commands" line 12) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 159) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find t..." > (file "./hlogin" line 657) > > rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc x.y.116.17 > x.y.116.17 > spawn ssh -x -l USER x.y.116.17 > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > Please register your products now at: www.hpe.com/networking/register > > > USER at x.y.116.17's password: > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > (C) Copyright 2017 Hewlett Packard Enterprise Development LP > > RESTRICTED RIGHTS LEGEND > Confidential computer software. Valid license from Hewlett Packard Enterprise > Development LP required for possession, use or copying. Consistent with FAR > 12.211 and 12.212, Commercial Computer Software, Computer Software > Documentation, and Technical Data for Commercial Items are licensed to the > U.S. Government under vendor's standard commercial license. > > Press any key to continue > from x.y.1.219 > > > HOSTNAME# ^[[53;211R > HOSTNAME# > > ... Curiously the problem is not widespread. ~1% of my environment and after talking with a college (who's > running the latest version of rancid - he reported the problem to me) it appears to be switch version > dependant as only some specific versions of code. He confirmed by upgrading and downgrading code on an > HP5412Rzl2 in his environment. I was able to locate 2 more versions of code that had the same error. > > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > HP J9851A Switch 5412Rzl2 > Software revision KB.16.01.0012 > > *Switch Version RANCID able to poll* > 16.03.0004 no > 16.03.0003 yes > 16.02.0018 no > 16.02.0016 no > 16.02.0015 yes > 16.02.0013 yes > > > Has anyone encountered this before or know how to remove the artifact? Thank you in advance, > > > Robert > > > > > Robert Remsik > > ACNS > > Desk Phone: 970 491 7120 > > Robert.Remsik at colostate.edu > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Robert.Remsik at colostate.edu Wed May 17 14:55:07 2017 From: Robert.Remsik at colostate.edu (Remsik,Robert) Date: Wed, 17 May 2017 14:55:07 +0000 Subject: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) In-Reply-To: <25c14ca6-2501-a9f1-c790-2cb873c962ee@chalmers.se> References: , <25c14ca6-2501-a9f1-c790-2cb873c962ee@chalmers.se> Message-ID: That looks to be almost, if not exactly what I'm looking for. Thank you. ? Did you just do a 'make', to compile the hpuifilter file? Or did you do 'make install' as well? I'm hoping I can just 'make' and then copy the compiled file to where I need. Robert Remsik ACNS Desk Phone: 970 491 7120 Robert.Remsik at colostate.edu ________________________________ From: Per-Olof Olsson Sent: Tuesday, May 16, 2017 11:19 PM To: Remsik,Robert; rancid-discuss at shrubbery.net Subject: Re: [rancid] Printed artifact when rancid logs into a switch (^[[53; 211R) Hello Is it new ESC-codes added in late HP/Aruba versionens that make the login problem? It's possible that You need to patch hpuifilter.c and add filters for ?[?7h?, ?[1L?, and ?[1M?. Look for Subject "rancid with hp5412 J8697A or hp5406" posted on this list mars 24 2017. /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-avdelningen Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Mob: 0707 88 3708 ---------------------------------------------------------- On 05/17/2017 12:41 AM, Remsik,Robert wrote: > Hello! > > > I'm trying to troubleshoot a case where rancid's not backing up a device properly because it can't login. > > > ... In the test.log file: ... > > starting: Tue May 16 15:37:25 MDT 2017 > > > > Trying to get all of the configs. > couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect { > -re "\[\n\r]+" { exp_continue } > -re $reprompt {} > }" > (procedure "run_commands" line 12) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 159) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find t..." > (file "/path-to-rancid/rancid-3.5.1/bin/hlogin" line 657)^M > 10.100.116.17: missed cmd(s): all commands > 10.100.116.17: End of run not found > > ... which after trying to run hrancid I get the same error and it doesn't write the correct debug file 'z'. > Looking at the .new file I see it didn't process any of the commands. ... > > rancid at truck:~/bin$ hrancid -t z -d 10.100.116.17 > executing hlogin -t 90 -c"show version;show flash;show system-information;show system information;show > module;show stack;show tech transceivers;show config files;show config status;write term" 10.100.116.17 > > rancid at truck:~/bin$ ls z > ls: cannot access 'z': No such file or directory > > > rancid at truck:~/bin$ ls *.new > 10.100.116.17.new > > > > rancid at truck:~/bin$ cat 10.100.116.17.new > ;RANCID-CONTENT-TYPE: hp > ; > ; > ; > ; > ; > ; > ; > ; > ; > > > > ... When I run hlogin with the -c option I get the same error. However when I remove the -c option to confirm > if I can login at all, I can, with an artifact of (^[[53;211R) at the prompt. Logging in via SSH doesn't > provide this artifact. ... > > rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc -c 'show ip' x.y.116.17 > x.y.116.17 > spawn hpuifilter -- ssh -x -l USER x.y.116.17 > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > Please register your products now at: www.hpe.com/networking/register > > > USER at x.y.116.17's password: > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > (C) Copyright 2017 Hewlett Packard Enterprise Development LP > > RESTRICTED RIGHTS LEGEND > Confidential computer software. Valid license from Hewlett Packard Enterprise > Development LP required for possession, use or copying. Consistent with FAR > 12.211 and 12.212, Commercial Computer Software, Computer Software > Documentation, and Technical Data for Commercial Items are licensed to the > U.S. Government under vendor's standard commercial license. > > Press any key to continueYour previous successful login (as x) was on 2017-05-16 16:28:23 > from 10.100.1.219 > hostname# couldn't compile regular expression pattern: parentheses () not balanced > while executing > "expect { > -re "\[\n\r]+"{ exp_continue } > -re $reprompt{} > }" > (procedure "run_commands" line 12) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 159) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # device timeout > set timeout [find t..." > (file "./hlogin" line 657) > > rancid at SERVER:~/bin$ ./hlogin -f /PATH/rancid-3.5.1/.cloginrc x.y.116.17 > x.y.116.17 > spawn ssh -x -l USER x.y.116.17 > We'd like to keep you up to date about: > * Software feature updates > * New product announcements > * Special events > Please register your products now at: www.hpe.com/networking/register > > > USER at x.y.116.17's password: > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > (C) Copyright 2017 Hewlett Packard Enterprise Development LP > > RESTRICTED RIGHTS LEGEND > Confidential computer software. Valid license from Hewlett Packard Enterprise > Development LP required for possession, use or copying. Consistent with FAR > 12.211 and 12.212, Commercial Computer Software, Computer Software > Documentation, and Technical Data for Commercial Items are licensed to the > U.S. Government under vendor's standard commercial license. > > Press any key to continue > from x.y.1.219 > > > HOSTNAME# ^[[53;211R > HOSTNAME# > > ... Curiously the problem is not widespread. ~1% of my environment and after talking with a college (who's > running the latest version of rancid - he reported the problem to me) it appears to be switch version > dependant as only some specific versions of code. He confirmed by upgrading and downgrading code on an > HP5412Rzl2 in his environment. I was able to locate 2 more versions of code that had the same error. > > Aruba JL261A 2930F-24G-PoE+-4SFP Switch > Software revision WC.16.02.0016 > > HP J9851A Switch 5412Rzl2 > Software revision KB.16.01.0012 > > *Switch Version RANCID able to poll* > 16.03.0004 no > 16.03.0003 yes > 16.02.0018 no > 16.02.0016 no > 16.02.0015 yes > 16.02.0013 yes > > > Has anyone encountered this before or know how to remove the artifact? Thank you in advance, > > > Robert > > > > > Robert Remsik > > ACNS > > Desk Phone: 970 491 7120 > > Robert.Remsik at colostate.edu > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed May 17 21:55:27 2017 From: heas at shrubbery.net (heasley) Date: Wed, 17 May 2017 21:55:27 +0000 Subject: [rancid] rancid with hp5412 J8697A or hp5406 In-Reply-To: <06c401d2a4e1$46fb0ae0$d4f120a0$@asprack.com> References: <06c401d2a4e1$46fb0ae0$d4f120a0$@asprack.com> Message-ID: <20170517215527.GA47865@shrubbery.net> Fri, Mar 24, 2017 at 01:57:41PM -0700, Kalani Sanders: > I believe this should do it. Fixed it for me. > > > > Replaces "[?7h", "[1L", and "[1M" with CR. > Thanks for this! and thanks to those confirming that it works in their environment! From patrik at sigterm.se Thu May 18 14:43:57 2017 From: patrik at sigterm.se (Patrik Lundin) Date: Thu, 18 May 2017 16:43:57 +0200 Subject: [rancid] clogin + ssh: stuck at fingerprint verification Message-ID: <20170518144356.GA18992@shell1.sigterm.se> Hello, I have been trying to figure out an odd problem related to clogin when using ssh that appeared the other day. Basically clogin will (sometimes) get stuck when the ssh client prompts for fingerprint verification. OS version: Ubuntu 16.04.2 LTS RANCID package version: 3.3.0-1 Expect package version: 5.45-7 OpenSSH version: 1:7.2p2-4ubuntu2.2 The .cloginrc looks like this: === add autoenable * 1 add method * {ssh} add user * test add password * secret === The output of running clogin looks like this when it hangs (and eventually times out): === # clogin switch01.example.com switch01.example.com spawn ssh -c 3des-cbc -x -l test switch01.example.com The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? Error: TIMEOUT reached === The problem is that clogin fails to successfully parse the ssh output in order to send the "yes" needed to continue. What makes this problem tricky is that it seems to be timing related. Here is an attempt that initially works and then fails on the second attempt after removing the fingerprint again: === # clogin switch01.example.com switch01.example.com spawn ssh -c 3des-cbc -x -l test switch01.example.com The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? Host switch01.example.com added to the list of known hosts. yes Warning: Permanently added 'switch01.example.com,10.0.0.10' (RSA) to the list of known hosts. Password: [...] # ssh-keygen -R switch01.example.com # Host switch01.example.com found: line 1 /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old # clogin switch01.example.com switch01.example.com spawn ssh -c 3des-cbc -x -l test switch01.example.com The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? Error: TIMEOUT reached === The regex in clogin that is responsible for answering the question looks like this: === -re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } === It requires that all three lines of output are parsed as a single chunk (starting with "The authenticity of host" and ending with "(yes/no)". When stuff works this is indeed what happens (heavily trimmed output): === # clogin -d switch01.example.com [...] The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? [...] expect: does "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\nRSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)? " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\nRSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)?" expect: set expect_out(1,string) "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\nRSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)?" send: sending "yes\r" to { exp4 } === On the specific host where the above output has been collected it even goes as far as running clogin without debug mostly hangs while it always manages to send a "yes" if running with -d (I'm guessing because it is giving the ssh binary more time to present the output while debug output is being printed). Here is how it can look on a host where running with -d fails, heavily trimmed: === expect: does "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established." (spawn_id exp4) match regular expression [...] [...] expect: does "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\n" (spawn_id exp4) match regular expression [..] [...] expect: does "" (spawn_id exp4) match regular expression [...] [...] expect: does "RSA key fingerprint is SHA256:." (spawn_id exp4) match regular expression [...] [...] expect: does "RSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)? " (spawn_id exp4) match regular expression [...] [...] expect: does "Are you sure you want to continue connecting (yes/no)? " (spawn_id exp4) match regular expression [...] === As can be seen, instead of receiving the complete output as a single chunk it is instead handled in pieces, which means the regex that is supposed to send a "yes" is never matched. It appears I can get around this by increasing the magic "sleep 0.3" in clogin to something like "sleep 5" but it seems like a pretty brittle workaround. Has anyone struggled with something like this before? -- Patrik Lundin From Charles.Brooks at hbcs.org Thu May 18 15:26:25 2017 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Thu, 18 May 2017 15:26:25 +0000 Subject: [rancid] clogin + ssh: stuck at fingerprint verification In-Reply-To: <20170518144356.GA18992@shell1.sigterm.se> References: <20170518144356.GA18992@shell1.sigterm.se> Message-ID: Whenever you change a host key, put the new key in the known_hosts file on the rancid server. Don't use rancid to defeat a reasonable security measure. Silently deactivating the SSH warning is bad policy. --Charlie ________________________________________ From: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf of Patrik Lundin [patrik at sigterm.se] Sent: Thursday, May 18, 2017 10:43 AM To: rancid-discuss at shrubbery.net Subject: [rancid] clogin + ssh: stuck at fingerprint verification Hello, I have been trying to figure out an odd problem related to clogin when using ssh that appeared the other day. Basically clogin will (sometimes) get stuck when the ssh client prompts for fingerprint verification. OS version: Ubuntu 16.04.2 LTS RANCID