From heas at shrubbery.net Fri Feb 2 18:17:21 2018 From: heas at shrubbery.net (heasley) Date: Fri, 2 Feb 2018 18:17:21 +0000 Subject: [rancid] problem with new Aruba/HP 2920 In-Reply-To: <1eccf63a-342f-8f44-e426-7452ac19bd4f@keystonenap.com> References: <3af3aee3-e866-6bcc-0e71-c840bde92729@keystonenap.com> <20180127162333.GC16976@shrubbery.net> <1eccf63a-342f-8f44-e426-7452ac19bd4f@keystonenap.com> Message-ID: <20180202181721.GM32981@shrubbery.net> Sat, Jan 27, 2018 at 12:15:11PM -0500, Doug Hughes: > Further oddness: > [rancid at services bin]$ ls -l hpuifilter > -rwxr-xr-x 1 rancid rancid 26908 Jan 27 10:53 hpuifilter > [rancid at services bin]$ ls -l ../download/rancid-3.7/bin/hpuifilter > -rwxrwxr-x 1 rancid rancid 27068 Jan 27 10:51 > ../download/rancid-3.7/bin/hpuifilter > > so, the one in the bin directory after make install has a more recent > timestamp.. Makes sense.. > but if I run gdb on the one in the download directory, it doesn't core > dump and seems to work fine. > Does make install do something funky to the one in the bin directory? sorry for the delay; been very busy. it might affect the timestamp, but not the size, unless your install is stripping symbols or it was using libtool. rancid does not use libtool. you can test the strip premise by removing -s from install in bin/Makefile: INSTALL_STRIP_PROGRAM = $(install_sh) -c -s It is possible that your environment has something else that alters the elf header, eg: set lib search paths. 160b is a small difference; so perhaps. > I copied the build version from the build directory into my bin > directory and no more problems with hlogin or hpuifilter. > > I wasn't getting very far with gdb.. clearly there's an overwrite in > there somewhere, but I wasn't able to easily setup breakpoints > sufficient to catch it. "Debugging with stdin and terminal response is > hard." > > > > > From ko at sv01.de Mon Feb 5 13:56:57 2018 From: ko at sv01.de (Kevin Olbrich) Date: Mon, 5 Feb 2018 14:56:57 +0100 Subject: [rancid] Getting h3crancid to work Message-ID: Hi! I got some HP 5130 switches (rebranded Comware / H3C). Can someone tell me how I get this to work? https://sites.google.com/site/jrbinks/code/rancid/h3c After fixing two path errors (expect path, etc.) I still don't get where I should add "h3c". When I had to add plugins like this, I had to edit the types-config and nothing in rancid-fe. I am currently on rancid (3.7-1~bpo9+1) - Debian Stretch backports. Kind regards, Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Mon Feb 5 14:01:43 2018 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 5 Feb 2018 14:01:43 +0000 (GMT) Subject: [rancid] Getting h3crancid to work In-Reply-To: References: Message-ID: Try this instead; https://sites.google.com/site/jrbinks/code/rancid/cmwrancid but I might need to send you updated cmw.pm and cmwlogin if you could test those and feedback? h3c module was for rancid 2 really. Jethro. On Mon, 5 Feb 2018, Kevin Olbrich wrote: > Hi! > > I got some HP 5130 switches (rebranded Comware / H3C). > Can someone tell me how I get this to work? > > https://sites.google.com/site/jrbinks/code/rancid/h3c > > After fixing two path errors (expect path, etc.) I still don't get where I > should add "h3c". > When I had to add plugins like this, I had to edit the types-config and > nothing in rancid-fe. > > I am currently on rancid (3.7-1~bpo9+1) - Debian Stretch backports. > > Kind regards, > Kevin > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From andrewm659 at yahoo.com Mon Feb 5 15:44:40 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Mon, 5 Feb 2018 15:44:40 +0000 (UTC) Subject: [rancid] Juniper switches and firewall References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> Message-ID: <1639466339.3833247.1517845480046@mail.yahoo.com> I just installed a new version of RANCiD 3.x on FreeBSD 11.1.? I've almost got everything working.?? I am getting the following errors: Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or directory at /usr/local/libexec/rancid/rancid-fe line 68.juniper-srx: missed cmd(s): all commandsjuniper-srx: End of run not foundjuniper-srx jlogin error: Error: Couldn't login#ERROR: juniper-srx?configuration appears truncated.ERROR: juniper-srx?configuration appears truncated.juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration systemjuniper-srx: End of run not found{primary:node1}juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration systemjuniper-srx: End of run not found I'm not sure what the issue, unless there is problem within the script.? Still researching the issue, but figured I would ask the mailing list. Thank you,Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at foobar.org Mon Feb 5 17:04:31 2018 From: nick at foobar.org (Nick Hilliard) Date: Mon, 05 Feb 2018 17:04:31 +0000 Subject: [rancid] Juniper switches and firewall In-Reply-To: <1639466339.3833247.1517845480046@mail.yahoo.com> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> Message-ID: <5A788E9F.8040505@foobar.org> this looks like a bug in the freebsd package - rancid.types.conf is not included. This isn't terminal though. You have two options: > 1. touch /usr/local/etc/rancid/rancid.types.conf > 2. wget -O /usr/local/etc/rancid/rancid.types.conf http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf It would probably be a good idea to alert the package maintainer about this, or file a bug in FreeBSD bugzilla. Nick Andrew Meyer wrote: > I just installed a new version of RANCiD 3.x on FreeBSD 11.1. I've > almost got everything working. > > I am getting the following errors: > > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > Could not open /usr/local/etc/rancid/rancid.types.conf: No such file or > directory at /usr/local/libexec/rancid/rancid-fe line 68. > juniper-srx: missed cmd(s): all commands > juniper-srx: End of run not found > juniper-srx jlogin error: Error: Couldn't login > # > ERROR: juniper-srx configuration appears truncated. > ERROR: juniper-srx configuration appears truncated. > juniper-srx: missed cmd(s): show configuration access, show > configuration applications, show configuration bridge-domains, show > configuration chassis, show configuration class-of-service, show > configuration ethernet-switching-options, show configuration > event-options, show configuration firewall, show configuration > forwarding-options, show configuration interfaces, show configuration > protocols, show configuration routing-instances, show configuration > routing-options, show configuration security, show configuration > services, show configuration smtp, show configuration snmp, show > configuration switch-options, show configuration system > juniper-srx: End of run not found > {primary:node1} > juniper-srx: missed cmd(s): show configuration access, show > configuration applications, show configuration bridge-domains, show > configuration chassis, show configuration class-of-service, show > configuration ethernet-switching-options, show configuration > event-options, show configuration firewall, show configuration > forwarding-options, show configuration interfaces, show configuration > protocols, show configuration routing-instances, show configuration > routing-options, show configuration security, show configuration > services, show configuration smtp, show configuration snmp, show > configuration switch-options, show configuration system > juniper-srx: End of run not found > > I'm not sure what the issue, unless there is problem within the script. > Still researching the issue, but figured I would ask the mailing list. > > Thank you, > Andrew > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Feb 5 17:29:13 2018 From: heas at shrubbery.net (heasley) Date: Mon, 5 Feb 2018 17:29:13 +0000 Subject: [rancid] Juniper switches and firewall In-Reply-To: <5A788E9F.8040505@foobar.org> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> <5A788E9F.8040505@foobar.org> Message-ID: <20180205172912.GH2030@shrubbery.net> Mon, Feb 05, 2018 at 05:04:31PM +0000, Nick Hilliard: > this looks like a bug in the freebsd package - rancid.types.conf is not > included. This isn't terminal though. > > You have two options: > > > 1. touch /usr/local/etc/rancid/rancid.types.conf > > 2. wget -O /usr/local/etc/rancid/rancid.types.conf http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf > > It would probably be a good idea to alert the package maintainer about > this, or file a bug in FreeBSD bugzilla. an empty file will suffice; there are device examples the file. From andrewm659 at yahoo.com Mon Feb 5 18:43:23 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Mon, 5 Feb 2018 18:43:23 +0000 (UTC) Subject: [rancid] Juniper switches and firewall In-Reply-To: <20180205172912.GH2030@shrubbery.net> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> <5A788E9F.8040505@foobar.org> <20180205172912.GH2030@shrubbery.net> Message-ID: <857355233.3895157.1517856203680@mail.yahoo.com> Touched the file.? Still getting the errors. On Monday, February 5, 2018 11:29 AM, heasley wrote: Mon, Feb 05, 2018 at 05:04:31PM +0000, Nick Hilliard: > this looks like a bug in the freebsd package - rancid.types.conf is not > included.? This isn't terminal though. > > You have two options: > > > 1. touch /usr/local/etc/rancid/rancid.types.conf > > 2. wget -O /usr/local/etc/rancid/rancid.types.conf http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf > > It would probably be a good idea to alert the package maintainer about > this, or file a bug in FreeBSD bugzilla. an empty file will suffice; there are device examples the file. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Feb 5 19:59:02 2018 From: heas at shrubbery.net (heasley) Date: Mon, 5 Feb 2018 19:59:02 +0000 Subject: [rancid] Juniper switches and firewall In-Reply-To: <857355233.3895157.1517856203680@mail.yahoo.com> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> <5A788E9F.8040505@foobar.org> <20180205172912.GH2030@shrubbery.net> <857355233.3895157.1517856203680@mail.yahoo.com> Message-ID: <20180205195902.GU2030@shrubbery.net> Mon, Feb 05, 2018 at 06:43:23PM +0000, Andrew Meyer: > Touched the file.? Still getting the errors. are you sure the error(s) are the same? share them. > On Monday, February 5, 2018 11:29 AM, heasley wrote: > > > Mon, Feb 05, 2018 at 05:04:31PM +0000, Nick Hilliard: > > this looks like a bug in the freebsd package - rancid.types.conf is not > > included.? This isn't terminal though. > > > > You have two options: > > > > > 1. touch /usr/local/etc/rancid/rancid.types.conf > > > 2. wget -O /usr/local/etc/rancid/rancid.types.conf http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf > > > > It would probably be a good idea to alert the package maintainer about > > this, or file a bug in FreeBSD bugzilla. > > an empty file will suffice; there are device examples the file. > > > From andrewm659 at yahoo.com Mon Feb 5 20:03:55 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Mon, 5 Feb 2018 20:03:55 +0000 (UTC) Subject: [rancid] Juniper switches and firewall In-Reply-To: <20180205195902.GU2030@shrubbery.net> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> <5A788E9F.8040505@foobar.org> <20180205172912.GH2030@shrubbery.net> <857355233.3895157.1517856203680@mail.yahoo.com> <20180205195902.GU2030@shrubbery.net> Message-ID: <193796699.3966629.1517861035651@mail.yahoo.com> Sorry about that: Getting missed routers: round 4. juniper-srx: missed cmd(s): all commands juniper-srx: End of run not found juniper-srx jlogin error: Error: Couldn't login # ERROR: F5 configuration appears truncated. ERROR: F5 configuration appears truncated. F5: End of run not found /bin/bigpipe: bigpipe is no longer supported; please use tmsh. F5: End of run not found /bin/bigpipe: bigpipe is no longer supported; please use tmsh. ERROR: F5 configuration appears truncated. ERROR: F5 configuration appears truncated. F5: End of run not found /bin/bigpipe: bigpipe is no longer supported; please use tmsh. unknown router manufacturer for brocade-switch: vdx unknown router manufacturer for brocade-switch: vdx unknown router manufacturer for brocade-switch: vdx unknown router manufacturer for brocade-switch: vdx F5: End of run not found /bin/bigpipe: bigpipe is no longer supported; please use tmsh. ERROR: juniper-srx configuration appears truncated. juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration system juniper-srx: End of run not found {primary:node1} ERROR: juniper-srx configuration appears truncated. ERROR: juniper-srx configuration appears truncated. juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration system juniper-srx: End of run not found {primary:node0} juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration system juniper-srx: End of run not found {primary:node1} [master 342df7a] updates 1 file changed, 4 insertions(+), 4 deletions(-) To /usr/local/var/rancid/GIT/NetworkDevices 5fb875b..342df7a master -> master ending: Mon Feb 5 06:05:28 CST 2018 $ On Monday, February 5, 2018 1:59 PM, heasley wrote: Mon, Feb 05, 2018 at 06:43:23PM +0000, Andrew Meyer: > Touched the file. Still getting the errors. are you sure the error(s) are the same? share them. > On Monday, February 5, 2018 11:29 AM, heasley wrote: > > > Mon, Feb 05, 2018 at 05:04:31PM +0000, Nick Hilliard: > > this looks like a bug in the freebsd package - rancid.types.conf is not > > included. This isn't terminal though. > > > > You have two options: > > > > > 1. touch /usr/local/etc/rancid/rancid.types.conf > > > 2. wget -O /usr/local/etc/rancid/rancid.types.conf http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf > > > > It would probably be a good idea to alert the package maintainer about > > this, or file a bug in FreeBSD bugzilla. > > an empty file will suffice; there are device examples the file. > > > From heas at shrubbery.net Mon Feb 5 23:07:52 2018 From: heas at shrubbery.net (heasley) Date: Mon, 5 Feb 2018 23:07:52 +0000 Subject: [rancid] Juniper switches and firewall In-Reply-To: <193796699.3966629.1517861035651@mail.yahoo.com> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> <5A788E9F.8040505@foobar.org> <20180205172912.GH2030@shrubbery.net> <857355233.3895157.1517856203680@mail.yahoo.com> <20180205195902.GU2030@shrubbery.net> <193796699.3966629.1517861035651@mail.yahoo.com> Message-ID: <20180205230752.GB3173@shrubbery.net> Mon, Feb 05, 2018 at 08:03:55PM +0000, Andrew Meyer: > Sorry about that: > > Getting missed routers: round 4. > juniper-srx: missed cmd(s): all commands > juniper-srx: End of run not found > juniper-srx jlogin error: Error: Couldn't login self explanatory > # > ERROR: F5 configuration appears truncated. > ERROR: F5 configuration appears truncated. > F5: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > F5: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > ERROR: F5 configuration appears truncated. > ERROR: F5 configuration appears truncated. > F5: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. there are is a separate type for the newer f5s. see rancid.types.base. > unknown router manufacturer for brocade-switch: vdx > unknown router manufacturer for brocade-switch: vdx > unknown router manufacturer for brocade-switch: vdx > unknown router manufacturer for brocade-switch: vdx > F5: End of run not found there is no device type vdx; you must have added it and will need to replace it in rancid.types.conf. or one of the types that come with ranicd might work - see rancid.types.base > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > ERROR: juniper-srx configuration appears truncated. > juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration system > juniper-srx: End of run not found > {primary:node1} > ERROR: juniper-srx configuration appears truncated. > ERROR: juniper-srx configuration appears truncated. no idea; see the debugging methods in the rancid FAQ. From andrewm659 at yahoo.com Mon Feb 5 23:51:02 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Mon, 5 Feb 2018 23:51:02 +0000 (UTC) Subject: [rancid] Juniper switches and firewall In-Reply-To: <20180205230752.GB3173@shrubbery.net> References: <1639466339.3833247.1517845480046.ref@mail.yahoo.com> <1639466339.3833247.1517845480046@mail.yahoo.com> <5A788E9F.8040505@foobar.org> <20180205172912.GH2030@shrubbery.net> <857355233.3895157.1517856203680@mail.yahoo.com> <20180205195902.GU2030@shrubbery.net> <193796699.3966629.1517861035651@mail.yahoo.com> <20180205230752.GB3173@shrubbery.net> Message-ID: <309540627.4160537.1517874662693@mail.yahoo.com> Oops.? Lots of thing going on today.?? the VDX is actually for brocade.? I'll continue to test the srx devices.?? Thank you! On Monday, February 5, 2018 5:07 PM, heasley wrote: Mon, Feb 05, 2018 at 08:03:55PM +0000, Andrew Meyer: > Sorry about that: > > Getting missed routers: round 4. > juniper-srx: missed cmd(s): all commands > juniper-srx: End of run not found > juniper-srx jlogin error: Error: Couldn't login self explanatory > # > ERROR: F5 configuration appears truncated. > ERROR: F5 configuration appears truncated. > F5: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > F5: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > ERROR: F5 configuration appears truncated. > ERROR: F5 configuration appears truncated. > F5: End of run not found > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. there are is a separate type for the newer f5s.? see rancid.types.base. > unknown router manufacturer for brocade-switch: vdx > unknown router manufacturer for brocade-switch: vdx > unknown router manufacturer for brocade-switch: vdx > unknown router manufacturer for brocade-switch: vdx > F5: End of run not found there is no device type vdx; you must have added it and will need to replace it in rancid.types.conf.? or one of the types that come with ranicd might work - see rancid.types.base > /bin/bigpipe: bigpipe is no longer supported; please use tmsh. > ERROR: juniper-srx configuration appears truncated. > juniper-srx: missed cmd(s): show configuration access, show configuration applications, show configuration bridge-domains, show configuration chassis, show configuration class-of-service, show configuration ethernet-switching-options, show configuration event-options, show configuration firewall, show configuration forwarding-options, show configuration interfaces, show configuration protocols, show configuration routing-instances, show configuration routing-options, show configuration security, show configuration services, show configuration smtp, show configuration snmp, show configuration switch-options, show configuration system > juniper-srx: End of run not found > {primary:node1} > ERROR: juniper-srx configuration appears truncated. > ERROR: juniper-srx configuration appears truncated. no idea; see the debugging methods in the rancid FAQ. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ko at sv01.de Tue Feb 6 14:26:31 2018 From: ko at sv01.de (Kevin Olbrich) Date: Tue, 6 Feb 2018 15:26:31 +0100 Subject: [rancid] Getting h3crancid to work In-Reply-To: References: Message-ID: Hi! Thank you. I think you are right. I am on Debian 9 and I get this error in rancid logs when I try to collect from one of these switches: Trying to get all of the configs. wrong # args: should be "set varName ?newValue?" while executing "set do_command 0 set do_script 0" (file "/usr/lib/rancid/bin/cmwlogin" line 68) Kind regards Kevin 2018-02-05 15:01 GMT+01:00 Jethro R Binks : > Try this instead; > > https://sites.google.com/site/jrbinks/code/rancid/cmwrancid > > but I might need to send you updated cmw.pm and cmwlogin if you could test > those and feedback? > > h3c module was for rancid 2 really. > > Jethro. > > > On Mon, 5 Feb 2018, Kevin Olbrich wrote: > > > Hi! > > > > I got some HP 5130 switches (rebranded Comware / H3C). > > Can someone tell me how I get this to work? > > > > https://sites.google.com/site/jrbinks/code/rancid/h3c > > > > After fixing two path errors (expect path, etc.) I still don't get where > I > > should add "h3c". > > When I had to add plugins like this, I had to edit the types-config and > > nothing in rancid-fe. > > > > I am currently on rancid (3.7-1~bpo9+1) - Debian Stretch backports. > > > > Kind regards, > > Kevin > > > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks, Network Manager, > Information Services Directorate, University Of Strathclyde, Glasgow, UK > > The University of Strathclyde is a charitable body, registered in > Scotland, number SC015263. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at yahoo.com Tue Feb 6 20:14:35 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Tue, 6 Feb 2018 20:14:35 +0000 (UTC) Subject: [rancid] Brocade VDX References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com> Message-ID: <1221278298.4896124.1517948075907@mail.yahoo.com> I have 4 Brocade VDX 6740 switches that I am trying to add to RANCiD. Has anyone gotten these to work? I'm trying to write documentation so I can repeat this in the future. This is what I have found so far. But I'm running this on FreeBSD 11.1. I'm ok if I need to patch it. Just loooking for the right way to add this to the system or patch it. http://www.shrubbery.net/pipermail/rancid-discuss/2017-April/009534.html https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/Automatic-backup-for-brocade-VDX-Switches/td-p/84924 https://webclient.obs.j0ke.net/package/view_file/server:monitoring/rancid-stable/rancid.types.conf https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/ http://www.dmcservicescorp.com/?p=2064 https://tobru.ch/backup-brocade-router-config-with-rancid/ From picoleto420 at gmail.com Wed Feb 7 19:05:19 2018 From: picoleto420 at gmail.com (Pico Leto) Date: Wed, 7 Feb 2018 11:05:19 -0800 Subject: [rancid] Role Privileges for Nexus 9k Message-ID: Hi, I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'. The command is actually available however you have to be in config term mode to see the output. Role: rancid Description: rancid restricted access Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 4 permit command dir * 3 permit command show * 2 permit command terminal * 1 permit command show running-config Debug: rancid -t cisco-nx -d host.xx.xx loadtype: device type cisco-nx loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx PROMPT MATCH: host.xx# HIT COMMAND:host.xx# term no monitor-force In RunCommand: host.xx# term no monitor-force HIT COMMAND:host.xx# show version In ShowVersion: host.xx# show version TYPE = NXOS HIT COMMAND:host.xx# show version build-info all In ShowVersionBuild: host.xx# show version build-info all HIT COMMAND:host.xx# show license In ShowLicense: host.xx# show license HIT COMMAND:host.xx# show license usage In ShowLicense: host.xx# show license usage HIT COMMAND:host.xx# show license host.xx.xx-id In ShowLicense: host.xx# show license host.xx.xx-id HIT COMMAND:host.xx# show system redundancy status In ShowRedundancy: host.xx# show system redundancy status host.xx.xx: show system redundancy status failed: -1 host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex host.xx.xx: End of run not found host.xx.xx: clean_run is false host.xx.xx: found_end is false -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Thu Feb 8 21:33:54 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Thu, 8 Feb 2018 21:33:54 +0000 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: References: Message-ID: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices. weylin From: Pico Leto Date: Wednesday, February 7, 2018 at 2:05 PM To: Subject: [rancid] Role Privileges for Nexus 9k Hi, I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'. The command is actually available however you have to be in config term mode to see the output. Role: rancid Description: rancid restricted access Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 4 permit command dir * 3 permit command show * 2 permit command terminal * 1 permit command show running-config Debug: rancid -t cisco-nx -d host.xx.xx loadtype: device type cisco-nx loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx PROMPT MATCH: host.xx# HIT COMMAND:host.xx# term no monitor-force In RunCommand: host.xx# term no monitor-force HIT COMMAND:host.xx# show version In ShowVersion: host.xx# show version TYPE = NXOS HIT COMMAND:host.xx# show version build-info all In ShowVersionBuild: host.xx# show version build-info all HIT COMMAND:host.xx# show license In ShowLicense: host.xx# show license HIT COMMAND:host.xx# show license usage In ShowLicense: host.xx# show license usage HIT COMMAND:host.xx# show license host.xx.xx-id In ShowLicense: host.xx# show license host.xx.xx-id HIT COMMAND:host.xx# show system redundancy status In ShowRedundancy: host.xx# show system redundancy status host.xx.xx: show system redundancy status failed: -1 host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex host.xx.xx: End of run not found host.xx.xx: clean_run is false host.xx.xx: found_end is false -------------- next part -------------- An HTML attachment was scrubbed... URL: From picoleto420 at gmail.com Fri Feb 9 05:17:07 2018 From: picoleto420 at gmail.com (Pico Leto) Date: Thu, 8 Feb 2018 21:17:07 -0800 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> References: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> Message-ID: Hi, I'm definitely running NX-OS however running the debug under cisco-xr gives me better results, with the exception that the end of run isn't found $ rancid -t cisco-xr -d host.xx. loadtype: device type cisco-xr loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt no-timestamp;admin show version;admin show install summary;admin show license udi;admin show license;admin show variables boot;admin show hw-module fpd location all;show redundancy secondary;show install active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin show running;show running-config" host.xx. PROMPT MATCH: host.xx# HIT COMMAND:host.xx# terminal no-timestamp In RunCommand: host.xx# terminal no-timestamp HIT COMMAND:host.xx# terminal exec prompt no-timestamp In RunCommand: host.xx# terminal exec prompt no-timestamp HIT COMMAND:host.xx# admin show version In ShowVersion: host.xx# admin show version HIT COMMAND:host.xx# admin show install summary In ShowInstallSummary: host.xx# admin show install summary HIT COMMAND:host.xx# admin show license u In ShowLicense: host.xx# admin show license udi HIT COMMAND:host.xx# admin show license In ShowLicense: host.xx# admin show license HIT COMMAND:host.xx# admin show variables boot In ShowBootVar: host.xx# admin show variables boot HIT COMMAND:host.xx# admin show hw-module fpd location all In ShowRunning: host.xx# admin show hw-module fpd location all HIT COMMAND:host.xx# show redundancy secondary In ShowRedundancy: host.xx# show redundancy secondary HIT COMMAND:host.xx# show install active In ShowInstallActive: host.xx# show install active HIT COMMAND:host.xx# admin show env all In ShowEnv: host.xx# admin show env all HIT COMMAND:host.xx# dir /all nvram: In DirSlotN: host.xx# dir /all nvram: HIT COMMAND:host.xx# dir /all bootflash: In DirSlotN: host.xx# dir /all bootflash: HIT COMMAND:host.xx# dir /all compactflash: In DirSlotN: host.xx# dir /all compactflash: HIT COMMAND:host.xx# dir /all compactflasha: In DirSlotN: host.xx# dir /all compactflasha: HIT COMMAND:host.xx# dir /all slot0: In DirSlotN: host.xx# dir /all slot0: HIT COMMAND:host.xx# dir /all disk0: In DirSlotN: host.xx# dir /all disk0: HIT COMMAND:host.xx# dir /all disk0a: In DirSlotN: host.xx# dir /all disk0a: HIT COMMAND:host.xx# dir /all slot1: In DirSlotN: host.xx# dir /all slot1: HIT COMMAND:host.xx# dir /all disk1: In DirSlotN: host.xx# dir /all disk1: HIT COMMAND:host.xx# dir /all disk1a: In DirSlotN: host.xx# dir /all disk1a: HIT COMMAND:host.xx# dir /all slot2: In DirSlotN: host.xx# dir /all slot2: HIT COMMAND:host.xx# dir /all disk2: In DirSlotN: host.xx# dir /all disk2: HIT COMMAND:host.xx# dir /all harddisk: In DirSlotN: host.xx# dir /all harddisk: HIT COMMAND:host.xx# dir /all harddiska: In DirSlotN: host.xx# dir /all harddiska: HIT COMMAND:host.xx# dir /all harddiskb: In DirSlotN: host.xx# dir /all harddiskb: HIT COMMAND:host.xx# show controllers In ShowContAll: host.xx# show controllers HIT COMMAND:host.xx# admin show diag In ShowDiag: host.xx# admin show diag HIT COMMAND:host.xx# admin show inventory raw In ShowInventory: host.xx# admin show inventory raw HIT COMMAND:host.xx# show vlan In ShowVLAN: host.xx# show vlan HIT COMMAND:host.xx# show debug In ShowDebug: host.xx# show debug HIT COMMAND:host.xx# show rpl maximum In ShowRPL: host.xx# show rpl