package version: 3.3.0-1 Expect package version: 5.45-7 OpenSSH version: 1:7.2p2-4ubuntu2.2 The .cloginrc looks like this: === add autoenable * 1 add method * {ssh} add user * test add password * secret === The output of running clogin looks like this when it hangs (and eventually times out): === # clogin switch01.example.com switch01.example.com spawn ssh -c 3des-cbc -x -l test switch01.example.com The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? Error: TIMEOUT reached === The problem is that clogin fails to successfully parse the ssh output in order to send the "yes" needed to continue. What makes this problem tricky is that it seems to be timing related. Here is an attempt that initially works and then fails on the second attempt after removing the fingerprint again: === # clogin switch01.example.com switch01.example.com spawn ssh -c 3des-cbc -x -l test switch01.example.com The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? Host switch01.example.com added to the list of known hosts. yes Warning: Permanently added 'switch01.example.com,10.0.0.10' (RSA) to the list of known hosts. Password: [...] # ssh-keygen -R switch01.example.com # Host switch01.example.com found: line 1 /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old # clogin switch01.example.com switch01.example.com spawn ssh -c 3des-cbc -x -l test switch01.example.com The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? Error: TIMEOUT reached === The regex in clogin that is responsible for answering the question looks like this: === -re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } === It requires that all three lines of output are parsed as a single chunk (starting with "The authenticity of host" and ending with "(yes/no)". When stuff works this is indeed what happens (heavily trimmed output): === # clogin -d switch01.example.com [...] The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established. RSA key fingerprint is SHA256:. Are you sure you want to continue connecting (yes/no)? [...] expect: does "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\nRSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)? " (spawn_id exp4) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).* \(yes/no\)\?"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\nRSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)?" expect: set expect_out(1,string) "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established" expect: set expect_out(spawn_id) "exp4" expect: set expect_out(buffer) "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\nRSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)?" send: sending "yes\r" to { exp4 } === On the specific host where the above output has been collected it even goes as far as running clogin without debug mostly hangs while it always manages to send a "yes" if running with -d (I'm guessing because it is giving the ssh binary more time to present the output while debug output is being printed). Here is how it can look on a host where running with -d fails, heavily trimmed: === expect: does "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established." (spawn_id exp4) match regular expression [...] [...] expect: does "The authenticity of host 'switch01.example.com (10.0.0.10)' can't be established.\r\n" (spawn_id exp4) match regular expression [..] [...] expect: does "" (spawn_id exp4) match regular expression [...] [...] expect: does "RSA key fingerprint is SHA256:." (spawn_id exp4) match regular expression [...] [...] expect: does "RSA key fingerprint is SHA256:.\r\nAre you sure you want to continue connecting (yes/no)? " (spawn_id exp4) match regular expression [...] [...] expect: does "Are you sure you want to continue connecting (yes/no)? " (spawn_id exp4) match regular expression [...] === As can be seen, instead of receiving the complete output as a single chunk it is instead handled in pieces, which means the regex that is supposed to send a "yes" is never matched. It appears I can get around this by increasing the magic "sleep 0.3" in clogin to something like "sleep 5" but it seems like a pretty brittle workaround. Has anyone struggled with something like this before? -- Patrik Lundin _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- From patrik at sigterm.se Fri May 19 08:05:38 2017 From: patrik at sigterm.se (Patrik Lundin) Date: Fri, 19 May 2017 10:05:38 +0200 Subject: [rancid] clogin + ssh: stuck at fingerprint verification In-Reply-To: <20170518150548.6zxhlariohgzfdmo@seti.u-strasbg.fr> References: <20170518144356.GA18992@shell1.sigterm.se> <20170518150548.6zxhlariohgzfdmo@seti.u-strasbg.fr> Message-ID: <20170519080538.GA17427@shell1.sigterm.se> On Thu, May 18, 2017 at 05:05:49PM +0200, Jean Benoit wrote: > On Thu, May 18, 2017 at 04:43:57PM +0200, Patrik Lundin wrote: > > [...] Has anyone struggled with something like this before? > > If the risk of man in the middle attacks is acceptable, you could remove > fingerprinting : > > add method * {ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no} > Thank you for the input, I prefer to utilize fingerprint verification whenever I can however. On Thu, May 18, 2017 at 03:26:25PM +0000, Charles T. Brooks wrote: > Whenever you change a host key, put the new key in the known_hosts file on > the rancid server. Don't use rancid to defeat a reasonable security measure. > Silently deactivating the SSH warning is bad policy. > Right, I agree with this position in general, but managing the host key separately only hides what I percieve as the bigger issue. Actually my question is not so much "how do I avoid/fix this specific problem" as it is "is it possible assumptions made in the clogin code no longer hold true" which potentially could undermine it's operation in general. It is obvious the pattern matching in the code is based on the fact that all text end up in the buffer. I have seen that on the affected systems this is not always true. Maby someone more well versed in expect internals could chime in :). -- Patrik Lundin From peo at chalmers.se Fri May 19 17:14:45 2017 From: peo at chalmers.se (Per-Olof Olsson) Date: Fri, 19 May 2017 19:14:45 +0200 Subject: [rancid] typo in hlogin alpha version 2017-05-17? In-Reply-To: <20170517215527.GA47865@shrubbery.net> References: <06c401d2a4e1$46fb0ae0$d4f120a0$@asprack.com> <20170517215527.GA47865@shrubbery.net> Message-ID: Hello Think there is a typo in the alpha release found at ftp.shrubbery.net dated 2017-05-17 21:53:00. *** hlogin.in_ORG-20170519 2017-05-19 17:38:22.359040817 +0200 --- hlogin.in 2017-05-19 18:49:56.944559978 +0200 *************** *** 38,44 **** if { $do_command || $do_script } { set retval [ catch {eval spawn [split "hpuifilter -- $telnetcmd $router $port"]} reason ] } else { ! set retval [ catcheval spawn [split "$telnetcmd $router $port"]} reason ] } } if { $retval } { --- 38,44 ---- if { $do_command || $do_script } { set retval [ catch {eval spawn [split "hpuifilter -- $telnetcmd $router $port"]} reason ] } else { ! set retval [ catch {eval spawn [split "$telnetcmd $router $port"]} reason ] } } if { $retval } { *************** /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-avdelningen Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Mob: 0707 88 3708 ---------------------------------------------------------- From heas at shrubbery.net Fri May 19 21:47:21 2017 From: heas at shrubbery.net (heasley) Date: Fri, 19 May 2017 21:47:21 +0000 Subject: [rancid] clogin + ssh: stuck at fingerprint verification In-Reply-To: <20170519080538.GA17427@shell1.sigterm.se> References: <20170518144356.GA18992@shell1.sigterm.se> <20170518150548.6zxhlariohgzfdmo@seti.u-strasbg.fr> <20170519080538.GA17427@shell1.sigterm.se> Message-ID: <20170519214721.GA25637@shrubbery.net> Fri, May 19, 2017 at 10:05:38AM +0200, Patrik Lundin: > On Thu, May 18, 2017 at 05:05:49PM +0200, Jean Benoit wrote: > > On Thu, May 18, 2017 at 04:43:57PM +0200, Patrik Lundin wrote: > > > [...] Has anyone struggled with something like this before? > > > > If the risk of man in the middle attacks is acceptable, you could remove > > fingerprinting : > > > > add method * {ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no} > > > > Thank you for the input, I prefer to utilize fingerprint verification whenever > I can however. > > On Thu, May 18, 2017 at 03:26:25PM +0000, Charles T. Brooks wrote: > > Whenever you change a host key, put the new key in the known_hosts file on > > the rancid server. Don't use rancid to defeat a reasonable security measure. > > Silently deactivating the SSH warning is bad policy. > > > > Right, I agree with this position in general, but managing the host key > separately only hides what I percieve as the bigger issue. > > Actually my question is not so much "how do I avoid/fix this specific problem" > as it is "is it possible assumptions made in the clogin code no longer hold > true" which potentially could undermine it's operation in general. I think there was another change that caused this to surface. Anyway, i believe I have already fixed this and it is included in rancid-3.6: *login: change handling of ssh key-related prompts to one line at a time to eliminate timing-related problem. > It is obvious the pattern matching in the code is based on the fact that all > text end up in the buffer. I have seen that on the affected systems this is not > always true. > > Maby someone more well versed in expect internals could chime in :). > > -- > Patrik Lundin > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From patrik at sigterm.se Sat May 20 08:13:23 2017 From: patrik at sigterm.se (Patrik Lundin) Date: Sat, 20 May 2017 10:13:23 +0200 Subject: [rancid] clogin + ssh: stuck at fingerprint verification In-Reply-To: <20170519214721.GA25637@shrubbery.net> References: <20170518144356.GA18992@shell1.sigterm.se> <20170518150548.6zxhlariohgzfdmo@seti.u-strasbg.fr> <20170519080538.GA17427@shell1.sigterm.se> <20170519214721.GA25637@shrubbery.net> Message-ID: <20170520081322.GA24906@shell1.sigterm.se> On Fri, May 19, 2017 at 09:47:21PM +0000, heasley wrote: > > I think there was another change that caused this to surface. Anyway, i > believe I have already fixed this and it is included in rancid-3.6: > > *login: change handling of ssh key-related prompts to one line at a time > to eliminate timing-related problem. > Ah, that is great. I did look at the CHANGES page but obviously missed that. Thanks for pointing it out :). -- Patrik Lundin From adrian.dimitrov at efellows.bg Mon May 22 07:30:43 2017 From: adrian.dimitrov at efellows.bg (Adrian Dimitrov) Date: Mon, 22 May 2017 07:30:43 +0000 Subject: [rancid] Backing up Clavister core plus Message-ID: <490FA8C6CC4CDA44A7D3E449D75BF1F7403294@exchanger.efellows.bg> Hello Team , I couldn't find any information if I can use rancid to back up Clavister Firewall. Google wasn't helpful too. Checked the types file and couldn't find any type related to Clavister. Is this not developed yet ? Best Regards, Adrian Dimitrov System Administrator [eFellows-Mark-RGB_Sign] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 8632 bytes Desc: image001.png URL: From bipinsharma091 at gmail.com Mon May 22 06:25:06 2017 From: bipinsharma091 at gmail.com (Bipin Sharma) Date: Mon, 22 May 2017 12:10:06 +0545 Subject: [rancid] help Message-ID: Hello Team, While Installing rancid 3.6.1 version on centos 6.5 i got this error. i.e. checking for perl5... no checking for perl... /usr/bin/perl checking Socket.pm version... Socket version 2.006 required--this is only version 1.82 at -e line 1. BEGIN failed--compilation aborted at -e line 1. configure: error: Socket.pm is older than 2.006; upgrade from http://metacpan.org/pod/Socket Please Help me to solve the isseu..\ Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From b.candler at pobox.com Fri May 19 14:54:33 2017 From: b.candler at pobox.com (Brian Candler) Date: Fri, 19 May 2017 15:54:33 +0100 Subject: [rancid] Problems with hpuifilter / hlogin Message-ID: Back in 2015, I submitted a fix to hpuifilter: http://www.shrubbery.net/pipermail/rancid-discuss/2015-December/008823.html This was incorporated into rancid 3.3.0. Unfortunately, rancid 3.3.0 from Ubuntu 16.04 still doesn't work with HP, and it turns out there are a couple of problems. (1) When the patch was merged, it seems an error was added in bin/hpuifilter.c, function complete_esc(). The line which now says return(i + 10); should have been return(i + 1); That's a simple fix to make, and still is apparently required in 3.6.2. [^1] (2) hlogin from 3.3.0 was having problems with the prompt, which I was able to replicate like this to a J9775A: /usr/lib/rancid/bin/hlogin -d -t 20 -c"show version;show flash;show system-information;show system information;show module;show stack;show tech transceivers;show config files;show config status;write term" ix-edgesw-r1b1b.int.example.net ... send: sending "no page\r" to { exp5 } Gate keeper glob pattern for 'ix-edgesw-r' is 'ix-edgesw-r'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp5) match regular expression "ix-edgesw-r"? Gate "ix-edgesw-r"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no no page ix-edgesw-r1b1b# expect: does "no page\r\r\nix-edgesw-r1b1b# " (spawn_id exp5) match regular expression "ix-edgesw-r"? Gate "ix-edgesw-r"? gate=yes re=yes expect: set expect_out(0,string) "ix-edgesw-r" expect: set expect_out(spawn_id) "exp5" expect: set expect_out(buffer) "no page\r\r\nix-edgesw-r" Gate keeper glob pattern for 'ix-edgesw-r([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?' is 'ix-edgesw-r*'. Activating booster. Gate keeper glob pattern for 'Invalid input: 0[ ]+' is 'Invalid input: 0*'. Activating booster. Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. expect: does "1b1b# " (spawn_id exp5) match regular expression "ix-edgesw-r([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?"? Gate "ix-edgesw-r*"? gate=no "Invalid input: 0[\n\r]+"? Gate "Invalid input: 0*"? gate=no "[\n\r]+"? (No Gate, RE only) gate=yes re=no <<>> expect: timed out Error: TIMEOUT reached However, the version of hlogin from 2.3.6 works fine (from ubuntu 12.04), and also hlogin from 3.6.2 (current code), so I've just replaced hlogin with the new one rather than digging any further. Regards, Brian. [^1] The same line in in the 3.6.2 tarball, but for testing purposes I'm just rebuilding hpuifilter from 3.3.0 like this: apt-get install dpkg-dev apt-get source rancid cd rancid-3.3.0 ./configure cd bin # apply patch by hand: vi hpuifilter.c make hpuifilter sudo cp -p hpuifilter /usr/lib/rancid/bin/ From heas at shrubbery.net Mon May 22 15:43:00 2017 From: heas at shrubbery.net (heasley) Date: Mon, 22 May 2017 15:43:00 +0000 Subject: [rancid] Backing up Clavister core plus In-Reply-To: <490FA8C6CC4CDA44A7D3E449D75BF1F7403294@exchanger.efellows.bg> References: <490FA8C6CC4CDA44A7D3E449D75BF1F7403294@exchanger.efellows.bg> Message-ID: <20170522154300.GF5459@shrubbery.net> Mon, May 22, 2017 at 07:30:43AM +0000, Adrian Dimitrov: > Hello Team , > > I couldn't find any information if I can use rancid to back up Clavister Firewall. Google wasn't helpful too. Checked the types file and couldn't find any type related to Clavister. > > Is this not developed yet ? Not that I've seen. See S4 of the FAQ for adding support for a new device. From me at falz.net Mon May 22 19:29:18 2017 From: me at falz.net (Chris Wopat) Date: Mon, 22 May 2017 14:29:18 -0500 Subject: [rancid] Ciena Waveserver w/ RANCID 3.6.2 Message-ID: Hi, There appears to be a ciena-ws module as of RANCID v3.3. I tested this out on RANCID 3.4.x and it seemed to work, but only after I changed it to use clogin instead of hlogin. I opted to upgrade to 3.6.2 immediately after and now are getting 'End of run not found' errors using either login method. Did debugging w/ NOPIPE=YES, the .new and .raw files both look correct. They also contain the matching regexp that appears to match to set found_end to 1, which is if (/^! END OF CONFIG:/) in wavesvros.pm. export NOPIPE=YES && rancid -d -t ciena-ws my-saveserver' loadtype: device type ciena-ws loadtype: found device type ciena-ws in /usr/local/rancid/etc/rancid.types.base executing hlogin -t 120 -c"software show;chassis show;configuration show" my-saveserver PROMPT MATCH: my-waveserver> HIT COMMAND:my-waveserver> software show In ShowVersion: my-waveserver> software show HIT COMMAND:my-waveserver> chassis show In ShowChassisClocks: my-waveserver> chassis show HIT COMMAND:my-waveserver> configuration show In ShowConfiguration: my-waveserver> configuration show o-waveserver-lab-2.wiscnet.net: End of run not found my-waveserver^>logout > tail -5 my-waveserver.new ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! END OF CONFIG: ! my-waveserver^>logout Curious if something changed in these versions or general tips for troubleshooting this. I don't think it's actually the regexp match for "END OF CONFIG" as it appears to be correct. The mailing list is littered with lots of 'End of run not found' issues over the years, so unsure which is most relevant. Also, is there an official RANCID code CVS/SVN/GIT repository somewhere, and is it browsable? Curious of changes over time outside of what's in the CHANGELOG. --Chris From peo at chalmers.se Tue May 23 05:44:37 2017 From: peo at chalmers.se (Per-Olof Olsson) Date: Tue, 23 May 2017 07:44:37 +0200 Subject: [rancid] hlogin irritated echo of window size on HP's " ESC[__; __R" Message-ID: <28261038-6765-4bd3-9bab-0bff2046f31e@chalmers.se> Hello Think I solved the irritating echo of window size by not try to redefine to full prompt sting in interactive mode for hlogin. It's hard to find prompt sting on new HP's if not using hpuifilter. They almost don't use any or , just cursor control via ESC/CSI codes. Also prompt sting is not used after redefine it, so why try to redefine it in interactive mode at all?! Tested to not redefine prompt string in interactive mode on old 2.3.8, 3.6.2 and alpha from 20170519. All work nice with no echo of window size. !!!!This patch is from ALPHA version!!!! *** hlogin.in_ORG-20170519 2017-05-19 17:38:22.359040817 +0200 --- hlogin.in 2017-05-23 06:41:35.955883962 +0200 *************** *** 515,528 **** } } } - # we are logged in, now figure out the full prompt - send "\r" - expect { - -re "\[\r\n]+" { exp_continue; } - -re "^.+$prompt" { set prompt $expect_out(0,string); } - } if { $do_command || $do_script } { # set a wide tty width. set stty_init "cols 132" # disable the pager --- 515,529 ---- } } } if { $do_command || $do_script } { + # we are logged in, now figure out the full prompt + send "\r" + expect { + -re "\[\r\n]+" { exp_continue; } + -re "^.+$prompt" { set prompt $expect_out(0,string); } + } + # set a wide tty width. set stty_init "cols 132" # disable the pager ----------------------------------------------- If you not try to redefine prompt string in clogin, it will also work nicely for interactive login to HP's! /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-avdelningen Arvid Hedvalls backe 6 412 96 G?teborg Tel: 031/772 6738 Mob: 0707 88 3708 ---------------------------------------------------------- From Vinny.Abello at nttdata.com Wed May 24 13:32:46 2017 From: Vinny.Abello at nttdata.com (Vinny.Abello at nttdata.com) Date: Wed, 24 May 2017 13:32:46 +0000 Subject: [rancid] Nexus 7k & bootvar_debug churn Message-ID: Hello, We have several Nexus 7009 switches running NX-OS 7.2. We've noticed that RANCID keeps picking up updates to the files bootvar_debug.log and bootvar_debug.meta. There doesn't appear to be any way to stop these files from being modified. I found another user who saw the same behavior on Nexus 9000 series switches. Cisco states it is by design. It's worth noting that this behavior doesn't seem to happen in version 6.2 of NX-OS on the same platform. We've only noticed it on 7.2. It would seem these files need to be ignored. Does anyone have a patch to correct this for RANCID 3.6.2? Here's an example of the diff from what rancid is picking up. Index: configs/cs5.wtc.qcy =================================================================== retrieving revision 1.337 diff -u -4 -r1.337 cs5.wtc.qcy @@ -229,10 +229,10 @@ !Flash: bootflash: 1054 MB used !Flash: bootflash: 637 MB free !Flash: bootflash: 1692 MB total ! - !Flash: debug: 249932 May 24 04:12:52 2017 bootvar_debug.log - !Flash: debug: 6 May 24 04:12:52 2017 bootvar_debug.meta + !Flash: debug: 250049 May 24 05:13:03 2017 bootvar_debug.log + !Flash: debug: 6 May 24 05:13:03 2017 bootvar_debug.meta !Flash: debug: Usage for debug://sup-local !Flash: debug: 0 MB used !Flash: debug: 4 MB free !Flash: debug: 5 MB total Thanks! -Vinny ______________________________________________________________________ Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Charles.Brooks at hbcs.org Wed May 24 14:00:28 2017 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Wed, 24 May 2017 14:00:28 +0000 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: References: Message-ID: I can confirm this behavior on the Nexus 5000 as well. --Charlie ________________________________ From: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf of Vinny.Abello at nttdata.com [Vinny.Abello at nttdata.com] Sent: Wednesday, May 24, 2017 9:32 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Nexus 7k & bootvar_debug churn Hello, We have several Nexus 7009 switches running NX-OS 7.2. We?ve noticed that RANCID keeps picking up updates to the files bootvar_debug.log and bootvar_debug.meta. There doesn?t appear to be any way to stop these files from being modified. I found another user who saw the same behavior on Nexus 9000 series switches. Cisco states it is by design. It?s worth noting that this behavior doesn?t seem to happen in version 6.2 of NX-OS on the same platform. We?ve only noticed it on 7.2. It would seem these files need to be ignored. Does anyone have a patch to correct this for RANCID 3.6.2? Here?s an example of the diff from what rancid is picking up. Index: configs/cs5.wtc.qcy =================================================================== retrieving revision 1.337 diff -u -4 -r1.337 cs5.wtc.qcy @@ -229,10 +229,10 @@ !Flash: bootflash: 1054 MB used !Flash: bootflash: 637 MB free !Flash: bootflash: 1692 MB total ! - !Flash: debug: 249932 May 24 04:12:52 2017 bootvar_debug.log - !Flash: debug: 6 May 24 04:12:52 2017 bootvar_debug.meta + !Flash: debug: 250049 May 24 05:13:03 2017 bootvar_debug.log + !Flash: debug: 6 May 24 05:13:03 2017 bootvar_debug.meta !Flash: debug: Usage for debug://sup-local !Flash: debug: 0 MB used !Flash: debug: 4 MB free !Flash: debug: 5 MB total Thanks! -Vinny ______________________________________________________________________ Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding. ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Wed May 24 14:05:30 2017 From: nick at foobar.org (Nick Hilliard) Date: Wed, 24 May 2017 15:05:30 +0100 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: References: Message-ID: <5925932A.50500@foobar.org> Charles T. Brooks wrote: > I can confirm this behavior on the Nexus 5000 as well. the attached patch fixes this annoyance. Nick -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: nxrancid.diff URL: From nick at foobar.org Wed May 24 18:49:43 2017 From: nick at foobar.org (Nick Hilliard) Date: Wed, 24 May 2017 19:49:43 +0100 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: References: <5925932A.50500@foobar.org> Message-ID: <5925D5C7.1060006@foobar.org> Vinny.Abello at nttdata.com wrote: > Thank you, Nick. On my deployment, I don't have an nxrancid file anywhere, but found the same logic in nxos.pm which I applied this to. I suspect this will resolve it. er yeah, sorry this came from a rancid 2 deployment, but the patch should work against nxos.pm too. Nick From Vinny.Abello at nttdata.com Wed May 24 18:43:17 2017 From: Vinny.Abello at nttdata.com (Vinny.Abello at nttdata.com) Date: Wed, 24 May 2017 18:43:17 +0000 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: <5925932A.50500@foobar.org> References: <5925932A.50500@foobar.org> Message-ID: Thank you, Nick. On my deployment, I don't have an nxrancid file anywhere, but found the same logic in nxos.pm which I applied this to. I suspect this will resolve it. Thanks again! -Vinny -----Original Message----- From: Nick Hilliard [mailto:nick at foobar.org] Sent: Wednesday, May 24, 2017 10:06 AM To: Charles T. Brooks Cc: Vinny.Abello at nttdata.com; rancid-discuss at shrubbery.net Subject: Re: [rancid] Nexus 7k & bootvar_debug churn Charles T. Brooks wrote: > I can confirm this behavior on the Nexus 5000 as well. the attached patch fixes this annoyance. Nick ______________________________________________________________________ Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding. From heas at shrubbery.net Wed May 24 19:05:16 2017 From: heas at shrubbery.net (heasley) Date: Wed, 24 May 2017 19:05:16 +0000 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: <5925D5C7.1060006@foobar.org> References: <5925932A.50500@foobar.org> <5925D5C7.1060006@foobar.org> Message-ID: <20170524190516.GG91291@shrubbery.net> Wed, May 24, 2017 at 07:49:43PM +0100, Nick Hilliard: > Vinny.Abello at nttdata.com wrote: > > Thank you, Nick. On my deployment, I don't have an nxrancid file anywhere, but found the same logic in nxos.pm which I applied this to. I suspect this will resolve it. > > er yeah, sorry this came from a rancid 2 deployment, but the patch > should work against nxos.pm too. Index: lib/nxos.pm.in =================================================================== --- lib/nxos.pm.in (revision 3646) +++ lib/nxos.pm.in (working copy) @@ -487,6 +487,9 @@ # Drop ee.log /\s+ee\.log(?:\..*)?$/ && next; + # Drop bootvar_debug log files + /\s+bootvar_debug\./ && next; + # Drop accounting.log /\s+accounting\.log$/ && next; From heas at shrubbery.net Wed May 24 21:04:55 2017 From: heas at shrubbery.net (heasley) Date: Wed, 24 May 2017 21:04:55 +0000 Subject: [rancid] Ciena Waveserver w/ RANCID 3.6.2 In-Reply-To: References: Message-ID: <20170524210455.GN91291@shrubbery.net> Mon, May 22, 2017 at 02:29:18PM -0500, Chris Wopat: > Hi, > > There appears to be a ciena-ws module as of RANCID v3.3. I tested this > out on RANCID 3.4.x and it seemed to work, but only after I changed it > to use clogin instead of hlogin. I opted to upgrade to 3.6.2 > immediately after and now are getting 'End of run not found' errors > using either login method. > > Did debugging w/ NOPIPE=YES, the .new and .raw files both look > correct. They also contain the matching regexp that appears to match > to set found_end to 1, which is if (/^! END OF CONFIG:/) in > wavesvros.pm. > > export NOPIPE=YES && rancid -d -t ciena-ws my-saveserver' > loadtype: device type ciena-ws > loadtype: found device type ciena-ws in /usr/local/rancid/etc/rancid.types.base > executing hlogin -t 120 -c"software show;chassis show;configuration > show" my-saveserver > PROMPT MATCH: my-waveserver> > HIT COMMAND:my-waveserver> software show > In ShowVersion: my-waveserver> software show > HIT COMMAND:my-waveserver> chassis show > In ShowChassisClocks: my-waveserver> chassis show > HIT COMMAND:my-waveserver> configuration show > In ShowConfiguration: my-waveserver> configuration show > o-waveserver-lab-2.wiscnet.net: End of run not found > my-waveserver^>logout > > > > > tail -5 my-waveserver.new > ! > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > ! END OF CONFIG: > ! > my-waveserver^>logout > > Curious if something changed in these versions or general tips for > troubleshooting this. I don't think it's actually the regexp match for > "END OF CONFIG" as it appears to be correct. no changes in this since 3.3 and i no longer have access to one. if you send the raw file to me (as an attachment) i can probably fix it, but go back to hlogin. > The mailing list is littered with lots of 'End of run not found' > issues over the years, so unsure which is most relevant. > > Also, is there an official RANCID code CVS/SVN/GIT repository > somewhere, and is it browsable? Curious of changes over time outside > of what's in the CHANGELOG. its all in the changelog. From weylin at bu.edu Wed May 24 20:51:07 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Wed, 24 May 2017 20:51:07 +0000 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: <20170524190516.GG91291@shrubbery.net> References: <5925932A.50500@foobar.org> <5925D5C7.1060006@foobar.org> <20170524190516.GG91291@shrubbery.net> Message-ID: <80C120CB-F7F3-42E0-AE5D-6843648B14B0@bu.edu> For those who are curious, I opened a TAC case about this last December (681520039). I asked four questions; here?s the response: ?Is this expected behavior?? The switch will update the bootvar_debug.log file as part of its normal operation. This data is intended for Cisco engineering and TAC. edit: of note, I?ve observed that updating those files also updates a number of other things in rancid?s output: debug filesystem: - bootvar_debug.log - bootvar_debug.meta logflash filesystem: - debug_logs/ - the lines that show logflash: size used/free ?What I would need to do to disable it?? Preventing these logs from updating is not an option as it is part of the switch's normal operation. ?