maximum HIT COMMAND:host.xx# admin show running In ShowRunning: host.xx# admin show running HIT COMMAND:host.xx# show running-config In WriteTerm: host.xx# show running-config host.xx.: End of run not found host.xx.: found_end is false On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William wrote: > Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it > supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and > UCS devices. > > weylin > > > > *From: *Pico Leto > *Date: *Wednesday, February 7, 2018 at 2:05 PM > *To: * > *Subject: *[rancid] Role Privileges for Nexus 9k > > > > Hi, > > > > I seem to be having some troubles backing up my configs for a ASR9k > (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 > > > > I thought I created the correct role for rancid to run under however my > debug seems to end after 'system redundancy status'. The command is > actually available however you have to be in config term mode to see the > output. > > > > Role: rancid > > Description: rancid restricted access > > Vlan policy: permit (default) > > Interface policy: permit (default) > > Vrf policy: permit (default) > > ------------------------------------------------------------------- > > Rule Perm Type Scope Entity > > ------------------------------------------------------------------- > > 4 permit command dir * > > 3 permit command show * > > 2 permit command terminal * > > 1 permit command show running-config > > > > Debug: > > > > rancid -t cisco-nx -d host.xx.xx > > loadtype: device type cisco-nx > > loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid. > types.base > > executing clogin -t 90 -c"term no monitor-force;show version;show version > build-info all;show license;show license usage;show license > host.xx.xx-id;show system redundancy status;show environment clock;show > environment fan;show environment fex all fan;show environment > temperature;show environment power;show boot;dir bootflash:;dir debug:;dir > logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show > module xbar;show inventory;show vtp status;show vlan;show debug;show cores > vdc-all;show processes log vdc-all;show module fex;show fex;show > running-config" host.xx.xx > > PROMPT MATCH: host.xx# > > HIT COMMAND:host.xx# term no monitor-force > > In RunCommand: host.xx# term no monitor-force > > HIT COMMAND:host.xx# show version > > In ShowVersion: host.xx# show version > > TYPE = NXOS > > HIT COMMAND:host.xx# show version build-info all > > In ShowVersionBuild: host.xx# show version build-info all > > HIT COMMAND:host.xx# show license > > In ShowLicense: host.xx# show license > > HIT COMMAND:host.xx# show license usage > > In ShowLicense: host.xx# show license usage > > HIT COMMAND:host.xx# show license host.xx.xx-id > > In ShowLicense: host.xx# show license host.xx.xx-id > > HIT COMMAND:host.xx# show system redundancy status > > In ShowRedundancy: host.xx# show system redundancy status > > host.xx.xx: show system redundancy status failed: -1 > > host.xx.xx: missed cmd(s): show environment clock, show environment fan, > show environment fex all fan, show environment temperature, show > environment power, show boot, dir bootflash:, dir debug:, dir logflash:, > dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module > xbar, show inventory, show vtp status, show vlan, show debug, show cores > vdc-all, show processes log vdc-all, show module fex, show fex > > host.xx.xx: End of run not found > > host.xx.xx: clean_run is false > > host.xx.xx: found_end is false > -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Fri Feb 9 05:54:02 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 9 Feb 2018 05:54:02 +0000 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: References: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> Message-ID: <71E0C8F7-6A69-472E-AC5B-EC6F543E8C11@bu.edu> If it?s made by Cisco and its running NX-OS, it can?t be an ASR9k: https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html (The non-advertised thing is that UCS also runs NX-OS under the hood.) If it?s a ?C93108TC-EX?, then it?s likely a Nexus 93108TC-EX: https://www.cisco.com/c/en/us/support/switches/nexus-93108tc-ex-switch/model.html Are you running it in ACI or NXOS mode? Actually nevermind, 7-point-anything is non-ACI. To make certain about the hardware type, can you do a ?show version | include hassis ; show version | inc ersion? (yes, with those first letters missing to avoid capitalization issues) and send the output? This is what I get one of my ASR 9k: RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show version | include ersion #sh ver | include hassis Fri Feb 9 00:36:45.478 EST ASR-9001 Chassis #show ver | inc ersion Fri Feb 9 00:36:53.058 EST Cisco IOS XR Software, Version 5.3.3[Default] ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON], RP/0/RSP0/CPU0:Comm595-bdr-gw01# And one of my Nexus 9k: cumm111-0b05es63# show version | include hassis ; show version | include ersion cisco Nexus9000 C9372PX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I5(2) System version: 7.0(3)I5(2) cumm111-0b05es63# weylin From: Pico Leto Date: Friday, February 9, 2018 at 12:17 AM To: Weylin Piegorsch Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Role Privileges for Nexus 9k Hi, I'm definitely running NX-OS however running the debug under cisco-xr gives me better results, with the exception that the end of run isn't found $ rancid -t cisco-xr -d host.xx. loadtype: device type cisco-xr loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt no-timestamp;admin show version;admin show install summary;admin show license udi;admin show license;admin show variables boot;admin show hw-module fpd location all;show redundancy secondary;show install active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin show running;show running-config" host.xx. PROMPT MATCH: host.xx# HIT COMMAND:host.xx# terminal no-timestamp In RunCommand: host.xx# terminal no-timestamp HIT COMMAND:host.xx# terminal exec prompt no-timestamp In RunCommand: host.xx# terminal exec prompt no-timestamp HIT COMMAND:host.xx# admin show version In ShowVersion: host.xx# admin show version HIT COMMAND:host.xx# admin show install summary In ShowInstallSummary: host.xx# admin show install summary HIT COMMAND:host.xx# admin show license u In ShowLicense: host.xx# admin show license udi HIT COMMAND:host.xx# admin show license In ShowLicense: host.xx# admin show license HIT COMMAND:host.xx# admin show variables boot In ShowBootVar: host.xx# admin show variables boot HIT COMMAND:host.xx# admin show hw-module fpd location all In ShowRunning: host.xx# admin show hw-module fpd location all HIT COMMAND:host.xx# show redundancy secondary In ShowRedundancy: host.xx# show redundancy secondary HIT COMMAND:host.xx# show install active In ShowInstallActive: host.xx# show install active HIT COMMAND:host.xx# admin show env all In ShowEnv: host.xx# admin show env all HIT COMMAND:host.xx# dir /all nvram: In DirSlotN: host.xx# dir /all nvram: HIT COMMAND:host.xx# dir /all bootflash: In DirSlotN: host.xx# dir /all bootflash: HIT COMMAND:host.xx# dir /all compactflash: In DirSlotN: host.xx# dir /all compactflash: HIT COMMAND:host.xx# dir /all compactflasha: In DirSlotN: host.xx# dir /all compactflasha: HIT COMMAND:host.xx# dir /all slot0: In DirSlotN: host.xx# dir /all slot0: HIT COMMAND:host.xx# dir /all disk0: In DirSlotN: host.xx# dir /all disk0: HIT COMMAND:host.xx# dir /all disk0a: In DirSlotN: host.xx# dir /all disk0a: HIT COMMAND:host.xx# dir /all slot1: In DirSlotN: host.xx# dir /all slot1: HIT COMMAND:host.xx# dir /all disk1: In DirSlotN: host.xx# dir /all disk1: HIT COMMAND:host.xx# dir /all disk1a: In DirSlotN: host.xx# dir /all disk1a: HIT COMMAND:host.xx# dir /all slot2: In DirSlotN: host.xx# dir /all slot2: HIT COMMAND:host.xx# dir /all disk2: In DirSlotN: host.xx# dir /all disk2: HIT COMMAND:host.xx# dir /all harddisk: In DirSlotN: host.xx# dir /all harddisk: HIT COMMAND:host.xx# dir /all harddiska: In DirSlotN: host.xx# dir /all harddiska: HIT COMMAND:host.xx# dir /all harddiskb: In DirSlotN: host.xx# dir /all harddiskb: HIT COMMAND:host.xx# show controllers In ShowContAll: host.xx# show controllers HIT COMMAND:host.xx# admin show diag In ShowDiag: host.xx# admin show diag HIT COMMAND:host.xx# admin show inventory raw In ShowInventory: host.xx# admin show inventory raw HIT COMMAND:host.xx# show vlan In ShowVLAN: host.xx# show vlan HIT COMMAND:host.xx# show debug In ShowDebug: host.xx# show debug HIT COMMAND:host.xx# show rpl maximum In ShowRPL: host.xx# show rpl maximum HIT COMMAND:host.xx# admin show running In ShowRunning: host.xx# admin show running HIT COMMAND:host.xx# show running-config In WriteTerm: host.xx# show running-config host.xx.: End of run not found host.xx.: found_end is false On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William > wrote: Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices. weylin From: Pico Leto > Date: Wednesday, February 7, 2018 at 2:05 PM To: > Subject: [rancid] Role Privileges for Nexus 9k Hi, I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'. The command is actually available however you have to be in config term mode to see the output. Role: rancid Description: rancid restricted access Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 4 permit command dir * 3 permit command show * 2 permit command terminal * 1 permit command show running-config Debug: rancid -t cisco-nx -d host.xx.xx loadtype: device type cisco-nx loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx PROMPT MATCH: host.xx# HIT COMMAND:host.xx# term no monitor-force In RunCommand: host.xx# term no monitor-force HIT COMMAND:host.xx# show version In ShowVersion: host.xx# show version TYPE = NXOS HIT COMMAND:host.xx# show version build-info all In ShowVersionBuild: host.xx# show version build-info all HIT COMMAND:host.xx# show license In ShowLicense: host.xx# show license HIT COMMAND:host.xx# show license usage In ShowLicense: host.xx# show license usage HIT COMMAND:host.xx# show license host.xx.xx-id In ShowLicense: host.xx# show license host.xx.xx-id HIT COMMAND:host.xx# show system redundancy status In ShowRedundancy: host.xx# show system redundancy status host.xx.xx: show system redundancy status failed: -1 host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex host.xx.xx: End of run not found host.xx.xx: clean_run is false host.xx.xx: found_end is false -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at comscore.com Fri Feb 9 17:58:44 2018 From: cgauthier at comscore.com (Gauthier, Chris) Date: Fri, 9 Feb 2018 17:58:44 +0000 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: <71E0C8F7-6A69-472E-AC5B-EC6F543E8C11@bu.edu> References: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> <71E0C8F7-6A69-472E-AC5B-EC6F543E8C11@bu.edu> Message-ID: Or just run ?show inventory? Chris Gauthier Senior Network Engineer | comScore, Inc. t +1 (503) 331-2704 | cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland, OR 97204 United States comscore.com ???This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender. From: Rancid-discuss on behalf of "Piegorsch, Weylin William" Date: Thursday, February 8, 2018 at 9:54 PM To: Pico Leto Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Role Privileges for Nexus 9k If it?s made by Cisco and its running NX-OS, it can?t be an ASR9k: https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html (The non-advertised thing is that UCS also runs NX-OS under the hood.) If it?s a ?C93108TC-EX?, then it?s likely a Nexus 93108TC-EX: https://www.cisco.com/c/en/us/support/switches/nexus-93108tc-ex-switch/model.html Are you running it in ACI or NXOS mode? Actually nevermind, 7-point-anything is non-ACI. To make certain about the hardware type, can you do a ?show version | include hassis ; show version | inc ersion? (yes, with those first letters missing to avoid capitalization issues) and send the output? This is what I get one of my ASR 9k: RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show version | include ersion #sh ver | include hassis Fri Feb 9 00:36:45.478 EST ASR-9001 Chassis #show ver | inc ersion Fri Feb 9 00:36:53.058 EST Cisco IOS XR Software, Version 5.3.3[Default] ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON], RP/0/RSP0/CPU0:Comm595-bdr-gw01# And one of my Nexus 9k: cumm111-0b05es63# show version | include hassis ; show version | include ersion cisco Nexus9000 C9372PX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I5(2) System version: 7.0(3)I5(2) cumm111-0b05es63# weylin From: Pico Leto Date: Friday, February 9, 2018 at 12:17 AM To: Weylin Piegorsch Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Role Privileges for Nexus 9k Hi, I'm definitely running NX-OS however running the debug under cisco-xr gives me better results, with the exception that the end of run isn't found $ rancid -t cisco-xr -d host.xx. loadtype: device type cisco-xr loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt no-timestamp;admin show version;admin show install summary;admin show license udi;admin show license;admin show variables boot;admin show hw-module fpd location all;show redundancy secondary;show install active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin show running;show running-config" host.xx. PROMPT MATCH: host.xx# HIT COMMAND:host.xx# terminal no-timestamp In RunCommand: host.xx# terminal no-timestamp HIT COMMAND:host.xx# terminal exec prompt no-timestamp In RunCommand: host.xx# terminal exec prompt no-timestamp HIT COMMAND:host.xx# admin show version In ShowVersion: host.xx# admin show version HIT COMMAND:host.xx# admin show install summary In ShowInstallSummary: host.xx# admin show install summary HIT COMMAND:host.xx# admin show license u In ShowLicense: host.xx# admin show license udi HIT COMMAND:host.xx# admin show license In ShowLicense: host.xx# admin show license HIT COMMAND:host.xx# admin show variables boot In ShowBootVar: host.xx# admin show variables boot HIT COMMAND:host.xx# admin show hw-module fpd location all In ShowRunning: host.xx# admin show hw-module fpd location all HIT COMMAND:host.xx# show redundancy secondary In ShowRedundancy: host.xx# show redundancy secondary HIT COMMAND:host.xx# show install active In ShowInstallActive: host.xx# show install