[Do] I need to be worried about exhausting storage capacity?? The debug directory will have a dedicated amount of flash storage for the file, as such, it will not have an impact on the other functions of the switch. You will not need to be worried about exhausting the capacity. ?Is this documented anywhere?? This isn?t documented externally, however, these [TAC case notes] can be treated as official documentation if required. weylin -----Original Message----- From: heasley Date: Wednesday, May 24, 2017 at 15:05 To: Nick Hilliard Cc: , , Subject: Re: [rancid] Nexus 7k & bootvar_debug churn Wed, May 24, 2017 at 07:49:43PM +0100, Nick Hilliard: > Vinny.Abello at nttdata.com wrote: > > Thank you, Nick. On my deployment, I don't have an nxrancid file anywhere, but found the same logic in nxos.pm which I applied this to. I suspect this will resolve it. > > er yeah, sorry this came from a rancid 2 deployment, but the patch > should work against nxos.pm too. Index: lib/nxos.pm.in =================================================================== --- lib/nxos.pm.in (revision 3646) +++ lib/nxos.pm.in (working copy) @@ -487,6 +487,9 @@ # Drop ee.log /\s+ee\.log(?:\..*)?$/ && next; + # Drop bootvar_debug log files + /\s+bootvar_debug\./ && next; + # Drop accounting.log /\s+accounting\.log$/ && next; From heas at shrubbery.net Wed May 24 21:38:49 2017 From: heas at shrubbery.net (heasley) Date: Wed, 24 May 2017 21:38:49 +0000 Subject: [rancid] hlogin irritated echo of window size on HP's " ESC[__; __R" In-Reply-To: <28261038-6765-4bd3-9bab-0bff2046f31e@chalmers.se> References: <28261038-6765-4bd3-9bab-0bff2046f31e@chalmers.se> Message-ID: <20170524213849.GS91291@shrubbery.net> Tue, May 23, 2017 at 07:44:37AM +0200, Per-Olof Olsson: > Hello > > Think I solved the irritating echo of window size by not try to redefine to full prompt > sting in interactive mode for hlogin. > > It's hard to find prompt sting on new HP's if not using hpuifilter. They almost don't use > any or , just cursor control via ESC/CSI codes. > > Also prompt sting is not used after redefine it, so why try to redefine it in interactive > mode at all?! > > Tested to not redefine prompt string in interactive mode on old 2.3.8, 3.6.2 and alpha > from 20170519. All work nice with no echo of window size. > > !!!!This patch is from ALPHA version!!!! > > *** hlogin.in_ORG-20170519 2017-05-19 17:38:22.359040817 +0200 > --- hlogin.in 2017-05-23 06:41:35.955883962 +0200 > *************** > *** 515,528 **** > } > } > } > - # we are logged in, now figure out the full prompt > - send "\r" > - expect { > - -re "\[\r\n]+" { exp_continue; } > - -re "^.+$prompt" { set prompt $expect_out(0,string); } > - } > > if { $do_command || $do_script } { > # set a wide tty width. > set stty_init "cols 132" > # disable the pager > --- 515,529 ---- > } > } > } > > if { $do_command || $do_script } { > + # we are logged in, now figure out the full prompt > + send "\r" > + expect { > + -re "\[\r\n]+" { exp_continue; } > + -re "^.+$prompt" { set prompt $expect_out(0,string); } > + } > + > # set a wide tty width. > set stty_init "cols 132" > # disable the pager > ----------------------------------------------- that works. thanks. From tarranum.kamal at gmail.com Thu May 25 05:17:56 2017 From: tarranum.kamal at gmail.com (Tarranum Kamal) Date: Thu, 25 May 2017 13:17:56 +0800 Subject: [rancid] HELP RACNID LOOKING GLASS Message-ID: 0down votefavorite I am beginner to server world and in general scripting and OS. I have managed to run Rancid on my server running Freebsd. Now i am trying to confiugre RANCID Looking glass, i have followed REAMDE.lg that comes with rancid package but to be honest this is too difficult to understand with lots of hidden assumptions . ANyways i followed the instricution in it ) (whatever I could understand) , when I try to access it thru browser it displays text instead webpage, now I am clueless. The readme says it required CGI and Lockfile perl modules, how can I check if these modules are present on my servers I would appreciate if anyone has installed rancid looking glass who can help me out or if anyone can provide me a better installation guide for freebsd. Thanks and have a nice day BR tan -------------- next part -------------- An HTML attachment was scrubbed... URL: From adrian.dimitrov at efellows.bg Thu May 25 12:11:39 2017 From: adrian.dimitrov at efellows.bg (Adrian Dimitrov) Date: Thu, 25 May 2017 12:11:39 +0000 Subject: [rancid] Backing up Clavister core plus In-Reply-To: <20170522154300.GF5459@shrubbery.net> References: <490FA8C6CC4CDA44A7D3E449D75BF1F7403294@exchanger.efellows.bg> <20170522154300.GF5459@shrubbery.net> Message-ID: <490FA8C6CC4CDA44A7D3E449D75BF1F740C1DC@exchanger.efellows.bg> Hello, Thanks for the information. I checked the FAQ section and researched in the web. It seems that no one developed it yet or kept it for himself. Anyway I am still newbie in linux administration and rancid, so creating/editing new script is big task for me. Hopefully I will have time to try the challenge. Thanks anyway. Best Regards, Adrian Dimitrov System Administrator -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Monday, May 22, 2017 6:43 PM To: Adrian Dimitrov Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Backing up Clavister core plus Mon, May 22, 2017 at 07:30:43AM +0000, Adrian Dimitrov: > Hello Team , > > I couldn't find any information if I can use rancid to back up Clavister Firewall. Google wasn't helpful too. Checked the types file and couldn't find any type related to Clavister. > > Is this not developed yet ? Not that I've seen. See S4 of the FAQ for adding support for a new device. From heas at shrubbery.net Thu May 25 14:17:18 2017 From: heas at shrubbery.net (heasley) Date: Thu, 25 May 2017 14:17:18 +0000 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: References: Message-ID: <20170525141718.GH24772@shrubbery.net> Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: > 0down votefavorite > > > I am beginner to server world and in general scripting and OS. I have > managed to run Rancid on my server running Freebsd. Now i am trying to > confiugre RANCID Looking glass, i have followed REAMDE.lg that comes with > rancid package but to be honest this is too difficult to understand with > lots of hidden assumptions . ANyways i followed the instricution in it ) > (whatever I could understand) , when I try to access it thru browser it > displays text instead webpage, now I am clueless. The readme says it > required CGI and Lockfile perl modules, how can I check if these modules > are present on my servers > > I would appreciate if anyone has installed rancid looking glass who can > help me out or if anyone can provide me a better installation guide for > freebsd. its been a while since i've setup the lg freshly and the i have yet to review the suggestion last week from another user on the cisco-nsp list. i'll try to do that next week, otherwise the README.lg file is the only instruction I have for you ATM. From adudek16 at gmail.com Thu May 25 14:22:09 2017 From: adudek16 at gmail.com (Aaron Dudek) Date: Thu, 25 May 2017 10:22:09 -0400 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: <20170525141718.GH24772@shrubbery.net> References: <20170525141718.GH24772@shrubbery.net> Message-ID: As far as the Perl stuff try A) Start CPAN Shell: # perl -MCPAN -e shell B) Install a perl module: At cpan> shell prompt install module using install module::Name command. For example install module called MIME::Lite: # cpan> install MIME::Lite Alternatively, try out the following command: # cpan -i MIME::Lite On Thu, May 25, 2017 at 10:17 AM, heasley wrote: > Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: >> 0down votefavorite >> >> >> I am beginner to server world and in general scripting and OS. I have >> managed to run Rancid on my server running Freebsd. Now i am trying to >> confiugre RANCID Looking glass, i have followed REAMDE.lg that comes with >> rancid package but to be honest this is too difficult to understand with >> lots of hidden assumptions . ANyways i followed the instricution in it ) >> (whatever I could understand) , when I try to access it thru browser it >> displays text instead webpage, now I am clueless. The readme says it >> required CGI and Lockfile perl modules, how can I check if these modules >> are present on my servers >> >> I would appreciate if anyone has installed rancid looking glass who can >> help me out or if anyone can provide me a better installation guide for >> freebsd. > > its been a while since i've setup the lg freshly and the i have yet to > review the suggestion last week from another user on the cisco-nsp list. > i'll try to do that next week, otherwise the README.lg file is the only > instruction I have for you ATM. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Vinny.Abello at nttdata.com Thu May 25 14:25:07 2017 From: Vinny.Abello at nttdata.com (Vinny.Abello at nttdata.com) Date: Thu, 25 May 2017 14:25:07 +0000 Subject: [rancid] Nexus 7k & bootvar_debug churn In-Reply-To: <20170524190516.GG91291@shrubbery.net> References: <5925932A.50500@foobar.org> <5925D5C7.1060006@foobar.org> <20170524190516.GG91291@shrubbery.net> Message-ID: Thanks! -Vinny -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Wednesday, May 24, 2017 3:05 PM To: Nick Hilliard Cc: Vinny.Abello at nttdata.com; Charles.Brooks at hbcs.org; rancid-discuss at shrubbery.net Subject: Re: [rancid] Nexus 7k & bootvar_debug churn Wed, May 24, 2017 at 07:49:43PM +0100, Nick Hilliard: > Vinny.Abello at nttdata.com wrote: > > Thank you, Nick. On my deployment, I don't have an nxrancid file anywhere, but found the same logic in nxos.pm which I applied this to. I suspect this will resolve it. > > er yeah, sorry this came from a rancid 2 deployment, but the patch > should work against nxos.pm too. Index: lib/nxos.pm.in =================================================================== --- lib/nxos.pm.in (revision 3646) +++ lib/nxos.pm.in (working copy) @@ -487,6 +487,9 @@ # Drop ee.log /\s+ee\.log(?:\..*)?$/ && next; + # Drop bootvar_debug log files + /\s+bootvar_debug\./ && next; + # Drop accounting.log /\s+accounting\.log$/ && next; ______________________________________________________________________ Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding. From adudek16 at gmail.com Thu May 25 16:52:06 2017 From: adudek16 at gmail.com (Aaron Dudek) Date: Thu, 25 May 2017 12:52:06 -0400 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: References: <20170525141718.GH24772@shrubbery.net> Message-ID: Did you install the modules using the method I gave? Are you sure about the location of the perl modules? I've never played with the LG and I don't do http. On Thu, May 25, 2017 at 11:57 AM, Tarranum Kamal wrote: > Hi Aaron > > Thanks for your swift reply. Is this going to install CGI and Lockfile > module for me ? > > FYI, httpd.conf file > > > LoadModule cgid_module libexec/apache24/mod_cgid.so > > > LoadModule cgi_module libexec/apache24/mod_cgi.so > LoadModule perl_module libexec/apache24/mod_perl.so > > ScriptAlias /lg /usr/local/htdocs/lg > > > AllowOverride None > AddHandler cgi-script .cgi .pl > Options ExecCGI > DirectoryIndex lgform.cgi > Require all granted > > > When I see httpd-error.log, I see below: > > [Thu May 25 16:01:48.035497 2017] [cgi:error] [pid 17135] [client address:port>] AH01215: (8)Exec format error: exec of > '/usr/local/htdocs/lg/index.html' failed: /usr/local/htdocs/lg/index.html > [Thu May 25 16:01:48.035557 2017] [cgi:error] [pid 17135] [client address:port>] End of script output before headers: index.html > > Best Regards > > > > On Thu, May 25, 2017 at 10:22 PM, Aaron Dudek wrote: >> >> As far as the Perl stuff >> try >> A) Start CPAN Shell: >> # perl -MCPAN -e shell >> >> B) Install a perl module: >> At cpan> shell prompt install module using install module::Name >> command. For example install module called MIME::Lite: >> # cpan> install MIME::Lite >> >> Alternatively, try out the following command: >> # cpan -i MIME::Lite >> >> On Thu, May 25, 2017 at 10:17 AM, heasley wrote: >> > Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: >> >> 0down votefavorite >> >> >> >> >> >> I am beginner to server world and in general scripting and OS. I have >> >> managed to run Rancid on my server running Freebsd. Now i am trying to >> >> confiugre RANCID Looking glass, i have followed REAMDE.lg that comes >> >> with >> >> rancid package but to be honest this is too difficult to understand >> >> with >> >> lots of hidden assumptions . ANyways i followed the instricution in it >> >> ) >> >> (whatever I could understand) , when I try to access it thru browser it >> >> displays text instead webpage, now I am clueless. The readme says it >> >> required CGI and Lockfile perl modules, how can I check if these >> >> modules >> >> are present on my servers >> >> >> >> I would appreciate if anyone has installed rancid looking glass who can >> >> help me out or if anyone can provide me a better installation guide for >> >> freebsd. >> > >> > its been a while since i've setup the lg freshly and the i have yet to >> > review the suggestion last week from another user on the cisco-nsp list. >> > i'll try to do that next week, otherwise the README.lg file is the only >> > instruction I have for you ATM. >> > >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > From tarranum.kamal at gmail.com Thu May 25 15:57:22 2017 From: tarranum.kamal at gmail.com (Tarranum Kamal) Date: Thu, 25 May 2017 23:57:22 +0800 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: References: <20170525141718.GH24772@shrubbery.net> Message-ID: Hi Aaron Thanks for your swift reply. Is this going to install CGI and Lockfile module for me ? FYI, httpd.conf file LoadModule cgid_module libexec/apache24/mod_cgid.so LoadModule cgi_module libexec/apache24/mod_cgi.so LoadModule perl_module libexec/apache24/mod_perl.so ScriptAlias /lg /usr/local/htdocs/lg AllowOverride None AddHandler cgi-script .cgi .pl Options ExecCGI DirectoryIndex lgform.cgi Require all granted When I see httpd-error.log, I see below: [Thu May 25 16:01:48.035497 2017] [cgi:error] [pid 17135] [client ] AH01215: (8)Exec format error: exec of '/usr/local/htdocs/lg/index.html' failed: /usr/local/htdocs/lg/index.html [Thu May 25 16:01:48.035557 2017] [cgi:error] [pid 17135] [client ] End of script output before headers: index.html Best Regards On Thu, May 25, 2017 at 10:22 PM, Aaron Dudek wrote: > As far as the Perl stuff > try > A) Start CPAN Shell: > # perl -MCPAN -e shell > > B) Install a perl module: > At cpan> shell prompt install module using install module::Name > command. For example install module called MIME::Lite: > # cpan> install MIME::Lite > > Alternatively, try out the following command: > # cpan -i MIME::Lite > > On Thu, May 25, 2017 at 10:17 AM, heasley wrote: > > Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: > >> 0down votefavorite > >> > >> > >> I am beginner to server world and in general scripting and OS. I have > >> managed to run Rancid on my server running Freebsd. Now i am trying to > >> confiugre RANCID Looking glass, i have followed REAMDE.lg that comes > with > >> rancid package but to be honest this is too difficult to understand with > >> lots of hidden assumptions . ANyways i followed the instricution in it ) > >> (whatever I could understand) , when I try to access it thru browser it > >> displays text instead webpage, now I am clueless. The readme says it > >> required CGI and Lockfile perl modules, how can I check if these modules > >> are present on my servers > >> > >> I would appreciate if anyone has installed rancid looking glass who can > >> help me out or if anyone can provide me a better installation guide for > >> freebsd. > > > > its been a while since i've setup the lg freshly and the i have yet to > > review the suggestion last week from another user on the cisco-nsp list. > > i'll try to do that next week, otherwise the README.lg file is the only > > instruction I have for you ATM. > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tarranum.kamal at gmail.com Fri May 26 05:12:28 2017 From: tarranum.kamal at gmail.com (Tarranum Kamal) Date: Fri, 26 May 2017 13:12:28 +0800 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: References: <20170525141718.GH24772@shrubbery.net> Message-ID: I use your method. The location of perl i think I am sure (see below) /usr/local/htdocs/lg % cd /usr/local/bin/perl perl* perl5* perl5.24.1* perlbug* perldoc* perlivp* perlthanks* Perl version in use: perl -v This is perl 5, version 24, subversion 1 (v5.24.1) built for amd64-freebsd-thread-multi (with 1 registered patch, see perl -V for more detail) Copyright 1987-2016, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. Thanks for replying BR On Fri, May 26, 2017 at 12:52 AM, Aaron Dudek wrote: > Did you install the modules using the method I gave? > Are you sure about the location of the perl modules? > > I've never played with the LG and I don't do http. > > On Thu, May 25, 2017 at 11:57 AM, Tarranum Kamal > wrote: > > Hi Aaron > > > > Thanks for your swift reply. Is this going to install CGI and Lockfile > > module for me ? > > > > FYI, httpd.conf file > > > > > > LoadModule cgid_module libexec/apache24/mod_cgid.so > > > > > > LoadModule cgi_module libexec/apache24/mod_cgi.so > > LoadModule perl_module libexec/apache24/mod_perl.so > > > > ScriptAlias /lg /usr/local/htdocs/lg > > > > > > AllowOverride None > > AddHandler cgi-script .cgi .pl > > Options ExecCGI > > DirectoryIndex lgform.cgi > > Require all granted > > > > > > When I see httpd-error.log, I see below: > > > > [Thu May 25 16:01:48.035497 2017] [cgi:error] [pid 17135] [client > address:port>] AH01215: (8)Exec format error: exec of > > '/usr/local/htdocs/lg/index.html' failed: /usr/local/htdocs/lg/index. > html > > [Thu May 25 16:01:48.035557 2017] [cgi:error] [pid 17135] [client > address:port>] End of script output before headers: index.html > > > > Best Regards > > > > > > > > On Thu, May 25, 2017 at 10:22 PM, Aaron Dudek > wrote: > >> > >> As far as the Perl stuff > >> try > >> A) Start CPAN Shell: > >> # perl -MCPAN -e shell > >> > >> B) Install a perl module: > >> At cpan> shell prompt install module using install module::Name > >> command. For example install module called MIME::Lite: > >> # cpan> install MIME::Lite > >> > >> Alternatively, try out the following command: > >> # cpan -i MIME::Lite > >> > >> On Thu, May 25, 2017 at 10:17 AM, heasley wrote: > >> > Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: > >> >> 0down votefavorite > >> >> > >> >> > >> >> I am beginner to server world and in general scripting and OS. I have > >> >> managed to run Rancid on my server running Freebsd. Now i am trying > to > >> >> confiugre RANCID Looking glass, i have followed REAMDE.lg that comes > >> >> with > >> >> rancid package but to be honest this is too difficult to understand > >> >> with > >> >> lots of hidden assumptions . ANyways i followed the instricution in > it > >> >> ) > >> >> (whatever I could understand) , when I try to access it thru browser > it > >> >> displays text instead webpage, now I am clueless. The readme says it > >> >> required CGI and Lockfile perl modules, how can I check if these > >> >> modules > >> >> are present on my servers > >> >> > >> >> I would appreciate if anyone has installed rancid looking glass who > can > >> >> help me out or if anyone can provide me a better installation guide > for > >> >> freebsd. > >> > > >> > its been a while since i've setup the lg freshly and the i have yet to > >> > review the suggestion last week from another user on the cisco-nsp > list. > >> > i'll try to do that next week, otherwise the README.lg file is the > only > >> > instruction I have for you ATM. > >> > > >> > _______________________________________________ > >> > Rancid-discuss mailing list > >> > Rancid-discuss at shrubbery.net > >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From AGriesser at anexia-it.com Fri May 26 14:16:10 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 14:16:10 +0000 Subject: [rancid] Updated f5rancid needed Message-ID: <751919928cd546a7a7f4ae56b6e3e476@anx-i-dag01.anx.local> Hi folks, I've upgraded to rancid 3.6.2 yesterday out of Debian jessie-backports and am now having troubles with the f5rancid script which is included in this distribution. The f5rancid version included in this version is: ## $Id: f5rancid.in 3345 2016-04-04 00:24:36Z heas $ But this does not seem to be the latest one, since it's giving me the following errors: Trying to get all of the configs. ERROR: 10.10.10.10 configuration appears truncated. 10.10.10.10: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt, ls --full-time --color=never /config/ssl/ssl.key 10.10.10.10: End of run not found /bin/bigpipe: bigpipe is no longer supported; please use tmsh. I did find an old mailing list entry (http://www.shrubbery.net/pipermail/rancid-discuss/2012-December/006590.html) and someone said to pick the latest version from the "rancid git repo", but I was unable to find the right one I guess. I did find one on github, which reads DEPRECATED in big fat letters at the top and has an updated f5rancid version which does tmsh, but an older build number so I'm a bit confused now. Any idea where I can get the most recent scripts? Thanks in Advance, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 26 14:20:08 2017 From: heas at shrubbery.net (heasley) Date: Fri, 26 May 2017 14:20:08 +0000 Subject: [rancid] Updated f5rancid needed In-Reply-To: <751919928cd546a7a7f4ae56b6e3e476@anx-i-dag01.anx.local> References: <751919928cd546a7a7f4ae56b6e3e476@anx-i-dag01.anx.local> Message-ID: <20170526142008.GE67845@shrubbery.net> Fri, May 26, 2017 at 02:16:10PM +0000, Alexander Griesser: > Hi folks, > > I've upgraded to rancid 3.6.2 yesterday out of Debian jessie-backports and am now having troubles with the f5rancid script which is included in this distribution. > The f5rancid version included in this version is: > > ## $Id: f5rancid.in 3345 2016-04-04 00:24:36Z heas $ > > But this does not seem to be the latest one, since it's giving me the following errors: > > Trying to get all of the configs. > ERROR: 10.10.10.10 configuration appears truncated. > 10.10.10.10: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt, ls --full-time --color=never /config/ssl/ssl.key > 10.10.10.10: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > > I did find an old mailing list entry (http://www.shrubbery.net/pipermail/rancid-discuss/2012-December/006590.html) and someone said to pick the latest version from the "rancid git repo", but I was unable to find the right one I guess. I did find one on github, which reads DEPRECATED in big fat letters at the top and has an updated f5rancid version which does tmsh, but an older build number so I'm a bit confused now. > > Any idea where I can get the most recent scripts? there are two versions of the f5 support ing 3.6.x that are chosen by device type. f5 or bigip. please see etc/rancid.types.base From AGriesser at anexia-it.com Fri May 26 14:22:54 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 14:22:54 +0000 Subject: [rancid] Updated f5rancid needed In-Reply-To: <20170526142008.GE67845@shrubbery.net> References: <751919928cd546a7a7f4ae56b6e3e476@anx-i-dag01.anx.local> <20170526142008.GE67845@shrubbery.net> Message-ID: <7c0f0418ea8848ffa3330d7967c0bccb@anx-i-dag01.anx.local> Awesome, that did it - I had to change from f5 to bigip and now it's working again! Thanks for the swift reponse, Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Urspr?ngliche Nachricht----- Von: heasley [mailto:heas at shrubbery.net] Gesendet: Freitag, 26. Mai 2017 16:20 An: Alexander Griesser Cc: rancid-discuss at shrubbery.net Betreff: Re: [rancid] Updated f5rancid needed Fri, May 26, 2017 at 02:16:10PM +0000, Alexander Griesser: > Hi folks, > > I've upgraded to rancid 3.6.2 yesterday out of Debian jessie-backports and am now having troubles with the f5rancid script which is included in this distribution. > The f5rancid version included in this version is: > > ## $Id: f5rancid.in 3345 2016-04-04 00:24:36Z heas $ > > But this does not seem to be the latest one, since it's giving me the following errors: > > Trying to get all of the configs. > ERROR: 10.10.10.10 configuration appears truncated. > 10.10.10.10: missed cmd(s): ls --full-time --color=never > /config/ssl/ssl.crt, ls --full-time --color=never /config/ssl/ssl.key > 10.10.10.10: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > > I did find an old mailing list entry (http://www.shrubbery.net/pipermail/rancid-discuss/2012-December/006590.html) and someone said to pick the latest version from the "rancid git repo", but I was unable to find the right one I guess. I did find one on github, which reads DEPRECATED in big fat letters at the top and has an updated f5rancid version which does tmsh, but an older build number so I'm a bit confused now. > > Any idea where I can get the most recent scripts? there are two versions of the f5 support ing 3.6.x that are chosen by device type. f5 or bigip. please see etc/rancid.types.base From AGriesser at anexia-it.com Fri May 26 14:38:57 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 14:38:57 +0000 Subject: [rancid] mtrancid - output exclusion? Message-ID: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> Hi, is it possible to exclude some output in mtrancid? We're using rancid to monitor some of those newer Mikrotik CHR appliances and they seem to have some kind of expiring subscription-based license which automatically renews every hour. The problem is, that the next renewal attempt is being shown in the output and therefore gets recognized as a change every hour. This is what those mails look like: # # system-id: i3U6SB8z2vE # level: p-unlimited # limited-upgrades: yes - # next-renewal-at: may/26/2017 13:56:33 + # next-renewal-at: may/26/2017 14:56:43 # deadline-at: apr/09/2017 20:59:59 # # Thanks, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 26 14:42:35 2017 From: heas at shrubbery.net (heasley) Date: Fri, 26 May 2017 14:42:35 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> References: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> Message-ID: <20170526144235.GI67845@shrubbery.net> Fri, May 26, 2017 at 02:38:57PM +0000, Alexander Griesser: > Hi, > > is it possible to exclude some output in mtrancid? We're using rancid to monitor some of those newer Mikrotik CHR appliances and they seem to have some kind of expiring subscription-based license which automatically renews every hour. > The problem is, that the next renewal attempt is being shown in the output and therefore gets recognized as a change every hour. > This is what those mails look like: > which command produces this? mtrancid uses the cmds: 'system package print detail without-paging' => "SystemPackagePrintDetail"}, 'system routerboard print' => "SystemRouterboardPrint"}, 'system license print' => "SystemLicensePrint"}, 'export' => "Export"}, > # > > # system-id: i3U6SB8z2vE > > # level: p-unlimited > > # limited-upgrades: yes > > - # next-renewal-at: may/26/2017 13:56:33 > > + # next-renewal-at: may/26/2017 14:56:43 > > # deadline-at: apr/09/2017 20:59:59 > > # > > # > > Thanks, > > Alexander Griesser > Head of Systems Operations > > ANEXIA Internetdienstleistungs GmbH > > E-Mail: AGriesser at anexia-it.com > Web: http://www.anexia-it.com > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt > Gesch?ftsf?hrer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From AGriesser at anexia-it.com Fri May 26 14:52:28 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 14:52:28 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: <20170526144235.GI67845@shrubbery.net> References: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> <20170526144235.GI67845@shrubbery.net> Message-ID: <3b9673e83be04a0b98d0ff2cb3ea0710@anx-i-dag01.anx.local> Seems to be: > system license print system-id: VE7YcgZWD3E level: p-unlimited limited-upgrades: yes next-renewal-at: may/26/2017 15:41:13 deadline-at: may/09/2017 20:59:59 So I guess I can just remove "system license print" from the commands to be run and should be good with it then? Thanks, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Urspr?ngliche Nachricht----- Von: heasley [mailto:heas at shrubbery.net] Gesendet: Freitag, 26. Mai 2017 16:43 An: Alexander Griesser Cc: rancid-discuss at shrubbery.net Betreff: Re: [rancid] mtrancid - output exclusion? Fri, May 26, 2017 at 02:38:57PM +0000, Alexander Griesser: > Hi, > > is it possible to exclude some output in mtrancid? We're using rancid to monitor some of those newer Mikrotik CHR appliances and they seem to have some kind of expiring subscription-based license which automatically renews every hour. > The problem is, that the next renewal attempt is being shown in the output and therefore gets recognized as a change every hour. > This is what those mails look like: > which command produces this? mtrancid uses the cmds: 'system package print detail without-paging' => "SystemPackagePrintDetail"}, 'system routerboard print' => "SystemRouterboardPrint"}, 'system license print' => "SystemLicensePrint"}, 'export' => "Export"}, > # > > # system-id: i3U6SB8z2vE > > # level: p-unlimited > > # limited-upgrades: yes > > - # next-renewal-at: may/26/2017 13:56:33 > > + # next-renewal-at: may/26/2017 14:56:43 > > # deadline-at: apr/09/2017 20:59:59 > > # > > # > > Thanks, > > Alexander Griesser > Head of Systems Operations > > ANEXIA Internetdienstleistungs GmbH > > E-Mail: AGriesser at anexia-it.com > Web: http://www.anexia-it.com > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt > Gesch?ftsf?hrer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Fri May 26 15:09:43 2017 From: heas at shrubbery.net (heasley) Date: Fri, 26 May 2017 15:09:43 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: <20170526150826.A882022B8F3@sea.shrubbery.net> <3b9673e83be04a0b98d0ff2cb3ea0710@anx-i-dag01.anx.local> Message-ID: <20170526150943.GK67845@shrubbery.net> Fri, May 26, 2017 at 02:52:28PM +0000, Alexander Griesser: > Seems to be: > > > system license print > system-id: VE7YcgZWD3E > level: p-unlimited > limited-upgrades: yes > next-renewal-at: may/26/2017 15:41:13 > deadline-at: may/09/2017 20:59:59 > > So I guess I can just remove "system license print" from the commands to be run and should be good with it then? mt is not a module yet, so yes but it is more difficult. here is a patch to mtrancid that should filter that line. Index: bin/mtrancid.in =================================================================== --- bin/mtrancid.in (revision 3649) +++ bin/mtrancid.in (working copy) @@ -217,6 +217,9 @@ return(1) if /(bad command name )/; s/^\s+//g; + # license renewal timestamp + next if (/^next-renewal-at:/i); + ProcessHistory("COMMENTS","keysort","C1","# $_"); } From AGriesser at anexia-it.com Fri May 26 15:14:01 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 15:14:01 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: <20170526150943.GK67845@shrubbery.net> References: <20170526150826.A882022B8F3@sea.shrubbery.net> <3b9673e83be04a0b98d0ff2cb3ea0710@anx-i-dag01.anx.local> <20170526150943.GK67845@shrubbery.net> Message-ID: <27246af1f29a497492cb62832a368345@anx-i-dag01.anx.local> > Fri, May 26, 2017 at 02:52:28PM +0000, Alexander Griesser: > > Seems to be: > > > > > system license print > > system-id: VE7YcgZWD3E > > level: p-unlimited > > limited-upgrades: yes > > next-renewal-at: may/26/2017 15:41:13 > > deadline-at: may/09/2017 20:59:59 > > > > So I guess I can just remove "system license print" from the commands to be run and should be good with it then? > mt is not a module yet, so yes but it is more difficult. here is a patch to mtrancid that should filter that line. > [ patch snipped ] Works perfectly well, thanks! This is the latest diff of this device, so the line got removed now and should not show up anymore! # system-id: i3U6SB8z2vE # level: p-unlimited # limited-upgrades: yes - # next-renewal-at: may/26/2017 14:56:43 # deadline-at: apr/09/2017 20:59:59 # # Many thanks, -Alex From AGriesser at anexia-it.com Fri May 26 15:46:33 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 15:46:33 +0000 Subject: [rancid] Cisco ASA various troubles Message-ID: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> Hi, again, after the upgrade to 3.6, the following errors started to appear on our infrastructure: Device: Cisco Adaptive Security Appliance Software Version 9.1(7) Trying to get all of the configs. 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full ===================================== Getting missed routers: round 1. 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full ===================================== Getting missed routers: round 2. 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full ===================================== Getting missed routers: round 3. 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full ===================================== Getting missed routers: round 4. 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full If I comment out those two lines in rancid.types.base, it works again: #cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600 #cisco;command;ios::WriteTerm;show running-config view full;workaround for role-based CLI The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now? Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms): Cisco Adaptive Security Appliance Software Version 9.1(7)11 # show running-config view full ^ ERROR: % Invalid input detected at '^' marker. # show version | inc Adaptive Cisco Adaptive Security Appliance Software Version 9.8(1) # show running-config view full ^ ERROR: % Invalid input detected at '^' marker. # dir /all slavesup-bootflash: ^ ERROR: % Invalid input detected at '^' marker. Thanks, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 26 16:02:08 2017 From: heas at shrubbery.net (heasley) Date: Fri, 26 May 2017 16:02:08 +0000 Subject: [rancid] Cisco ASA various troubles In-Reply-To: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> Message-ID: <20170526160208.GA15958@shrubbery.net> Fri, May 26, 2017 at 03:46:33PM +0000, Alexander Griesser: > Hi, > > again, after the upgrade to 3.6, the following errors started to appear on our infrastructure: > > Device: > Cisco Adaptive Security Appliance Software Version 9.1(7) > > Trying to get all of the configs. > 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full > ===================================== > Getting missed routers: round 1. > 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full > ===================================== > Getting missed routers: round 2. > 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full > ===================================== > Getting missed routers: round 3. > 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full > ===================================== > Getting missed routers: round 4. > 1.1.1.1: missed cmd(s): dir /all slavesup-bootflash:, show running-config view full > > If I comment out those two lines in rancid.types.base, it works again: > > #cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600 > #cisco;command;ios::WriteTerm;show running-config view full;workaround for role-based CLI > > The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now? yes; i should have separated ASA/PIX from cisco a long time ago. maybe a future version. > Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms): > > Cisco Adaptive Security Appliance Software Version 9.1(7)11 > # show running-config view full > ^ > ERROR: % Invalid input detected at '^' marker. > > # show version | inc Adaptive > Cisco Adaptive Security Appliance Software Version 9.8(1) > # show running-config view full > ^ > ERROR: % Invalid input detected at '^' marker. > # dir /all slavesup-bootflash: > ^ > ERROR: % Invalid input detected at '^' marker. all of those failures should be ignored. are you sure that the user running rancid is allowed to run those commands? ie: they are unsupported, but perhaps the CLI is returning a command authorization failure error instead of invlid input? if not, more debug output is needed and we should take it off-list. From AGriesser at anexia-it.com Fri May 26 16:06:43 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Fri, 26 May 2017 16:06:43 +0000 Subject: [rancid] Cisco ASA various troubles In-Reply-To: <20170526160208.GA15958@shrubbery.net> References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> <20170526160208.GA15958@shrubbery.net> Message-ID: > > If I comment out those two lines in rancid.types.base, it works again: > > > > #cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600 > > #cisco;command;ios::WriteTerm;show running-config view full;workaround > > for role-based CLI > > > > The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now? > > yes; i should have separated ASA/PIX from cisco a long time ago. maybe a future version. That would be good, I guess :) > > Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms): > > > > [...] > all of those failures should be ignored. are you sure that the user running rancid is allowed to run those commands? Yes, I did also login with my priv 15 account and issued those commands and got the same error message - nothing about command authorization error or anything along those lines, just the "invalid input detected" error. > ie: they are unsupported, but perhaps the CLI is returning a command authorization failure error instead of invlid input? Not as far as I can tell. I think those commands are just not valid for ASAs. For the sake of testing, I did just spin up one of those virtual ASAs (Cisco ASAv) and have tried to run these commands there - doesn't work either: # show running-config view full ^ ERROR: % Invalid input detected at '^' marker. # dir /all ? /recursive List files recursively all-filesystems List files on all filesystems disk0: Directory or file name flash: Directory or file name system: Directory or file name # dir /all slavesup-bootflash: ^ ERROR: % Invalid input detected at '^' marker. > if not, more debug output is needed and we should take it off-list. I would be very greatful for that - just let me know how to provide the needed debug output and where to send it to. Thank you very much! Best, -Alex From doug.hughes at keystonenap.com Fri May 26 19:24:17 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Fri, 26 May 2017 15:24:17 -0400 Subject: [rancid] Cisco ASA various troubles In-Reply-To: References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> <20170526160208.GA15958@shrubbery.net> Message-ID: <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> Doesn't work on ASA 55* here either. However, regarding the first command, these here don't have redundant bootflash, so that first command may be valid on certain systems. I couldn't say. For the secocnd command, I'd recommnd just: "show running-config all" on ASA. On 5/26/2017 12:06 PM, Alexander Griesser wrote: >>> If I comment out those two lines in rancid.types.base, it works again: >>> >>> #cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600 >>> #cisco;command;ios::WriteTerm;show running-config view full;workaround >>> for role-based CLI >>> >>> The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now? >> yes; i should have separated ASA/PIX from cisco a long time ago. maybe a future version. > That would be good, I guess :) > >>> Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms): >>> >>> [...] >> all of those failures should be ignored. are you sure that the user running rancid is allowed to run those commands? > Yes, I did also login with my priv 15 account and issued those commands and got the same error message - nothing about command authorization error or anything along those lines, just the "invalid input detected" error. > >> ie: they are unsupported, but perhaps the CLI is returning a command authorization failure error instead of invlid input? > Not as far as I can tell. I think those commands are just not valid for ASAs. > For the sake of testing, I did just spin up one of those virtual ASAs (Cisco ASAv) and have tried to run these commands there - doesn't work either: > > # show running-config view full > ^ > ERROR: % Invalid input detected at '^' marker. > # dir /all ? > > /recursive List files recursively > all-filesystems List files on all filesystems > disk0: Directory or file name > flash: Directory or file name > system: Directory or file name > > # dir /all slavesup-bootflash: > ^ > ERROR: % Invalid input detected at '^' marker. > >> if not, more debug output is needed and we should take it off-list. > I would be very greatful for that - just let me know how to provide the needed debug output and where to send it to. > Thank you very much! > > Best, > -Alex > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From shouldbeq931 at gmail.com Sat May 27 14:37:40 2017 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Sat, 27 May 2017 15:37:40 +0100 Subject: [rancid] Cisco ASA various troubles In-Reply-To: <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> <20170526160208.GA15958@shrubbery.net> <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> Message-ID: On Fri, May 26, 2017 at 8:24 PM, Doug Hughes wrote: > Doesn't work on ASA 55* here either. > > However, regarding the first command, these here don't have redundant > bootflash, so that first command may be valid on certain systems. I > couldn't say. > > For the secocnd command, I'd recommnd just: "show running-config all" on > ASA. > Or if passwords and pre shared keys (for LDAP and IPsec etc) are desired in RANCID, then "more system:running-config" would be appropriate. See FILTER_PWDS http://www.shrubbery.net/rancid/man/rancid.conf.5.html to remove them if desired. According to the changes, "show running-config view full" was added in 2.3.7 I have a pair of