active HIT COMMAND:host.xx# admin show env all In ShowEnv: host.xx# admin show env all HIT COMMAND:host.xx# dir /all nvram: In DirSlotN: host.xx# dir /all nvram: HIT COMMAND:host.xx# dir /all bootflash: In DirSlotN: host.xx# dir /all bootflash: HIT COMMAND:host.xx# dir /all compactflash: In DirSlotN: host.xx# dir /all compactflash: HIT COMMAND:host.xx# dir /all compactflasha: In DirSlotN: host.xx# dir /all compactflasha: HIT COMMAND:host.xx# dir /all slot0: In DirSlotN: host.xx# dir /all slot0: HIT COMMAND:host.xx# dir /all disk0: In DirSlotN: host.xx# dir /all disk0: HIT COMMAND:host.xx# dir /all disk0a: In DirSlotN: host.xx# dir /all disk0a: HIT COMMAND:host.xx# dir /all slot1: In DirSlotN: host.xx# dir /all slot1: HIT COMMAND:host.xx# dir /all disk1: In DirSlotN: host.xx# dir /all disk1: HIT COMMAND:host.xx# dir /all disk1a: In DirSlotN: host.xx# dir /all disk1a: HIT COMMAND:host.xx# dir /all slot2: In DirSlotN: host.xx# dir /all slot2: HIT COMMAND:host.xx# dir /all disk2: In DirSlotN: host.xx# dir /all disk2: HIT COMMAND:host.xx# dir /all harddisk: In DirSlotN: host.xx# dir /all harddisk: HIT COMMAND:host.xx# dir /all harddiska: In DirSlotN: host.xx# dir /all harddiska: HIT COMMAND:host.xx# dir /all harddiskb: In DirSlotN: host.xx# dir /all harddiskb: HIT COMMAND:host.xx# show controllers In ShowContAll: host.xx# show controllers HIT COMMAND:host.xx# admin show diag In ShowDiag: host.xx# admin show diag HIT COMMAND:host.xx# admin show inventory raw In ShowInventory: host.xx# admin show inventory raw HIT COMMAND:host.xx# show vlan In ShowVLAN: host.xx# show vlan HIT COMMAND:host.xx# show debug In ShowDebug: host.xx# show debug HIT COMMAND:host.xx# show rpl maximum In ShowRPL: host.xx# show rpl maximum HIT COMMAND:host.xx# admin show running In ShowRunning: host.xx# admin show running HIT COMMAND:host.xx# show running-config In WriteTerm: host.xx# show running-config host.xx.: End of run not found host.xx.: found_end is false On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William > wrote: Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices. weylin From: Pico Leto > Date: Wednesday, February 7, 2018 at 2:05 PM To: > Subject: [rancid] Role Privileges for Nexus 9k Hi, I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'. The command is actually available however you have to be in config term mode to see the output. Role: rancid Description: rancid restricted access Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 4 permit command dir * 3 permit command show * 2 permit command terminal * 1 permit command show running-config Debug: rancid -t cisco-nx -d host.xx.xx loadtype: device type cisco-nx loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx PROMPT MATCH: host.xx# HIT COMMAND:host.xx# term no monitor-force In RunCommand: host.xx# term no monitor-force HIT COMMAND:host.xx# show version In ShowVersion: host.xx# show version TYPE = NXOS HIT COMMAND:host.xx# show version build-info all In ShowVersionBuild: host.xx# show version build-info all HIT COMMAND:host.xx# show license In ShowLicense: host.xx# show license HIT COMMAND:host.xx# show license usage In ShowLicense: host.xx# show license usage HIT COMMAND:host.xx# show license host.xx.xx-id In ShowLicense: host.xx# show license host.xx.xx-id HIT COMMAND:host.xx# show system redundancy status In ShowRedundancy: host.xx# show system redundancy status host.xx.xx: show system redundancy status failed: -1 host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex host.xx.xx: End of run not found host.xx.xx: clean_run is false host.xx.xx: found_end is false -------------- next part -------------- An HTML attachment was scrubbed... URL: From picoleto420 at gmail.com Mon Feb 12 16:38:29 2018 From: picoleto420 at gmail.com (Pico Leto) Date: Mon, 12 Feb 2018 08:38:29 -0800 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: References: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> <71E0C8F7-6A69-472E-AC5B-EC6F543E8C11@bu.edu> Message-ID: Show inventory is below: sw1# show version | include hassis ; show version | include ersion cisco Nexus9000 C93108TC-EX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I4(4) System version: 7.0(3)I5(1) # show inventory NAME: "Chassis", DESCR: "Nexus9000 C93108TC-EX chassis" PID: N9K-C93108TC-EX , VID: V01 , SN: FDO20261CKV NAME: "Slot 1", DESCR: "48x10GT + 6x40G/100G Ethernet Module" PID: N9K-C93108TC-EX , VID: V01 , SN: FDO20261CKV NAME: "Power Supply 1", DESCR: "Nexus9000 C93108TC-EX chassis Power Supply" PID: NXA-PAC-650W-PE , VID: V01 , SN: LIT20130ZDY NAME: "Power Supply 2", DESCR: "Nexus9000 C93108TC-EX chassis Power Supply" PID: NXA-PAC-650W-PE , VID: V01 , SN: LIT20130ZDU NAME: "Fan 1", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 2", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 3", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 4", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A On Fri, Feb 9, 2018 at 9:58 AM, Gauthier, Chris wrote: > Or just run ?show inventory? > > > Chris Gauthier Senior Network Engineer | comScore, Inc. > t +1 *(503) 331-2704* <(503)%20331-2704> | > *cgauthier at comscore.com* > 317 > > SW > > Alder > > Street, > > Suite > > 700 > > | > > Portland, > > OR > > 97204 > > United > > States > > *comscore.com* > ???This e-mail (including any attachments) may contain information that is > private, confidential, or protected by attorney-client or other privilege. > If you received this e-mail in error, please delete it from your system and > notify sender. > > > *From: *Rancid-discuss on behalf > of "Piegorsch, Weylin William" > *Date: *Thursday, February 8, 2018 at 9:54 PM > *To: *Pico Leto > > *Cc: *"rancid-discuss at shrubbery.net" > *Subject: *Re: [rancid] Role Privileges for Nexus 9k > > > > If it?s made by Cisco and its running NX-OS, it can?t be an ASR9k: > > https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html > > (The non-advertised thing is that UCS also runs NX-OS under the hood.) > > > > If it?s a ?C93108TC-EX?, then it?s likely a Nexus 93108TC-EX: > > https://www.cisco.com/c/en/us/support/switches/nexus- > 93108tc-ex-switch/model.html > > > > Are you running it in ACI or NXOS mode? Actually nevermind, > 7-point-anything is non-ACI. > > > > > > > > To make certain about the hardware type, can you do a ?show version | > include hassis ; show version | inc ersion? (yes, with those first letters > missing to avoid capitalization issues) and send the output? This is what > I get one of my ASR 9k: > > > > > > > > RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show > version | include ersion > > #sh ver | include hassis > > > > Fri Feb 9 00:36:45.478 EST > > ASR-9001 Chassis > > > > #show ver | inc ersion > > > > Fri Feb 9 00:36:53.058 EST > > Cisco IOS XR Software, Version 5.3.3[Default] > > ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON], > > RP/0/RSP0/CPU0:Comm595-bdr-gw01# > > > > > > > > And one of my Nexus 9k: > > > > > > > > cumm111-0b05es63# *show version | include hassis ; show version | include > ersion* > > cisco Nexus9000 C9372PX chassis > > the GNU General Public License (GPL) version 2.0 or > > GNU General Public License (GPL) version 3.0 or the GNU > > Lesser General Public License (LGPL) Version 2.1 or > > Lesser General Public License (LGPL) Version 2.0. > > BIOS: version 07.59 > > NXOS: version 7.0(3)I5(2) > > System version: 7.0(3)I5(2) > > cumm111-0b05es63# > > > > > > > > weylin > > > > *From: *Pico Leto > *Date: *Friday, February 9, 2018 at 12:17 AM > *To: *Weylin Piegorsch > *Cc: *"rancid-discuss at shrubbery.net" > *Subject: *Re: [rancid] Role Privileges for Nexus 9k > > > > Hi, > > > > I'm definitely running NX-OS however running the debug under cisco-xr > gives me better results, with the exception that the end of run isn't found > > > > $ rancid -t cisco-xr -d host.xx. > > loadtype: device type cisco-xr > > loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid. > types.base > > executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt > no-timestamp;admin show version;admin show install summary;admin show > license udi;admin show license;admin show variables boot;admin show > hw-module fpd location all;show redundancy secondary;show install > active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all > compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir > /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all > slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all > harddiskb:;show controllers;admin show diag;admin show inventory raw;show > vlan;show debug;show rpl maximum;admin show running;show running-config" > host.xx. > > PROMPT MATCH: host.xx# > > HIT COMMAND:host.xx# terminal no-timestamp > > In RunCommand: host.xx# terminal no-timestamp > > HIT COMMAND:host.xx# terminal exec prompt no-timestamp > > In RunCommand: host.xx# terminal exec prompt no-timestamp > > HIT COMMAND:host.xx# admin show version > > In ShowVersion: host.xx# admin show version > > HIT COMMAND:host.xx# admin show install summary > > In ShowInstallSummary: host.xx# admin show install summary > > HIT COMMAND:host.xx# admin show license u > > In ShowLicense: host.xx# admin show license udi > > HIT COMMAND:host.xx# admin show license > > In ShowLicense: host.xx# admin show license > > HIT COMMAND:host.xx# admin show variables boot > > In ShowBootVar: host.xx# admin show variables boot > > HIT COMMAND:host.xx# admin show hw-module fpd location all > > In ShowRunning: host.xx# admin show hw-module fpd location all > > HIT COMMAND:host.xx# show redundancy secondary > > In ShowRedundancy: host.xx# show redundancy secondary > > HIT COMMAND:host.xx# show install active > > In ShowInstallActive: host.xx# show install active > > HIT COMMAND:host.xx# admin show env all > > In ShowEnv: host.xx# admin show env all > > HIT COMMAND:host.xx# dir /all nvram: > > In DirSlotN: host.xx# dir /all nvram: > > HIT COMMAND:host.xx# dir /all bootflash: > > In DirSlotN: host.xx# dir /all bootflash: > > HIT COMMAND:host.xx# dir /all compactflash: > > In DirSlotN: host.xx# dir /all compactflash: > > HIT COMMAND:host.xx# dir /all compactflasha: > > In DirSlotN: host.xx# dir /all compactflasha: > > HIT COMMAND:host.xx# dir /all slot0: > > In DirSlotN: host.xx# dir /all slot0: > > HIT COMMAND:host.xx# dir /all disk0: > > In DirSlotN: host.xx# dir /all disk0: > > HIT COMMAND:host.xx# dir /all disk0a: > > In DirSlotN: host.xx# dir /all disk0a: > > HIT COMMAND:host.xx# dir /all slot1: > > In DirSlotN: host.xx# dir /all slot1: > > HIT COMMAND:host.xx# dir /all disk1: > > In DirSlotN: host.xx# dir /all disk1: > > HIT COMMAND:host.xx# dir /all disk1a: > > In DirSlotN: host.xx# dir /all disk1a: > > HIT COMMAND:host.xx# dir /all slot2: > > In DirSlotN: host.xx# dir /all slot2: > > HIT COMMAND:host.xx# dir /all disk2: > > In DirSlotN: host.xx# dir /all disk2: > > HIT COMMAND:host.xx# dir /all harddisk: > > In DirSlotN: host.xx# dir /all harddisk: > > HIT COMMAND:host.xx# dir /all harddiska: > > In DirSlotN: host.xx# dir /all harddiska: > > HIT COMMAND:host.xx# dir /all harddiskb: > > In DirSlotN: host.xx# dir /all harddiskb: > > HIT COMMAND:host.xx# show controllers > > In ShowContAll: host.xx# show controllers > > HIT COMMAND:host.xx# admin show diag > > In ShowDiag: host.xx# admin show diag > > HIT COMMAND:host.xx# admin show inventory raw > > In ShowInventory: host.xx# admin show inventory raw > > HIT COMMAND:host.xx# show vlan > > In ShowVLAN: host.xx# show vlan > > HIT COMMAND:host.xx# show debug > > In ShowDebug: host.xx# show debug > > HIT COMMAND:host.xx# show rpl maximum > > In ShowRPL: host.xx# show rpl maximum > > HIT COMMAND:host.xx# admin show running > > In ShowRunning: host.xx# admin show running > > HIT COMMAND:host.xx# show running-config > > In WriteTerm: host.xx# show running-config > > host.xx.: End of run not found > > host.xx.: found_end is false > > > > > > > > > > On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William > wrote: > > Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it > supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and > UCS devices. > > weylin > > > > *From: *Pico Leto > *Date: *Wednesday, February 7, 2018 at 2:05 PM > *To: * > *Subject: *[rancid] Role Privileges for Nexus 9k > > > > Hi, > > > > I seem to be having some troubles backing up my configs for a ASR9k > (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 > > > > I thought I created the correct role for rancid to run under however my > debug seems to end after 'system redundancy status'. The command is > actually available however you have to be in config term mode to see the > output. > > > > Role: rancid > > Description: rancid restricted access > > Vlan policy: permit (default) > > Interface policy: permit (default) > > Vrf policy: permit (default) > > ------------------------------------------------------------------- > > Rule Perm Type Scope Entity > > ------------------------------------------------------------------- > > 4 permit command dir * > > 3 permit command show * > > 2 permit command terminal * > > 1 permit command show running-config > > > > Debug: > > > > rancid -t cisco-nx -d host.xx.xx > > loadtype: device type cisco-nx > > loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid. > types.base > > executing clogin -t 90 -c"term no monitor-force;show version;show version > build-info all;show license;show license usage;show license > host.xx.xx-id;show system redundancy status;show environment clock;show > environment fan;show environment fex all fan;show environment > temperature;show environment power;show boot;dir bootflash:;dir debug:;dir > logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show > module xbar;show inventory;show vtp status;show vlan;show debug;show cores > vdc-all;show processes log vdc-all;show module fex;show fex;show > running-config" host.xx.xx > > PROMPT MATCH: host.xx# > > HIT COMMAND:host.xx# term no monitor-force > > In RunCommand: host.xx# term no monitor-force > > HIT COMMAND:host.xx# show version > > In ShowVersion: host.xx# show version > > TYPE = NXOS > > HIT COMMAND:host.xx# show version build-info all > > In ShowVersionBuild: host.xx# show version build-info all > > HIT COMMAND:host.xx# show license > > In ShowLicense: host.xx# show license > > HIT COMMAND:host.xx# show