RANCID instances, one running 3.1 and one running 3.6.2, both of them connect to the same set of ASA firewalls, and although the command "show running-config view full" is not valid on any of them, I am not seeing the issue, however none of the ASAs are running with multiple contexts, which may be the case from the OP output, I wonder if this may be related to the issue ? Cheers -------------- next part -------------- An HTML attachment was scrubbed... URL: From timoid at timoid.org Sat May 27 22:45:15 2017 From: timoid at timoid.org (Tim Warnock) Date: Sat, 27 May 2017 22:45:15 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> References: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> Message-ID: As a FYI :- if this is really happening you might want to fix the underlying issue. And yes - there is an issue. Your deadline for re-licence expired in April which is why its retrying all the time... -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alexander Griesser Sent: Saturday, 27 May 2017 12:39 AM To: rancid-discuss at shrubbery.net Subject: [rancid] mtrancid - output exclusion? Hi, is it possible to exclude some output in mtrancid? We're using rancid to monitor some of those newer Mikrotik CHR appliances and they seem to have some kind of expiring subscription-based license which automatically renews every hour. The problem is, that the next renewal attempt is being shown in the output and therefore gets recognized as a change every hour. This is what those mails look like: # # system-id: i3U6SB8z2vE # level: p-unlimited # limited-upgrades: yes - # next-renewal-at: may/26/2017 13:56:33 + # next-renewal-at: may/26/2017 14:56:43 # deadline-at: apr/09/2017 20:59:59 # # Thanks, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 From heas at shrubbery.net Sun May 28 00:13:14 2017 From: heas at shrubbery.net (heasley) Date: Sun, 28 May 2017 00:13:14 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: References: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> Message-ID: <20170528001313.GC34386@shrubbery.net> Sat, May 27, 2017 at 10:45:15PM +0000, Tim Warnock: > As a FYI :- if this is really happening you might want to fix the underlying issue. And yes - there is an issue. > > Your deadline for re-licence expired in April which is why its retrying all the time... should rancid instead just drop the timestamp? ie: keep the nagging, but to once/day. > -----Original Message----- > From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alexander Griesser > Sent: Saturday, 27 May 2017 12:39 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] mtrancid - output exclusion? > > Hi, > > > > is it possible to exclude some output in mtrancid? We're using rancid to monitor some of those newer Mikrotik CHR appliances and they seem to have some kind of expiring subscription-based license which automatically renews every hour. > > The problem is, that the next renewal attempt is being shown in the output and therefore gets recognized as a change every hour. > > This is what those mails look like: > > > > # > > # system-id: i3U6SB8z2vE > > # level: p-unlimited > > # limited-upgrades: yes > > - # next-renewal-at: may/26/2017 13:56:33 > > + # next-renewal-at: may/26/2017 14:56:43 > > # deadline-at: apr/09/2017 20:59:59 > > # > > # > > > > Thanks, > > > > Alexander Griesser > > Head of Systems Operations > > > > ANEXIA Internetdienstleistungs GmbH > > > > E-Mail: AGriesser at anexia-it.com > > Web: http://www.anexia-it.com > > > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt > > Gesch?ftsf?hrer: Alexander Windbichler > > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From AGriesser at anexia-it.com Mon May 29 09:02:50 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Mon, 29 May 2017 09:02:50 +0000 Subject: [rancid] Cisco ASA various troubles In-Reply-To: <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> <20170526160208.GA15958@shrubbery.net> <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> Message-ID: Hi, slavesup-* is only valid on Cisco routers/switches I think - I'm not aware of any supervisor engines even on the bigger ASAs, so I guess this command is invalid on all ASAs. "show running-config all" works on all my ASAs (ASAv, physical ASA, security context) - so this one seems to be good and platform independent. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Doug Hughes Gesendet: Freitag, 26. Mai 2017 21:24 An: rancid-discuss at shrubbery.net Betreff: Re: [rancid] Cisco ASA various troubles Doesn't work on ASA 55* here either. However, regarding the first command, these here don't have redundant bootflash, so that first command may be valid on certain systems. I couldn't say. For the secocnd command, I'd recommnd just: "show running-config all" on ASA. On 5/26/2017 12:06 PM, Alexander Griesser wrote: If I comment out those two lines in rancid.types.base, it works again: #cisco;command;ios::DirSlotN;dir /all slavesup-bootflash:;c7600 #cisco;command;ios::WriteTerm;show running-config view full;workaround for role-based CLI The doesn't seem to be a separate model for Cisco ASA devices, so in my router.db, they're just flagged as "cisco" - is this correct or does this also need to be changed now? yes; i should have separated ASA/PIX from cisco a long time ago. maybe a future version. That would be good, I guess :) Both above mentioned commands do not work on any of my ASAs (tried several versions and platforms): [...] all of those failures should be ignored. are you sure that the user running rancid is allowed to run those commands? Yes, I did also login with my priv 15 account and issued those commands and got the same error message - nothing about command authorization error or anything along those lines, just the "invalid input detected" error. ie: they are unsupported, but perhaps the CLI is returning a command authorization failure error instead of invlid input? Not as far as I can tell. I think those commands are just not valid for ASAs. For the sake of testing, I did just spin up one of those virtual ASAs (Cisco ASAv) and have tried to run these commands there - doesn't work either: # show running-config view full ^ ERROR: % Invalid input detected at '^' marker. # dir /all ? /recursive List files recursively all-filesystems List files on all filesystems disk0: Directory or file name flash: Directory or file name system: Directory or file name # dir /all slavesup-bootflash: ^ ERROR: % Invalid input detected at '^' marker. if not, more debug output is needed and we should take it off-list. I would be very greatful for that - just let me know how to provide the needed debug output and where to send it to. Thank you very much! Best, -Alex _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) [cid:image001.png at 01D2D86B.1BEB9550] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3476 bytes Desc: image001.png URL: From AGriesser at anexia-it.com Mon May 29 09:04:43 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Mon, 29 May 2017 09:04:43 +0000 Subject: [rancid] Cisco ASA various troubles In-Reply-To: References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> <20170526160208.GA15958@shrubbery.net> <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> Message-ID: For the secocnd command, I'd recommnd just: "show running-config all" on ASA. > Or if passwords and pre shared keys (for LDAP and IPsec etc) are desired in RANCID, then "more system:running-config" would be appropriate. This doesn?t work inside security contexts: contextcluster/context01# more system:running-config ^ ERROR: % Invalid input detected at '^' marker. > According to the changes, "show running-config view full" was added in 2.3.7 Which would explain why I didn?t have these issues with 2.3.6 earlier. Best, Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From AGriesser at anexia-it.com Mon May 29 10:30:31 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Mon, 29 May 2017 10:30:31 +0000 Subject: [rancid] mtrancid - output exclusion? In-Reply-To: References: <0e721fc76450427f9eed10066de6a5e8@anx-i-dag01.anx.local> Message-ID: <8b748700a0ea4d09931c41de272371f0@anx-i-dag01.anx.local> This is not entirely correct - this was just the output of one of our testsystems. When you freshly deploy this system, the deadline lies in the future (30 days free trial) and it keeps renewing every hour and changes the configuration for that and therefore generates a rancid diff. Also when installing a valid license, the behaviour is the same - the deadline field is static and won't change and therefore won't show up in the config diff, but the renewal date does and the output does not change when the state of the license changes (from valid to expired, f.ex.) - it's just the renewal-date which changes so this can be safely ignored. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Urspr?ngliche Nachricht----- Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Tim Warnock Gesendet: Sonntag, 28. Mai 2017 00:45 An: rancid-discuss at shrubbery.net Betreff: Re: [rancid] mtrancid - output exclusion? As a FYI :- if this is really happening you might want to fix the underlying issue. And yes - there is an issue. Your deadline for re-licence expired in April which is why its retrying all the time... -----Original Message----- From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alexander Griesser Sent: Saturday, 27 May 2017 12:39 AM To: rancid-discuss at shrubbery.net Subject: [rancid] mtrancid - output exclusion? Hi, is it possible to exclude some output in mtrancid? We're using rancid to monitor some of those newer Mikrotik CHR appliances and they seem to have some kind of expiring subscription-based license which automatically renews every hour. The problem is, that the next renewal attempt is being shown in the output and therefore gets recognized as a change every hour. This is what those mails look like: # # system-id: i3U6SB8z2vE # level: p-unlimited # limited-upgrades: yes - # next-renewal-at: may/26/2017 13:56:33 + # next-renewal-at: may/26/2017 14:56:43 # deadline-at: apr/09/2017 20:59:59 # # Thanks, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From shouldbeq931 at gmail.com Mon May 29 09:49:31 2017 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Mon, 29 May 2017 10:49:31 +0100 Subject: [rancid] Cisco ASA various troubles In-Reply-To: References: <7eb7209463ed4474bdd899b3e975a061@anx-i-dag01.anx.local> <20170526160208.GA15958@shrubbery.net> <6672d7f9-809c-3ae0-56c0-dcc892ee7f62@keystonenap.com> Message-ID: On Mon, May 29, 2017 at 10:04 AM, Alexander Griesser wrote: > For the secocnd command, I'd recommnd just: "show running-config all" on > ASA. > >> Or if passwords and pre shared keys (for LDAP and IPsec etc) are desired >> in RANCID, then "more system:running-config" would be appropriate. > > This doesn?t work inside security contexts: > > contextcluster/context01# more system:running-config > > ERROR: % Invalid input detected at '^' marker. You are correct, more system:running-config only works in the system context on a multiple context ASA, it can also be used to show the config of any of the contexts by reading the appropriate on disk file from the system context. Cheers From tarranum.kamal at gmail.com Mon May 29 17:13:50 2017 From: tarranum.kamal at gmail.com (Tarranum Kamal) Date: Tue, 30 May 2017 01:13:50 +0800 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: References: <20170525141718.GH24772@shrubbery.net> Message-ID: HI Again I managed to fix my cgi issues. Now I need some help in what needs to be updated in conf file to make it work with Nokia routers? Thanks On Fri, May 26, 2017 at 1:12 PM, Tarranum Kamal wrote: > I use your method. The location of perl i think I am sure (see below) > > /usr/local/htdocs/lg % cd /usr/local/bin/perl > perl* perl5* perl5.24.1* perlbug* perldoc* perlivp* > perlthanks* > > > Perl version in use: > > perl -v > > This is perl 5, version 24, subversion 1 (v5.24.1) built for > amd64-freebsd-thread-multi > (with 1 registered patch, see perl -V for more detail) > > Copyright 1987-2016, Larry Wall > > Perl may be copied only under the terms of either the Artistic License or > the > GNU General Public License, which may be found in the Perl 5 source kit. > > Complete documentation for Perl, including FAQ lists, should be found on > this system using "man perl" or "perldoc perl". If you have access to the > Internet, point your browser at http://www.perl.org/, the Perl Home Page. > > Thanks for replying > > BR > > On Fri, May 26, 2017 at 12:52 AM, Aaron Dudek wrote: > >> Did you install the modules using the method I gave? >> Are you sure about the location of the perl modules? >> >> I've never played with the LG and I don't do http. >> >> On Thu, May 25, 2017 at 11:57 AM, Tarranum Kamal >> wrote: >> > Hi Aaron >> > >> > Thanks for your swift reply. Is this going to install CGI and Lockfile >> > module for me ? >> > >> > FYI, httpd.conf file >> > >> > >> > LoadModule cgid_module libexec/apache24/mod_cgid.so >> > >> > >> > LoadModule cgi_module libexec/apache24/mod_cgi.so >> > LoadModule perl_module libexec/apache24/mod_perl.so >> > >> > ScriptAlias /lg /usr/local/htdocs/lg >> > >> > >> > AllowOverride None >> > AddHandler cgi-script .cgi .pl >> > Options ExecCGI >> > DirectoryIndex lgform.cgi >> > Require all granted >> > >> > >> > When I see httpd-error.log, I see below: >> > >> > [Thu May 25 16:01:48.035497 2017] [cgi:error] [pid 17135] [client > > address:port>] AH01215: (8)Exec format error: exec of >> > '/usr/local/htdocs/lg/index.html' failed: >> /usr/local/htdocs/lg/index.html >> > [Thu May 25 16:01:48.035557 2017] [cgi:error] [pid 17135] [client > > address:port>] End of script output before headers: index.html >> > >> > Best Regards >> > >> > >> > >> > On Thu, May 25, 2017 at 10:22 PM, Aaron Dudek >> wrote: >> >> >> >> As far as the Perl stuff >> >> try >> >> A) Start CPAN Shell: >> >> # perl -MCPAN -e shell >> >> >> >> B) Install a perl module: >> >> At cpan> shell prompt install module using install module::Name >> >> command. For example install module called MIME::Lite: >> >> # cpan> install MIME::Lite >> >> >> >> Alternatively, try out the following command: >> >> # cpan -i MIME::Lite >> >> >> >> On Thu, May 25, 2017 