license usage > > In ShowLicense: host.xx# show license usage > > HIT COMMAND:host.xx# show license host.xx.xx-id > > In ShowLicense: host.xx# show license host.xx.xx-id > > HIT COMMAND:host.xx# show system redundancy status > > In ShowRedundancy: host.xx# show system redundancy status > > host.xx.xx: show system redundancy status failed: -1 > > host.xx.xx: missed cmd(s): show environment clock, show environment fan, > show environment fex all fan, show environment temperature, show > environment power, show boot, dir bootflash:, dir debug:, dir logflash:, > dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module > xbar, show inventory, show vtp status, show vlan, show debug, show cores > vdc-all, show processes log vdc-all, show module fex, show fex > > host.xx.xx: End of run not found > > host.xx.xx: clean_run is false > > host.xx.xx: found_end is false > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at comscore.com Mon Feb 12 18:35:31 2018 From: cgauthier at comscore.com (Gauthier, Chris) Date: Mon, 12 Feb 2018 18:35:31 +0000 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: References: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> <71E0C8F7-6A69-472E-AC5B-EC6F543E8C11@bu.edu> Message-ID: <271BF591-125C-4618-BBEE-673A75E9362E@comscore.com> So, I ran into some challenges with some commands not working in NX-OS. My solution was, after reading the rancid.types.base file, to create a new profile in rancid.types.conf that was a clone (but with a diff name) of the cisco-nx. There, I altered the commands to suit my environment, but the rancid.types.base was untouched and free to be updated by the developer later (per a comment at the head of the rancid.types.base file). Give that a try. It will take some debugging to find the right subset of commands for you, but it?s the most effective solution I can think of. --Chris Chris Gauthier Senior Network Engineer | comScore, Inc. t +1 (503) 331-2704 | cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland, OR 97204 United States comscore.com ???This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender. From: Pico Leto Date: Monday, February 12, 2018 at 8:39 AM To: "Gauthier, Chris" Cc: "Piegorsch, Weylin William" , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Role Privileges for Nexus 9k Show inventory is below: sw1# show version | include hassis ; show version | include ersion cisco Nexus9000 C93108TC-EX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I4(4) System version: 7.0(3)I5(1) # show inventory NAME: "Chassis", DESCR: "Nexus9000 C93108TC-EX chassis" PID: N9K-C93108TC-EX , VID: V01 , SN: FDO20261CKV NAME: "Slot 1", DESCR: "48x10GT + 6x40G/100G Ethernet Module" PID: N9K-C93108TC-EX , VID: V01 , SN: FDO20261CKV NAME: "Power Supply 1", DESCR: "Nexus9000 C93108TC-EX chassis Power Supply" PID: NXA-PAC-650W-PE , VID: V01 , SN: LIT20130ZDY NAME: "Power Supply 2", DESCR: "Nexus9000 C93108TC-EX chassis Power Supply" PID: NXA-PAC-650W-PE , VID: V01 , SN: LIT20130ZDU NAME: "Fan 1", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 2", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 3", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 4", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A On Fri, Feb 9, 2018 at 9:58 AM, Gauthier, Chris > wrote: Or just run ?show inventory? Chris Gauthier Senior Network Engineer | comScore, Inc. t +1 (503) 331-2704 | cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland, OR 97204 United States comscore.com ???This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender. From: Rancid-discuss > on behalf of "Piegorsch, Weylin William" > Date: Thursday, February 8, 2018 at 9:54 PM To: Pico Leto > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Role Privileges for Nexus 9k If it?s made by Cisco and its running NX-OS, it can?t be an ASR9k: https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html (The non-advertised thing is that UCS also runs NX-OS under the hood.) If it?s a ?C93108TC-EX?, then it?s likely a Nexus 93108TC-EX: https://www.cisco.com/c/en/us/support/switches/nexus-93108tc-ex-switch/model.html Are you running it in ACI or NXOS mode? Actually nevermind, 7-point-anything is non-ACI. To make certain about the hardware type, can you do a ?show version | include hassis ; show version | inc ersion? (yes, with those first letters missing to avoid capitalization issues) and send the output? This is what I get one of my ASR 9k: RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show version | include ersion #sh ver | include hassis Fri Feb 9 00:36:45.478 EST ASR-9001 Chassis #show ver | inc ersion Fri Feb 9 00:36:53.058 EST Cisco IOS XR Software, Version 5.3.3[Default] ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON], RP/0/RSP0/CPU0:Comm595-bdr-gw01# And one of my Nexus 9k: cumm111-0b05es63# show version | include hassis ; show version | include ersion cisco Nexus9000 C9372PX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I5(2) System version: 7.0(3)I5(2) cumm111-0b05es63# weylin From: Pico Leto > Date: Friday, February 9, 2018 at 12:17 AM To: Weylin Piegorsch > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Role Privileges for Nexus 9k Hi, I'm definitely running NX-OS however running the debug under cisco-xr gives me better results, with the exception that the end of run isn't found $ rancid -t cisco-xr -d host.xx. loadtype: device type cisco-xr loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt no-timestamp;admin show version;admin show install summary;admin show license udi;admin show license;admin show variables boot;admin show hw-module fpd location all;show redundancy secondary;show install active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin show running;show running-config" host.xx. PROMPT MATCH: host.xx# HIT COMMAND:host.xx# terminal no-timestamp In RunCommand: host.xx# terminal no-timestamp HIT COMMAND:host.xx# terminal exec prompt no-timestamp In RunCommand: host.xx# terminal exec prompt no-timestamp HIT COMMAND:host.xx# admin show version In ShowVersion: host.xx# admin show version HIT COMMAND:host.xx# admin show install summary In ShowInstallSummary: host.xx# admin show install summary HIT COMMAND:host.xx# admin show license u In ShowLicense: host.xx# admin show license udi HIT COMMAND:host.xx# admin show license In ShowLicense: host.xx# admin show license HIT COMMAND:host.xx# admin show variables boot In ShowBootVar: host.xx# admin show variables boot HIT COMMAND:host.xx# admin show hw-module fpd location all In ShowRunning: host.xx# admin show hw-module fpd location all HIT COMMAND:host.xx# show redundancy secondary In ShowRedundancy: host.xx# show redundancy secondary HIT COMMAND:host.xx# show install active In ShowInstallActive: host.xx# show install active HIT COMMAND:host.xx# admin show env all In ShowEnv: host.xx# admin show env all HIT COMMAND:host.xx# dir /all nvram: In DirSlotN: host.xx# dir /all nvram: HIT COMMAND:host.xx# dir /all bootflash: In DirSlotN: host.xx# dir /all bootflash: HIT COMMAND:host.xx# dir /all compactflash: In DirSlotN: host.xx# dir /all compactflash: HIT COMMAND:host.xx# dir /all compactflasha: In DirSlotN: host.xx# dir /all compactflasha: HIT COMMAND:host.xx# dir /all slot0: In DirSlotN: host.xx# dir /all slot0: HIT COMMAND:host.xx# dir /all disk0: In DirSlotN: host.xx# dir /all disk0: HIT COMMAND:host.xx# dir /all disk0a: In DirSlotN: host.xx# dir /all disk0a: HIT COMMAND:host.xx# dir /all slot1: In DirSlotN: host.xx# dir /all slot1: HIT COMMAND:host.xx# dir /all disk1: In DirSlotN: host.xx# dir /all disk1: HIT COMMAND:host.xx# dir /all disk1a: In DirSlotN: host.xx# dir /all disk1a: HIT COMMAND:host.xx# dir /all slot2: In DirSlotN: host.xx# dir /all slot2: HIT COMMAND:host.xx# dir /all disk2: In DirSlotN: host.xx# dir /all disk2: HIT COMMAND:host.xx# dir /all harddisk: In DirSlotN: host.xx# dir /all harddisk: HIT COMMAND:host.xx# dir /all harddiska: In DirSlotN: host.xx# dir /all harddiska: HIT COMMAND:host.xx# dir /all harddiskb: In DirSlotN: host.xx# dir /all harddiskb: HIT COMMAND:host.xx# show controllers In ShowContAll: host.xx# show controllers HIT COMMAND:host.xx# admin show diag In ShowDiag: host.xx# admin show diag HIT COMMAND:host.xx# admin show inventory raw In ShowInventory: host.xx# admin show inventory raw HIT COMMAND:host.xx# show vlan In ShowVLAN: host.xx# show vlan HIT COMMAND:host.xx# show debug In ShowDebug: host.xx# show debug HIT COMMAND:host.xx# show rpl maximum In ShowRPL: host.xx# show rpl maximum HIT COMMAND:host.xx# admin show running In ShowRunning: host.xx# admin show running HIT COMMAND:host.xx# show running-config In WriteTerm: host.xx# show running-config host.xx.: End of run not found host.xx.: found_end is false On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William > wrote: Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices. weylin From: Pico Leto > Date: Wednesday, February 7, 2018 at 2:05 PM To: > Subject: [rancid] Role Privileges for Nexus 9k Hi, I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'. The command is actually available however you have to be in config term mode to see the output. Role: rancid Description: rancid restricted access Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 4 permit command dir * 3 permit command show * 2 permit command terminal * 1 permit command show running-config Debug: rancid -t cisco-nx -d host.xx.xx loadtype: device type cisco-nx loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx PROMPT MATCH: host.xx# HIT COMMAND:host.xx# term no monitor-force In RunCommand: host.xx# term no monitor-force HIT COMMAND:host.xx# show version In ShowVersion: host.xx# show version TYPE = NXOS HIT COMMAND:host.xx# show version build-info all In ShowVersionBuild: host.xx# show version build-info all HIT COMMAND:host.xx# show license In ShowLicense: host.xx# show license HIT COMMAND:host.xx# show license usage In ShowLicense: host.xx# show license usage HIT COMMAND:host.xx# show license host.xx.xx-id In ShowLicense: host.xx# show license host.xx.xx-id HIT COMMAND:host.xx# show system redundancy status In ShowRedundancy: host.xx# show system redundancy status host.xx.xx: show system redundancy status failed: -1 host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex host.xx.xx: End of run not found host.xx.xx: clean_run is false host.xx.xx: found_end is false -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Mon Feb 12 19:05:45 2018 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Mon, 12 Feb 2018 19:05:45 +0000 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: References: <3952269D-4B2B-468B-B4CF-4F7AB9E11711@bu.edu> <71E0C8F7-6A69-472E-AC5B-EC6F543E8C11@bu.edu> Message-ID: <726A122B-9289-4042-9F9E-B0E54DC76C27@bu.edu> Hi Pico, (Also, read Chris?s reply.) Thanks; so, we?re dealing with a Nexus 9k, and basically the same version NX-OS I have running on my N9k. Therefor, cisco-nx is the correct type. In reading further into the details of what you posted, you said rancid was having an issue with the command ?system redundancy status?. I checked, and I also don?t have this command: cumm111-0b05es63# system red? ^ % Invalid command at '^' marker. cumm111-0b05es63# system red Then I dug further and I realized you?re talking ?show system redundancy status?: cumm111-0b05es63# show system redundancy status Redundancy mode --------------- administrative: HA operational: None This supervisor (sup-1) ----------------------- Redundancy state: Active, SC not present Supervisor state: Active Internal state: Active with no standby Other supervisor (sup-1) ------------------------ Redundancy state: Not present cumm111-0b05es63# Since ?rule 3 permit command show *? is already included in your role definition, I might suggest this: 1. Log in as a user whose role is ?rancid?, run the command, and see what the output is. 2. If you?re having an issue running the command, open a TAC case. 3. If the command runs just fine from the CLI when role=rancid, that?s something for this list. You can verify the role the account has through the command ?show user-account ?. there will be a line ?roles:? that will show all the roles applied to your account (see yellow highlighting below). Be mindful of other roles the user has; a ?deny? statement in one of the other role definitions might possibly cause this. Also, if there?s a AAA server (RADIUS, Tacacs+, LDAP? possibly Kerberos or AD but I?m not sure those are supported), the AAA server might also have some server-side config blocking successful execution (server-side AAA is how I enforce this kind of policy on rancid). cumm111-0b05es63# show user-account weylin user:weylin roles:network-admin vdc-admin account created through REMOTE authentication Credentials such as ssh server key will be cached temporarily only for this user account Local login not possible cumm111-0b05es63# Weylin From: Pico Leto Date: Monday, February 12, 2018 at 11:39 AM To: "Gauthier, Chris" Cc: Weylin Piegorsch , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Role Privileges for Nexus 9k Show inventory is below: sw1# show version | include hassis ; show version | include ersion cisco Nexus9000 C93108TC-EX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I4(4) System version: 7.0(3)I5(1) # show inventory NAME: "Chassis", DESCR: "Nexus9000 C93108TC-EX chassis" PID: N9K-C93108TC-EX , VID: V01 , SN: FDO20261CKV NAME: "Slot 1", DESCR: "48x10GT + 6x40G/100G Ethernet Module" PID: N9K-C93108TC-EX , VID: V01 , SN: FDO20261CKV NAME: "Power Supply 1", DESCR: "Nexus9000 C93108TC-EX chassis Power Supply" PID: NXA-PAC-650W-PE , VID: V01 , SN: LIT20130ZDY NAME: "Power Supply 2", DESCR: "Nexus9000 C93108TC-EX chassis Power Supply" PID: NXA-PAC-650W-PE , VID: V01 , SN: LIT20130ZDU NAME: "Fan 1", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 2", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 3", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A NAME: "Fan 4", DESCR: "Nexus9000 C93108TC-EX chassis Fan Module" PID: NXA-FAN-30CFM-F , VID: V01 , SN: N/A On Fri, Feb 9, 2018 at 9:58 AM, Gauthier, Chris > wrote: Or just run ?show inventory? Chris Gauthier Senior Network Engineer | comScore, Inc. t +1 (503) 331-2704 | cgauthier at comscore.com 317 SW Alder Street, Suite 700 | Portland, OR 97204 United States comscore.com ???This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender. From: Rancid-discuss > on behalf of "Piegorsch, Weylin William" > Date: Thursday, February 8, 2018 at 9:54 PM To: Pico Leto > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Role Privileges for Nexus 9k If it?s made by Cisco and its running NX-OS, it can?t be an ASR9k: https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html (The non-advertised thing is that UCS also runs NX-OS under the hood.) If it?s a ?C93108TC-EX?, then it?s likely a Nexus 93108TC-EX: https://www.cisco.com/c/en/us/support/switches/nexus-93108tc-ex-switch/model.html Are you running it in ACI or NXOS mode? Actually nevermind, 7-point-anything is non-ACI. To make certain about the hardware type, can you do a ?show version | include hassis ; show version | inc ersion? (yes, with those first letters missing to avoid capitalization issues) and send the output? This is what I get one of my ASR 9k: RP/0/RSP0/CPU0:Comm595-bdr-gw01#show version | include hassis ; show version | include ersion #sh ver | include hassis Fri Feb 9 00:36:45.478 EST ASR-9001 Chassis #show ver | inc ersion Fri Feb 9 00:36:53.058 EST Cisco IOS XR Software, Version 5.3.3[Default] ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON], RP/0/RSP0/CPU0:Comm595-bdr-gw01# And one of my Nexus 9k: cumm111-0b05es63# show version | include hassis ; show version | include ersion cisco Nexus9000 C9372PX chassis the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. BIOS: version 07.59 NXOS: version 7.0(3)I5(2) System version: 7.0(3)I5(2) cumm111-0b05es63# weylin From: Pico Leto > Date: Friday, February 9, 2018 at 12:17 AM To: Weylin Piegorsch > Cc: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Role Privileges for Nexus 9k Hi, I'm definitely running NX-OS however running the debug under cisco-xr gives me better results, with the exception that the end of run isn't found $ rancid -t cisco-xr -d host.xx. loadtype: device type cisco-xr loadtype: found device type cisco-xr in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"terminal no-timestamp;terminal exec prompt no-timestamp;admin show version;admin show install summary;admin show license udi;admin show license;admin show variables boot;admin show hw-module fpd location all;show redundancy secondary;show install active;admin show env all;dir /all nvram:;dir /all bootflash:;dir /all compactflash:;dir /all compactflasha:;dir /all slot0:;dir /all disk0:;dir /all disk0a:;dir /all slot1:;dir /all disk1:;dir /all disk1a:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;show controllers;admin show diag;admin show inventory raw;show vlan;show debug;show rpl maximum;admin show running;show running-config" host.xx. PROMPT MATCH: host.xx# HIT COMMAND:host.xx# terminal no-timestamp In RunCommand: host.xx# terminal no-timestamp HIT COMMAND:host.xx# terminal exec prompt no-timestamp In RunCommand: host.xx# terminal exec prompt no-timestamp HIT COMMAND:host.xx# admin show version In ShowVersion: host.xx# admin show version HIT COMMAND:host.xx# admin show install summary In ShowInstallSummary: host.xx# admin show install summary HIT COMMAND:host.xx# admin show license u In ShowLicense: host.xx# admin show license udi HIT COMMAND:host.xx# admin show license In ShowLicense: host.xx# admin show license HIT COMMAND:host.xx# admin show variables boot In ShowBootVar: host.xx# admin show variables boot HIT COMMAND:host.xx# admin show hw-module fpd location all In ShowRunning: host.xx# admin show hw-module fpd location all HIT COMMAND:host.xx# show redundancy secondary In ShowRedundancy: host.xx# show redundancy secondary HIT COMMAND:host.xx# show install active In ShowInstallActive: host.xx# show install active HIT COMMAND:host.xx# admin show env all In ShowEnv: host.xx# admin show env all HIT COMMAND:host.xx# dir /all nvram: In DirSlotN: host.xx# dir /all nvram: HIT COMMAND:host.xx# dir /all bootflash: In DirSlotN: host.xx# dir /all bootflash: HIT COMMAND:host.xx# dir /all compactflash: In DirSlotN: host.xx# dir /all compactflash: HIT COMMAND:host.xx# dir /all compactflasha: In DirSlotN: host.xx# dir /all compactflasha: HIT COMMAND:host.xx# dir /all slot0: In DirSlotN: host.xx# dir /all slot0: HIT COMMAND:host.xx# dir /all disk0: In DirSlotN: host.xx# dir /all disk0: HIT COMMAND:host.xx# dir /all disk0a: In DirSlotN: host.xx# dir /all disk0a: HIT COMMAND:host.xx# dir /all slot1: In DirSlotN: host.xx# dir /all slot1: HIT COMMAND:host.xx# dir /all disk1: In DirSlotN: host.xx# dir /all disk1: HIT COMMAND:host.xx# dir /all disk1a: In DirSlotN: host.xx# dir /all disk1a: HIT COMMAND:host.xx# dir /all slot2: In DirSlotN: host.xx# dir /all slot2: HIT COMMAND:host.xx# dir /all disk2: In DirSlotN: host.xx# dir /all disk2: HIT COMMAND:host.xx# dir /all harddisk: In DirSlotN: host.xx# dir /all harddisk: HIT COMMAND:host.xx# dir /all harddiska: In DirSlotN: host.xx# dir /all harddiska: HIT COMMAND:host.xx# dir /all harddiskb: In DirSlotN: host.xx# dir /all harddiskb: HIT COMMAND:host.xx# show controllers In ShowContAll: host.xx# show controllers HIT COMMAND:host.xx# admin show diag In ShowDiag: host.xx# admin show diag HIT COMMAND:host.xx# admin show inventory raw In ShowInventory: host.xx# admin show inventory raw HIT COMMAND:host.xx# show vlan In ShowVLAN: host.xx# show vlan HIT COMMAND:host.xx# show debug In ShowDebug: host.xx# show debug HIT COMMAND:host.xx# show rpl maximum In ShowRPL: host.xx# show rpl maximum HIT COMMAND:host.xx# admin show running In ShowRunning: host.xx# admin show running HIT COMMAND:host.xx# show running-config In WriteTerm: host.xx# show running-config host.xx.: End of run not found host.xx.: found_end is false On Thu, Feb 8, 2018 at 1:33 PM, Piegorsch, Weylin William > wrote: Doesn?t ASR9k run IOS XR (rancid type ?ios-xr?)? I didn?t think it supported NX-OS. I?ve only seen NX-OS on Nexus (including N9k), MDS, and UCS devices. weylin From: Pico Leto > Date: Wednesday, February 7, 2018 at 2:05 PM To: > Subject: [rancid] Role Privileges for Nexus 9k Hi, I seem to be having some troubles backing up my configs for a ASR9k (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 I thought I created the correct role for rancid to run under however my debug seems to end after 'system redundancy status'. The command is actually available however you have to be in config term mode to see the output. Role: rancid Description: rancid restricted access Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default) ------------------------------------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 4 permit command dir * 3 permit command show * 2 permit command terminal * 1 permit command show running-config Debug: rancid -t cisco-nx -d host.xx.xx loadtype: device type cisco-nx loadtype: found device type cisco-nx in /usr/local/rancid/etc/rancid.types.base executing clogin -t 90 -c"term no monitor-force;show version;show version build-info all;show license;show license usage;show license host.xx.xx-id;show system redundancy status;show environment clock;show environment fan;show environment fex all fan;show environment temperature;show environment power;show boot;dir bootflash:;dir debug:;dir logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show module xbar;show inventory;show vtp status;show vlan;show debug;show cores vdc-all;show processes log vdc-all;show module fex;show fex;show running-config" host.xx.xx PROMPT MATCH: host.xx# HIT COMMAND:host.xx# term no monitor-force In RunCommand: host.xx# term no monitor-force HIT COMMAND:host.xx# show version In ShowVersion: host.xx# show version TYPE = NXOS HIT COMMAND:host.xx# show version build-info all In ShowVersionBuild: host.xx# show version build-info all HIT COMMAND:host.xx# show license In ShowLicense: host.xx# show license HIT COMMAND:host.xx# show license usage In ShowLicense: host.xx# show license usage HIT COMMAND:host.xx# show license host.xx.xx-id In ShowLicense: host.xx# show license host.xx.xx-id HIT COMMAND:host.xx# show system redundancy status In ShowRedundancy: host.xx# show system redundancy status host.xx.xx: show system redundancy status failed: -1 host.xx.xx: missed cmd(s): show environment clock, show environment fan, show environment fex all fan, show environment temperature, show environment power, show boot, dir bootflash:, dir debug:, dir logflash:, dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module xbar, show inventory, show vtp status, show vlan, show debug, show cores vdc-all, show processes log vdc-all, show module fex, show fex host.xx.xx: End of run not found host.xx.xx: clean_run is false host.xx.xx: found_end is false -------------- next part -------------- An HTML attachment was scrubbed... URL: From hanan.barlevy at three6five.com Thu Feb 15 12:50:50 2018 From: hanan.barlevy at three6five.com (Hanan Barlevy) Date: Thu, 15 Feb 2018 14:50:50 +0200 Subject: [rancid] Rancid and HP procurve Message-ID: Hi, I am using the latest rancid and i was wondering if its compatible with HP procurve switches. Looking though the posts i am getting mixed opinions... -- Hanan Barlevy *Senior Systems Engineer* Tel: 0860 000 365 | Cell: 0724635400 hanan.barlevy at three6five.com | www.three6five.com [image: three6five] -------------- next part -------------- An HTML attachment was scrubbed... URL: From Emmanuel.Halbwachs at obspm.fr Thu Feb 15 13:51:33 2018 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Thu, 15 Feb 2018 14:51:33 +0100 Subject: [rancid] Rancid and HP procurve In-Reply-To: References: Message-ID: <20180215135133.GN6046@funk.lan> Hello, Hanan Barlevy (Thu 2018-02-15 14:50:50 +0200) : > I am using the latest rancid and i was wondering if its compatible with HP > procurve switches. Works fine for me with: J4899B 2650 J4899C 2650 J4900A 2626 J4900B 2626 J4903A 2824 J9019A 2510-24 J9019B 2510B-24 J9020A 2510-48 J9021A 2810-24G J9022A 2810-48G J9145A 2910al-24G J9279A 2510G-24 J9280A 2510G-48 J9772A 2530-48G-PoEP J9775A 2530-48G J9778A 2530-48-PoEP J9779A 2530-24-PoEP J9780A 2530-8-PoEP By the way: thanks a lot heasley and other contributors for this great software. -- Emmanuel Halbwachs Resp. R?seau/S?curit? Observatoire de Paris ? +33 1 45 07 75 54 Paris : 61 av. de l'Observatoire F 75014 PARIS Meudon : 11 (face 32) av. Marcellin Berthelot F 92190 MEUDON From doug.hughes at keystonenap.com Thu Feb 15 13:58:08 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Thu, 15 Feb 2018 08:58:08 -0500 Subject: [rancid] Rancid and HP procurve In-Reply-To: References: Message-ID: <525bbb35-9220-e049-368a-56a1865d1380@keystonenap.com> Yes it is. There's an issue with previous versions of rancid with the hpuifilter that would cause hpuifilter to crash (segfault) after enable owing to the *expletive* expansive and stupid overuse of ANSI characters on aruba console, but its fixed with latest. It would cause the switch to run out of sessions so you couldn't remote login in anymore. I have an open case with HP about this right now as a DOS and I even sent them an expect script to reproduce but they continue to ask silly questions about versions of ssh that are irrelevent. Summary: Yes, it works for me (2920, 2910, 26*) On 2/15/2018 7:50 AM, Hanan Barlevy wrote: > Hi, > > I am using the latest rancid and i was wondering if its compatible > with HP procurve switches. > > Looking though the posts i am getting mixed opinions... > > -- > Hanan Barlevy > > /Senior Systems Engineer/ > > Tel: 0860 000 365?|?Cell:?0724635400 > > hanan.barlevy at three6five.com > ?|?www.three6five.com > ? > ? > ??????????????? > > three6five > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From ko at sv01.de Thu Feb 15 14:14:30 2018 From: ko at sv01.de (Kevin Olbrich) Date: Thu, 15 Feb 2018 15:14:30 +0100 Subject: [rancid] Rancid and HP procurve In-Reply-To: <525bbb35-9220-e049-368a-56a1865d1380@keystonenap.com> References: <525bbb35-9220-e049-368a-56a1865d1380@keystonenap.com> Message-ID: Hi! Interesting! We got some of these models but did not notice a session problem. We are pulling configs every 5 mins. How often do you get these problems? Kind regards, Kevin 2018-02-15 14:58 GMT+01:00 Doug Hughes : > Yes it is. There's an issue with previous versions of rancid with the > hpuifilter that would cause hpuifilter to crash (segfault) after enable > owing to the *expletive* expansive and stupid overuse of ANSI characters on > aruba console, but its fixed with latest. It would cause the switch to run > out of sessions so you couldn't remote login in anymore. I have an open > case with HP about this right now as a DOS and I even sent them an expect > script to reproduce but they continue to ask silly questions about versions > of ssh that are irrelevent. > > Summary: Yes, it works for me (2920, 2910, 26*) > > > > On 2/15/2018 7:50 AM, Hanan Barlevy wrote: > > Hi, > > I am using the latest rancid and i was wondering if its compatible with HP > procurve switches. > > Looking though the posts i am getting mixed opinions... > > -- > Hanan Barlevy > > *Senior Systems Engineer* > > Tel: 0860 000 365 | Cell: 0724635400 > > hanan.barlevy at three6five.com | www.three6five.com > > > > > > [image: three6five] > > > _______________________________________________ > Rancid-discuss mailing listRancid-discuss at shrubbery.nethttp://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > -- > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From doug.hughes at keystonenap.com Thu Feb 15 18:27:59 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Thu, 15 Feb 2018 13:27:59 -0500 Subject: [rancid] Rancid and HP procurve In-Reply-To: References: <525bbb35-9220-e049-368a-56a1865d1380@keystonenap.com> Message-ID: <4419f713-b3f0-dd4b-2c80-cb36ddade3c3@keystonenap.com> To be clear, the problem doesn't exist in 3.8, but the 3.4.1 hpuifilter causes a DOS on 2920 switch, but it's the switch's fault. On 2/15/2018 9:14 AM, Kevin Olbrich wrote: > Hi! > > Interesting! We got some of these models but did not notice a session > problem. > We are pulling configs every 5 mins. How often do you get these problems? > > Kind regards, > Kevin > > 2018-02-15 14:58 GMT+01:00 Doug Hughes >: > > Yes it is. There's an issue with previous versions of rancid with > the hpuifilter that would cause hpuifilter to crash (segfault) > after enable owing to the *expletive* expansive and stupid overuse > of ANSI characters on aruba console, but its fixed with latest. It > would cause the switch to run out of sessions so you couldn't > remote login in anymore. I have an open case with HP about this > right now as a DOS and I even sent them an expect script to > reproduce but they continue to ask silly questions about versions > of ssh that are irrelevent. > > Summary: Yes, it works for me (2920, 2910, 26*) > > > > On 2/15/2018 7:50 AM, Hanan Barlevy wrote: >> Hi, >> >> I am using the latest rancid and i was wondering if its >> compatible with HP procurve switches. >> >> Looking though the posts i am getting mixed opinions... >> >> -- >> Hanan Barlevy >> >> /Senior Systems Engineer/ >> >> Tel: 0860 000 365?