at 10:17 AM, heasley wrote: >> >> > Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: >> >> >> 0down votefavorite >> >> >> >> >> >> >> >> >> I am beginner to server world and in general scripting and OS. I >> have >> >> >> managed to run Rancid on my server running Freebsd. Now i am trying >> to >> >> >> confiugre RANCID Looking glass, i have followed REAMDE.lg that comes >> >> >> with >> >> >> rancid package but to be honest this is too difficult to understand >> >> >> with >> >> >> lots of hidden assumptions . ANyways i followed the instricution in >> it >> >> >> ) >> >> >> (whatever I could understand) , when I try to access it thru >> browser it >> >> >> displays text instead webpage, now I am clueless. The readme says it >> >> >> required CGI and Lockfile perl modules, how can I check if these >> >> >> modules >> >> >> are present on my servers >> >> >> >> >> >> I would appreciate if anyone has installed rancid looking glass who >> can >> >> >> help me out or if anyone can provide me a better installation guide >> for >> >> >> freebsd. >> >> > >> >> > its been a while since i've setup the lg freshly and the i have yet >> to >> >> > review the suggestion last week from another user on the cisco-nsp >> list. >> >> > i'll try to do that next week, otherwise the README.lg file is the >> only >> >> > instruction I have for you ATM. >> >> > >> >> > _______________________________________________ >> >> > Rancid-discuss mailing list >> >> > Rancid-discuss at shrubbery.net >> >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > >> > >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tarranum.kamal at gmail.com Tue May 30 11:40:19 2017 From: tarranum.kamal at gmail.com (Tarranum Kamal) Date: Tue, 30 May 2017 19:40:19 +0800 Subject: [rancid] HELP RACNID LOOKING GLASS In-Reply-To: References: <20170525141718.GH24772@shrubbery.net> Message-ID: Hello again I am getting this error when i try to execute ping command You must at least choose a Query and a router. Try buying a clue On Tue, May 30, 2017 at 1:13 AM, Tarranum Kamal wrote: > HI Again > > I managed to fix my cgi issues. Now I need some help in what needs to be > updated in conf file to make it work with Nokia routers? > > Thanks > > > On Fri, May 26, 2017 at 1:12 PM, Tarranum Kamal > wrote: > >> I use your method. The location of perl i think I am sure (see below) >> >> /usr/local/htdocs/lg % cd /usr/local/bin/perl >> perl* perl5* perl5.24.1* perlbug* perldoc* perlivp* >> perlthanks* >> >> >> Perl version in use: >> >> perl -v >> >> This is perl 5, version 24, subversion 1 (v5.24.1) built for >> amd64-freebsd-thread-multi >> (with 1 registered patch, see perl -V for more detail) >> >> Copyright 1987-2016, Larry Wall >> >> Perl may be copied only under the terms of either the Artistic License or >> the >> GNU General Public License, which may be found in the Perl 5 source kit. >> >> Complete documentation for Perl, including FAQ lists, should be found on >> this system using "man perl" or "perldoc perl". If you have access to the >> Internet, point your browser at http://www.perl.org/, the Perl Home Page. >> >> Thanks for replying >> >> BR >> >> On Fri, May 26, 2017 at 12:52 AM, Aaron Dudek wrote: >> >>> Did you install the modules using the method I gave? >>> Are you sure about the location of the perl modules? >>> >>> I've never played with the LG and I don't do http. >>> >>> On Thu, May 25, 2017 at 11:57 AM, Tarranum Kamal >>> wrote: >>> > Hi Aaron >>> > >>> > Thanks for your swift reply. Is this going to install CGI and Lockfile >>> > module for me ? >>> > >>> > FYI, httpd.conf file >>> > >>> > >>> > LoadModule cgid_module libexec/apache24/mod_cgid.so >>> > >>> > >>> > LoadModule cgi_module libexec/apache24/mod_cgi.so >>> > LoadModule perl_module libexec/apache24/mod_perl.so >>> > >>> > ScriptAlias /lg /usr/local/htdocs/lg >>> > >>> > >>> > AllowOverride None >>> > AddHandler cgi-script .cgi .pl >>> > Options ExecCGI >>> > DirectoryIndex lgform.cgi >>> > Require all granted >>> > >>> > >>> > When I see httpd-error.log, I see below: >>> > >>> > [Thu May 25 16:01:48.035497 2017] [cgi:error] [pid 17135] [client >> > address:port>] AH01215: (8)Exec format error: exec of >>> > '/usr/local/htdocs/lg/index.html' failed: >>> /usr/local/htdocs/lg/index.html >>> > [Thu May 25 16:01:48.035557 2017] [cgi:error] [pid 17135] [client >> > address:port>] End of script output before headers: index.html >>> > >>> > Best Regards >>> > >>> > >>> > >>> > On Thu, May 25, 2017 at 10:22 PM, Aaron Dudek >>> wrote: >>> >> >>> >> As far as the Perl stuff >>> >> try >>> >> A) Start CPAN Shell: >>> >> # perl -MCPAN -e shell >>> >> >>> >> B) Install a perl module: >>> >> At cpan> shell prompt install module using install module::Name >>> >> command. For example install module called MIME::Lite: >>> >> # cpan> install MIME::Lite >>> >> >>> >> Alternatively, try out the following command: >>> >> # cpan -i MIME::Lite >>> >> >>> >> On Thu, May 25, 2017 at 10:17 AM, heasley wrote: >>> >> > Thu, May 25, 2017 at 01:17:56PM +0800, Tarranum Kamal: >>> >> >> 0down votefavorite >>> >> >> >>> >> >> >>> >> >> I am beginner to server world and in general scripting and OS. I >>> have >>> >> >> managed to run Rancid on my server running Freebsd. Now i am >>> trying to >>> >> >> confiugre RANCID Looking glass, i have followed REAMDE.lg that >>> comes >>> >> >> with >>> >> >> rancid package but to be honest this is too difficult to understand >>> >> >> with >>> >> >> lots of hidden assumptions . ANyways i followed the instricution >>> in it >>> >> >> ) >>> >> >> (whatever I could understand) , when I try to access it thru >>> browser it >>> >> >> displays text instead webpage, now I am clueless. The readme says >>> it >>> >> >> required CGI and Lockfile perl modules, how can I check if these >>> >> >> modules >>> >> >> are present on my servers >>> >> >> >>> >> >> I would appreciate if anyone has installed rancid looking glass >>> who can >>> >> >> help me out or if anyone can provide me a better installation >>> guide for >>> >> >> freebsd. >>> >> > >>> >> > its been a while since i've setup the lg freshly and the i have yet >>> to >>> >> > review the suggestion last week from another user on the cisco-nsp >>> list. >>> >> > i'll try to do that next week, otherwise the README.lg file is the >>> only >>> >> > instruction I have for you ATM. >>> >> > >>> >> > _______________________________________________ >>> >> > Rancid-discuss mailing list >>> >> > Rancid-discuss at shrubbery.net >>> >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >>> > >>> > >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at falz.net Tue May 30 13:17:24 2017 From: me at falz.net (Chris Wopat) Date: Tue, 30 May 2017 08:17:24 -0500 Subject: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ Message-ID: Two notes with Fortigate (fnrancid)- one a feature request, the other an issue we're trying to pin down. 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled. 2) issue with spacing / tabbing causing excessive diffs. This seemed to have begun happening in FortiOS 5.4 and was not happening on 5.2. It happens in both 5.4 and 5.6 and across various devices (half dozen, 1000d, 600d, 100d.). Random sections of the config line wrap or change their spacing and flip back and forth. It doesn't seem to be excessively wide lines, nor any specific section of the config. This is a change detected between two consecutive runs with no changes made to a device: config system global - set admintimeout 35 + set admintimeout + 35 config system global - set admintimeout - 35 + set admintimeout 35 .. and another: config system global - set disk-usage wanopt + set disk-usage + wanopt config system global - set disk-usage - wanopt + set disk-usage wanopt .. and another: - config - system accprofile + config system accprofile edit "prof_admin" set mntgrp read-write .. and so on - next + next end - next + next end Curious if others are seeing this as well. I've opened a case w/ Fortinet as I believe it's on their side, but have a hard time convincing them. From AGriesser at anexia-it.com Tue May 30 13:25:29 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Tue, 30 May 2017 13:25:29 +0000 Subject: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ In-Reply-To: References: Message-ID: Hi, me too (tm). On all of my fortigates - also happens on Quaggas, fwiw. The linebreaks are hard to ignore for diff, but this one: - next + next end can be fixed by adding "ignore-whitespace" as a diff option which would make sense in all situations I guess; not sure if there's any router/switch/firewall which really cares about whitespace syntax-wise. Best, Alexander Griesser Head of Systems Operations ANEXIA Internetdienstleistungs GmbH E-Mail: AGriesser at anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -----Urspr?ngliche Nachricht----- Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Chris Wopat Gesendet: Dienstag, 30. Mai 2017 15:17 An: rancid-discuss at shrubbery.net Betreff: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ Two notes with Fortigate (fnrancid)- one a feature request, the other an issue we're trying to pin down. 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled. 2) issue with spacing / tabbing causing excessive diffs. This seemed to have begun happening in FortiOS 5.4 and was not happening on 5.2. It happens in both 5.4 and 5.6 and across various devices (half dozen, 1000d, 600d, 100d.). Random sections of the config line wrap or change their spacing and flip back and forth. It doesn't seem to be excessively wide lines, nor any specific section of the config. This is a change detected between two consecutive runs with no changes made to a device: config system global - set admintimeout 35 + set admintimeout + 35 config system global - set admintimeout - 35 + set admintimeout 35 .. and another: config system global - set disk-usage wanopt + set disk-usage + wanopt config system global - set disk-usage - wanopt + set disk-usage wanopt .. and another: - config - system accprofile + config system accprofile edit "prof_admin" set mntgrp read-write .. and so on - next + next end - next + next end Curious if others are seeing this as well. I've opened a case w/ Fortinet as I believe it's on their side, but have a hard time convincing them. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From merijn at trans-ix.nl Tue May 30 13:25:48 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Tue, 30 May 2017 13:25:48 +0000 Subject: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ In-Reply-To: References: Message-ID: <77e2bd37ee1c47788934dc029da3110f@exch02.cloudhosted.local> Hi, We have the same issue with Fortigate 5.0 releases. There was already a discussion on the Rancid list about this, but at this moment the suggestions from that discussion did not solve it for us. Merijn Evertse -----Oorspronkelijk bericht----- Van: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Namens Chris Wopat Verzonden: dinsdag 30 mei 2017 15:17 Aan: rancid-discuss at shrubbery.net Onderwerp: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ Two notes with Fortigate (fnrancid)- one a feature request, the other an issue we're trying to pin down. 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled. 2) issue with spacing / tabbing causing excessive diffs. This seemed to have begun happening in FortiOS 5.4 and was not happening on 5.2. It happens in both 5.4 and 5.6 and across various devices (half dozen, 1000d, 600d, 100d.). Random sections of the config line wrap or change their spacing and flip back and forth. It doesn't seem to be excessively wide lines, nor any specific section of the config. This is a change detected between two consecutive runs with no changes made to a device: config system global - set admintimeout 35 + set admintimeout + 35 config system global - set admintimeout - 35 + set admintimeout 35 .. and another: config system global - set disk-usage wanopt + set disk-usage + wanopt config system global - set disk-usage - wanopt + set disk-usage wanopt .. and another: - config - system accprofile + config system accprofile edit "prof_admin" set mntgrp read-write .. and so on - next + next end - next + next end Curious if others are seeing this as well. I've opened a case w/ Fortinet as I believe it's on their side, but have a hard time convincing them. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss From me at falz.net Tue May 30 14:45:04 2017 From: me at falz.net (Chris Wopat) Date: Tue, 30 May 2017 09:45:04 -0500 Subject: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ In-Reply-To: References: Message-ID: On Tue, May 30, 2017 at 8:25 AM, Alexander Griesser wrote: > Hi, > > me too (tm). > On all of my fortigates - also happens on Quaggas, fwiw. > The linebreaks are hard to ignore for diff, but this one: > > - next > + next > end > > can be fixed by adding "ignore-whitespace" as a diff option which would make sense in all situations I guess; not sure if there's any router/switch/firewall which really cares about whitespace syntax-wise. Curious if others opened tickets with Fortigate on this? Perhaps if a few of us did they'd get the memo. From AGriesser at anexia-it.com Tue May 30 15:25:16 2017 From: AGriesser at anexia-it.com (Alexander Griesser) Date: Tue, 30 May 2017 15:25:16 +0000 Subject: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+ In-Reply-To: References: Message-ID: <784582cd391e47fabb3a84df7bc04224@anx-i-dag01.anx.local> > > me too (tm). > > On all of my fortigates - also happens on Quaggas, fwiw. > > The linebreaks are hard to ignore for diff, but this one: > > > > - next > > + next > > end > > > > can be fixed by adding "ignore-whitespace" as a diff option which would make sense in all situations I guess; not sure if there's any router/switch/firewall which really cares about whitespace syntax-wise. > > > Curious if others opened tickets with Fortigate on this? Perhaps if a few of us did they'd get the memo. I personally did not and I'm not sure if they would care after all. From my experience, they will most likely tell you to use the integrated config backup option of their systems rather than using unsupported third party tools to retrieve the configuration. Best, /AG