|?Cell:?0724635400 >> >> hanan.barlevy at three6five.com >> ?|?www.three6five.com >> ? >> ? >> ??????????????? >> >> three6five >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss >> > > -- > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From heas at shrubbery.net Thu Feb 15 18:33:53 2018 From: heas at shrubbery.net (heasley) Date: Thu, 15 Feb 2018 18:33:53 +0000 Subject: [rancid] Rancid and HP procurve In-Reply-To: <20180215135133.GN6046@funk.lan> References: <20180215135133.GN6046@funk.lan> Message-ID: <20180215183353.GC59312@shrubbery.net> Thu, Feb 15, 2018 at 02:51:33PM +0100, Emmanuel Halbwachs: ... > J9780A 2530-8-PoEP thanks for the list. > By the way: thanks a lot heasley and other contributors for this great > software. Bienvenue. > Observatoire de Paris hey, in use at the Observatory - that's cool. From gmourani at gmail.com Fri Feb 16 14:19:10 2018 From: gmourani at gmail.com (Gerhard Mourani) Date: Fri, 16 Feb 2018 09:19:10 -0500 Subject: [rancid] Fortiweb 400C 5.82 Message-ID: <39C96F08-0F28-4C9E-BF5B-9C45FCC7D41C@gmail.com> Hello, I've a problem again backing up Fortiweb configuration. Rancid 3.7 FortiWeb-400C 5.82,build1375,170622 Debug output: su - rancid -c "fnlogin -d 172.16.207.10" 172.16.207.10 spawn ssh -p 22 -x -l blesk9 172.16.207.10 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {132428} Gate keeper glob pattern for '(Connection refused|Secure connection [^ ]+ refused)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Connection closed by|Connection to [^ ]+ closed)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '(Host key not found |The authenticity of host .* be established)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for 'HOST IDENTIFICATION HAS CHANGED' is 'HOST IDENTIFICATION HAS CHANGED'. Activating booster. Gate keeper glob pattern for 'Offending key for ' is 'Offending key for '. Activating booster. Gate keeper glob pattern for '^warning: remote host denied authentication agent forwarding.' is 'warning: remote host denied authentication agent forwarding?'. Activating booster. Gate keeper glob pattern for '(denied|Sorry)' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '([Ll]ogin):' is '?ogin:'. Activating booster. Gate keeper glob pattern for '@[^ ]+[Pp]assword:' is '@*assword:'. Activating booster. Gate keeper glob pattern for '([Pp]assword|passwd|Enter password for [^ :]+):' is ''. Not usable, disabling the performance booster. expect: does "" (spawn_id exp3) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp3) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp3) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "" (spawn_id exp3) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "" (spawn_id exp3) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "([Ll]ogin):"? Gate "?ogin:"? gate=no "@[^\r\n]+[Pp]assword:"? Gate "@*assword:"? gate=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "[#\$] "? no please input passwd: expect: does "please input passwd:" (spawn_id exp3) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "please input passwd:" (spawn_id exp3) match glob pattern "unknown host\r"? no expect: does "please input passwd:" (spawn_id exp3) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "please input passwd:" (spawn_id exp3) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "please input passwd:" (spawn_id exp3) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "([Ll]ogin):"? Gate "?ogin:"? gate=no "@[^\r\n]+[Pp]assword:"? Gate "@*assword:"? gate=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "passwd:" expect: set expect_out(1,string) "passwd" expect: set expect_out(spawn_id) "exp3" expect: set expect_out(buffer) "please input passwd:" send: sending "M0n1toR1ng$\r" to { exp3 } expect: continuing expect expect: does "" (spawn_id exp3) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "" (spawn_id exp3) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp3) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "" (spawn_id exp3) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "" (spawn_id exp3) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "([Ll]ogin):"? Gate "?ogin:"? gate=no "@[^\r\n]+[Pp]assword:"? Gate "@*assword:"? gate=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "[#\$] "? no expect: does "\r\n" (spawn_id exp3) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "\r\n" (spawn_id exp3) match glob pattern "unknown host\r"? no expect: does "\r\n" (spawn_id exp3) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "\r\n" (spawn_id exp3) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "\r\n" (spawn_id exp3) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "([Ll]ogin):"? Gate "?ogin:"? gate=no "@[^\r\n]+[Pp]assword:"? Gate "@*assword:"? gate=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "[#\$] "? no Fortiweb01 $ expect: does "\r\nFortiweb01 $ " (spawn_id exp3) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? (No Gate, RE only) gate=yes re=no "(Connection closed by|Connection to [^\n\r]+ closed)"? (No Gate, RE only) gate=yes re=no expect: does "\r\nFortiweb01 $ " (spawn_id exp3) match glob pattern "unknown host\r"? no expect: does "\r\nFortiweb01 $ " (spawn_id exp3) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established)"? (No Gate, RE only) gate=yes re=no "HOST IDENTIFICATION HAS CHANGED"? Gate "HOST IDENTIFICATION HAS CHANGED"? gate=no "Offending key for "? Gate "Offending key for "? gate=no expect: does "\r\nFortiweb01 $ " (spawn_id exp3) match regular expression "^warning: remote host denied authentication agent forwarding."? Gate "warning: remote host denied authentication agent forwarding?"? gate=no expect: does "\r\nFortiweb01 $ " (spawn_id exp3) match regular expression "(denied|Sorry)"? (No Gate, RE only) gate=yes re=no "Login failed"? no "([Ll]ogin):"? Gate "?ogin:"? gate=no "@[^\r\n]+[Pp]assword:"? Gate "@*assword:"? gate=no "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) gate=yes re=no "[#\$] "? yes expect: set expect_out(0,string) "$ " expect: set expect_out(spawn_id) "exp3" expect: set expect_out(buffer) "\r\nFortiweb01 $ " send: sending "\r" to { exp3 } Gate keeper glob pattern for '[ ]+' is ''. Not usable, disabling the performance booster. Gate keeper glob pattern for '^(.+[#\$] )' is '* '. Activating booster. expect: does "" (spawn_id exp3) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[#\$] )"? Gate "* "? gate=no Fortiweb01 $ expect: does "\r\r\nFortiweb01 $ " (spawn_id exp3) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp3" expect: set expect_out(buffer) "\r\r\n" expect: continuing expect expect: does "Fortiweb01 $ " (spawn_id exp3) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[#\$] )"? Gate "* "? gate=yes re=yes expect: set expect_out(0,string) "Fortiweb01 $ " expect: set expect_out(1,string) "Fortiweb01 $ " expect: set expect_out(spawn_id) "exp3" expect: set expect_out(buffer) "Fortiweb01 $ " Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From aleksander.vines at nersc.no Mon Feb 19 14:12:43 2018 From: aleksander.vines at nersc.no (Aleksander Vines) Date: Mon, 19 Feb 2018 15:12:43 +0100 Subject: [rancid] Show tech on latest Procurve software Message-ID: <2925748137-2654@mail.nersc.no> Hi all, Is there a way of altering the output of rancid, or which commands it runs, or how the 'diff'ing' works? We seem to have a problem with the latest hp software, where 'show tech transceivers' seems to include a call to 'show time'. Hence it notices a diff in the output timestamp and and it's fairly annoying if you actually want to keep track of changes.? Ref.?https://community.hpe.com/t5/ProCurve-ProVision-Based/Command-behavior-change-in-KB-16-05-0003-5406R-firmware/td-p/6992013 Regards, Aleksander Vines -------------- next part -------------- An HTML attachment was scrubbed... URL: From doug.hughes at keystonenap.com Mon Feb 19 17:06:46 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Mon, 19 Feb 2018 12:06:46 -0500 Subject: [rancid] Show tech on latest Procurve software In-Reply-To: <2925748137-2654@mail.nersc.no> References: <2925748137-2654@mail.nersc.no> Message-ID: <8584bc3c-146d-f907-3a97-7f65433184cd@keystonenap.com> Yes, it's fairly easy to filter out individual lines by editing the filter inside the perl scripts to make them go away. I have done this many, many times. The only trick is that when you upgrade you might lose your change, so save a copy or diff that you can re-apply later. In this case, the place where you'd put the filter is in ~rancid/bin/hrancid in the routine "ShowTechTransceivers" Right at the top where it has 'next if (...)' either above or below that you can add a line that says something like next if (/thing I want to match here/) which will skip that line. On 2/19/2018 9:12 AM, Aleksander Vines wrote: > Hi all, > > Is there a way of altering the output of rancid, or which commands it > runs, or how the 'diff'ing' works? > > We seem to have a problem with the latest hp software, where 'show > tech transceivers' seems to include a call to 'show time'. Hence it > notices a diff in the output timestamp and and it's fairly annoying if > you actually want to keep track of changes.? > > Ref.?https://community.hpe.com/t5/ProCurve-ProVision-Based/Command-behavior-change-in-KB-16-05-0003-5406R-firmware/td-p/6992013 > > Regards, > Aleksander Vines > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From aleksander.vines at nersc.no Tue Feb 20 08:46:21 2018 From: aleksander.vines at nersc.no (Aleksander Vines) Date: Tue, 20 Feb 2018 09:46:21 +0100 Subject: [rancid] Show tech on latest Procurve software In-Reply-To: <8584bc3c-146d-f907-3a97-7f65433184cd@keystonenap.com> Message-ID: <2992750041-5965@mail.nersc.no> That worked perfectly. Thanks for the fast reply. For reference, if anyone else have issues with new procurve software, this is what I added: # This routine parses "show tech transceivers" sub ShowTechTransceivers { ? ? ... ? ? while () { ? ? ? ? ... ? ? ? ? # These next two lines are new ? ? ? ? next if (/[A-Z][a-z][a-z] [A-Z][a-z][a-z] [0-9]+ [0-2][0-9]:[0-5][0-9]:[0-5][0-9] 20[0-9][0-9]/); ? ? ? ? next if (/show time/); ? ? ? ? next if (/^(\s*|\s*$cmd\s*)$/); ? ? ? ? ... } Thanks, Aleksander Vines From: Doug Hughes To: Sent: 2018-02-19 18:06 Subject: Re: [rancid] Show tech on latest Procurve software Yes, it's fairly easy to filter out individual lines by editing the filter inside the perl scripts to make them go away. I have done this many, many times. The only trick is that when you upgrade you might lose your change, so save a copy or diff that you can re-apply later. In this case, the place where you'd put the filter is in ~rancid/bin/hrancid in the routine "ShowTechTransceivers" Right at the top where it has 'next if (...)' either above or below that you can add a line that says something like next if (/thing I want to match here/) which will skip that line. On 2/19/2018 9:12 AM, Aleksander Vines wrote: Hi all, Is there a way of altering the output of rancid, or which commands it runs, or how the 'diff'ing' works? We seem to have a problem with the latest hp software, where 'show tech transceivers' seems to include a call to 'show time'. Hence it notices a diff in the output timestamp and and it's fairly annoying if you actually want to keep track of changes.? Ref.?https://community.hpe.com/t5/ProCurve-ProVision-Based/Command-behavior-change-in-KB-16-05-0003-5406R-firmware/td-p/6992013 Regards, Aleksander Vines _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From m_zouhairy at skno.by Tue Feb 20 08:49:15 2018 From: m_zouhairy at skno.by (Vacheslav) Date: Tue, 20 Feb 2018 11:49:15 +0300 Subject: [rancid] Show tech on latest Procurve software In-Reply-To: <2992750041-5965@mail.nersc.no> References: <8584bc3c-146d-f907-3a97-7f65433184cd@keystonenap.com> <2992750041-5965@mail.nersc.no> Message-ID: <12d901d3aa27$afaa33d0$0efe9b70$@skno.by> Thank you for sharing! Sincerely, Vacheslav From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aleksander Vines Sent: Tuesday, February 20, 2018 11:46 AM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Show tech on latest Procurve software >That worked perfectly. Thanks for the fast reply. >For reference, if anyone else have issues with new procurve software, this is what I added: ># This routine parses "show tech transceivers" ) { ... # These next two lines are new next if (/[A-Z][a-z][a-z] [A-Z][a-z][a-z] [0-9]+ [0-2][0-9]:[0-5][0-9]:[0-5][0-9] 20[0-9][0-9]/); next if (/show time/); next if (/^(\s*|\s*$cmd\s*)$/); ... } >Thanks, Aleksander Vines From: Doug Hughes > To: > Sent: 2018-02-19 18:06 Subject: Re: [rancid] Show tech on latest Procurve software Yes, it's fairly easy to filter out individual lines by editing the filter inside the perl scripts to make them go away. I have done this many, many times. The only trick is that when you upgrade you might lose your change, so save a copy or diff that you can re-apply later. In this case, the place where you'd put the filter is in ~rancid/bin/hrancid in the routine "ShowTechTransceivers" Right at the top where it has 'next if (...)' either above or below that you can add a line that says something like next if (/thing I want to match here/) which will skip that line. On 2/19/2018 9:12 AM, Aleksander Vines wrote: Hi all, Is there a way of altering the output of rancid, or which commands it runs, or how the 'diff'ing' works? We seem to have a problem with the latest hp software, where 'show tech transceivers' seems to include a call to 'show time'. Hence it notices a diff in the output timestamp and and it's fairly annoying if you actually want to keep track of changes. Ref. https://community.hpe.com/t5/ProCurve-ProVision-Based/Command-behavior-change-in-KB-16-05-0003-5406R-firmware/td-p/6992013 Regards, Aleksander Vines _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3476 bytes Desc: not available URL: From Charles.Brooks at hbcs.org Tue Feb 20 17:37:52 2018 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Tue, 20 Feb 2018 17:37:52 +0000 Subject: [rancid] Making variant of cisco ios Message-ID: I have some old cisco ACE devices and have been backing them up with rancid using the normal "cisco" module. I want to add some commands like "show ft group summary" for example, and have the output of those commands show up in rancid diffs, prefixed with exclamation points in the same way that normal "show version" output is. I've done this before by copying a device type definition from /etc/rancid.types.base to /etc/rancid.types.conf and editing it, but in the past I was always removing troublesome commands, not adding new ones. Is there an existing module that I can reference in /etc/rancid.types.conf that simply takes the output from a command and prefixes exclamation points, no fancy special processing? Or do I need to write one? Thanks! --Charlie ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- From heas at shrubbery.net Tue Feb 20 17:49:41 2018 From: heas at shrubbery.net (heasley) Date: Tue, 20 Feb 2018 17:49:41 +0000 Subject: [rancid] Making variant of cisco ios In-Reply-To: References: Message-ID: <20180220174940.GF84936@shrubbery.net> Tue, Feb 20, 2018 at 05:37:52PM +0000, Charles T. Brooks: > I have some old cisco ACE devices and have been backing them up with rancid using the normal "cisco" module. > > I want to add some commands like "show ft group summary" for example, and have the output of those commands show up in rancid diffs, prefixed with exclamation points in the same way that normal "show version" output is. > > I've done this before by copying a device type definition from /etc/rancid.types.base to /etc/rancid.types.conf and editing it, but in the past I was always removing troublesome commands, not adding new ones. > > Is there an existing module that I can reference in /etc/rancid.types.conf that simply takes the output from a command and prefixes exclamation points, no fancy special processing? Or do I need to write one? ios::ShowDetail() does very little. From heas at shrubbery.net Tue Feb 20 18:10:01 2018 From: heas at shrubbery.net (heasley) Date: Tue, 20 Feb 2018 18:10:01 +0000 Subject: [rancid] Show tech on latest Procurve software In-Reply-To: <2992750041-5965@mail.nersc.no> References: <8584bc3c-146d-f907-3a97-7f65433184cd@keystonenap.com> <2992750041-5965@mail.nersc.no> Message-ID: <20180220181001.GB61511@shrubbery.net> Tue, Feb 20, 2018 at 09:46:21AM +0100, Aleksander Vines: > That worked perfectly. Thanks for the fast reply. > > > For reference, if anyone else have issues with new procurve software, this is what I added: > > > > # This routine parses "show tech transceivers" > sub ShowTechTransceivers { > ? ? ... > ? ? while () { > ? ? ? ? ... > ? ? ? ? # These next two lines are new > ? ? ? ? next if (/[A-Z][a-z][a-z] [A-Z][a-z][a-z] [0-9]+ [0-2][0-9]:[0-5][0-9]:[0-5][0-9] 20[0-9][0-9]/); > ? ? ? ? next if (/show time/); > ? ? ? ? next if (/^(\s*|\s*$cmd\s*)$/); > ? ? ? ? ... > } > > > Thanks, > Aleksander Vines > Would someone confirm that these filters work: Index: bin/hrancid.in =================================================================== --- bin/hrancid.in (revision 3760) +++ bin/hrancid.in (working copy) @@ -203,6 +203,9 @@ } next; } + # KB.16.05.0003 5406R firmware bug + next if (/^\s*show time\s*$/i); + next if (/^\s*\S{3} \S{3}\s+\d+\s+\d+:\d+:\d+\s+\d+\s*$/); ProcessHistory("COMMENTS","keysort","G0",";$_"); > > > From: Doug Hughes > To: > Sent: 2018-02-19 18:06 > Subject: Re: [rancid] Show tech on latest Procurve software > > > > Yes, it's fairly easy to filter out individual lines by editing the filter inside the perl scripts to make them go away. I have done this many, many times. The only trick is that when you upgrade you might lose your change, so save a copy or diff that you can re-apply later. > In this case, the place where you'd put the filter is in ~rancid/bin/hrancid in the routine "ShowTechTransceivers" > Right at the top where it has 'next if (...)' > either above or below that you can add a line that says something like next if (/thing I want to match here/) which will skip that line. > > > On 2/19/2018 9:12 AM, Aleksander Vines wrote: > Hi all, > > > Is there a way of altering the output of rancid, or which commands it runs, or how the 'diff'ing' works? > > > We seem to have a problem with the latest hp software, where 'show tech transceivers' seems to include a call to 'show time'. Hence it notices a diff in the output timestamp and and it's fairly annoying if you actually want to keep track of changes.? > > > Ref.?https://community.hpe.com/t5/ProCurve-ProVision-Based/Command-behavior-change-in-KB-16-05-0003-5406R-firmware/td-p/6992013 > > > Regards, > Aleksander Vines > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- > > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From doug.hughes at keystonenap.com Tue Feb 20 18:14:13 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Tue, 20 Feb 2018 13:14:13 -0500 Subject: [rancid] Show tech on latest Procurve software In-Reply-To: <20180220181001.GB61511@shrubbery.net> References: <8584bc3c-146d-f907-3a97-7f65433184cd@keystonenap.com> <2992750041-5965@mail.nersc.no> <20180220181001.GB61511@shrubbery.net> Message-ID: <868c2538-9b7e-af96-9cc9-7f4cdc527c45@keystonenap.com> On 2/20/2018 1:10 PM, heasley wrote: > Tue, Feb 20, 2018 at 09:46:21AM +0100, Aleksander Vines: >> That worked perfectly. Thanks for the fast reply. >> >> >> For reference, if anyone else have issues with new procurve software, this is what I added: >> >> >> >> # This routine parses "show tech transceivers" >> sub ShowTechTransceivers { >> ? ? ... >> ? ? while () { >> ? ? ? ? ... >> ? ? ? ? # These next two lines are new >> ? ? ? ? next if (/[A-Z][a-z][a-z] [A-Z][a-z][a-z] [0-9]+ [0-2][0-9]:[0-5][0-9]:[0-5][0-9] 20[0-9][0-9]/); >> ? ? ? ? next if (/show time/); >> ? ? ? ? next if (/^(\s*|\s*$cmd\s*)$/); >> ? ? ? ? ... >> } >> >> >> Thanks, >> Aleksander Vines >> > Would someone confirm that these filters work: > > Index: bin/hrancid.in > =================================================================== > --- bin/hrancid.in (revision 3760) > +++ bin/hrancid.in (working copy) > @@ -203,6 +203,9 @@ > } > next; > } > + # KB.16.05.0003 5406R firmware bug > + next if (/^\s*show time\s*$/i); > + next if (/^\s*\S{3} \S{3}\s+\d+\s+\d+:\d+:\d+\s+\d+\s*$/); > > ProcessHistory("COMMENTS","keysort","G0",";$_"); My HPs aren't new enough to show the time field. But it looks innocuous enough. -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From doug.hughes at keystonenap.com Tue Feb 20 19:03:12 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Tue, 20 Feb 2018 14:03:12 -0500 Subject: [rancid] Making variant of cisco ios In-Reply-To: References: Message-ID: Cisco stuff is so full of conditions and exceptions that sometimes it helps to look outside that ecosystem-of-bloat (not the fault of Rancid, fwiw). That said, ShowCellular is pretty simple. You could eliminate the PDP and DNS lines for certain. outside of ios.pm, hrancid has some nice svelte ones like ShowVersion and ShowStack. Just modify ProcessHistory accordingly. On 2/20/2018 12:37 PM, Charles T. Brooks wrote: > I have some old cisco ACE devices and have been backing them up with rancid using the normal "cisco" module. > > I want to add some commands like "show ft group summary" for example, and have the output of those commands show up in rancid diffs, prefixed with exclamation points in the same way that normal "show version" output is. > > I've done this before by copying a device type definition from /etc/rancid.types.base to /etc/rancid.types.conf and editing it, but in the past I was always removing troublesome commands, not adding new ones. > > Is there an existing module that I can reference in /etc/rancid.types.conf that simply takes the output from a command and prefixes exclamation points, no fancy special processing? Or do I need to write one? > > Thanks! > --Charlie > > ------------------ CONFIDENTIALITY NOTICE --------------- > > This message, including any attachments, is for the sole use of the > intended recipient(s) and may contain privileged confidential information > protected by law. Any unauthorized review, use, disclosure or distribution > of this message is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of this message. > > ------------------ CONFIDENTIALITY NOTICE --------------- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From Charles.Brooks at hbcs.org Tue Feb 20 19:43:10 2018 From: Charles.Brooks at hbcs.org (Charles T. Brooks) Date: Tue, 20 Feb 2018 19:43:10 +0000 Subject: [rancid] Making variant of cisco ios In-Reply-To: References: , Message-ID: Doug, could you elaborate on what you meant by "modify ProcessHistory accordingly"? I feel like I'm missing some basic concept here. (I've added the command I want to my custom cisco-ace type definition, and modified router.db to reference the cisco-ace type, but the new command output isn't showing up in the mailings and git repo. It's still just the same as I've been getting from the standard cisco type I was already using.) Thanks, --Charlie ________________________________ From: Rancid-discuss [rancid-discuss-bounces at shrubbery.net] on behalf of Doug Hughes [doug.hughes at keystonenap.com] Sent: Tuesday, February 20, 2018 2:03 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Making variant of cisco ios Cisco stuff is so full of conditions and exceptions that sometimes it helps to look outside that ecosystem-of-bloat (not the fault of Rancid, fwiw). That said, ShowCellular is pretty simple. You could eliminate the PDP and DNS lines for certain. outside of ios.pm, hrancid has some nice svelte ones like ShowVersion and ShowStack. Just modify ProcessHistory accordingly. On 2/20/2018 12:37 PM, Charles T. Brooks wrote: I have some old cisco ACE devices and have been backing them up with rancid using the normal "cisco" module. I want to add some commands like "show ft group summary" for example, and have the output of those commands show up in rancid diffs, prefixed with exclamation points in the same way that normal "show version" output is. I've done this before by copying a device type definition from /etc/rancid.types.base to /etc/rancid.types.conf and editing it, but in the past I was always removing troublesome commands, not adding new ones. Is there an existing module that I can reference in /etc/rancid.types.conf that simply takes the output from a command and prefixes exclamation points, no fancy special processing? Or do I need to write one? Thanks! --Charlie ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) [cid:part1.26132052.B9B153C1 at keystonenap.com] ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: keystone-nap.png URL: From Wayne.Eisenberg at CarolinasIT.com Tue Feb 20 21:34:32 2018 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Tue, 20 Feb 2018 21:34:32 +0000 Subject: [rancid] OTP/2-factor authentication Message-ID: I did some searching, and I'm pretty sure I already know the answer, but has anyone had any success with rancid and 2-factor authentication such as OKTA (time-based OTP)? Any workarounds? Thanks, Wayne ________________________________ The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Feb 20 22:24:46 2018 From: heas at shrubbery.net (heasley) Date: Tue, 20 Feb 2018 22:24:46 +0000 Subject: [rancid] OTP/2-factor authentication In-Reply-To: References: Message-ID: <20180220222446.GD40353@shrubbery.net> Tue, Feb 20, 2018 at 09:34:32PM +0000, Wayne Eisenberg: > I did some searching, and I'm pretty sure I already know the answer, but has anyone had any success with rancid and 2-factor authentication such as OKTA (time-based OTP)? > > Any workarounds? how would it work? I'm probably being dense on the subject, but it seems like an obstacle to automation. Happy to receive a cluebyfour. it seems that such security goals can be achieved by aaa authorization (ie: read-only) and password expiration in aaa authentication. From heas at shrubbery.net Tue Feb 20 22:30:35 2018 From: heas at shrubbery.net (heasley) Date: Tue, 20 Feb 2018 22:30:35 +0000 Subject: [rancid] Fortiweb 400C 5.82 In-Reply-To: <39C96F08-0F28-4C9E-BF5B-9C45FCC7D41C@gmail.com> References: <39C96F08-0F28-4C9E-BF5B-9C45FCC7D41C@gmail.com> Message-ID: <20180220223034.GF40353@shrubbery.net> Fri, Feb 16, 2018 at 09:19:10AM -0500, Gerhard Mourani: > Hello, > > I've a problem again backing up Fortiweb configuration. > Rancid 3.7 > FortiWeb-400C 5.82,build1375,170622 and the problem is? From gmourani at gmail.com Tue Feb 20 23:16:52 2018 From: gmourani at gmail.com (Gerhard Mourani) Date: Tue, 20 Feb 2018 18:16:52 -0500 Subject: [rancid] Fortiweb 400C 5.82 In-Reply-To: <20180220223034.GF40353@shrubbery.net> References: <39C96F08-0F28-4C9E-BF5B-9C45FCC7D41C@gmail.com> <20180220223034.GF40353@shrubbery.net> Message-ID: <1BE5D690-0419-4864-A933-5B11A09A2166@gmail.com> Connection to the FortiWeb doesn?t complete and make a timeout. In the past, It was related to password prompt that has been changed by Fortinet on this model. Here past discussion on the subject -> https://lists.gt.net/rancid/users/9793 Regards, > On Feb 20, 2018, at 5:30 PM, heasley wrote: > > Fri, Feb 16, 2018 at 09:19:10AM -0500, Gerhard Mourani: >> Hello, >> >> I've a problem again backing up Fortiweb configuration. >> Rancid 3.7 >> FortiWeb-400C 5.82,build1375,170622 > > and the problem is? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Feb 20 23:48:49 2018 From: heas at shrubbery.net (heasley) Date: Tue, 20 Feb 2018 23:48:49 +0000 Subject: [rancid] Fortiweb 400C 5.82 In-Reply-To: <1BE5D690-0419-4864-A933-5B11A09A2166@gmail.com> References: <39C96F08-0F28-4C9E-BF5B-9C45FCC7D41C@gmail.com> <20180220223034.GF40353@shrubbery.net> <1BE5D690-0419-4864-A933-5B11A09A2166@gmail.com> Message-ID: <20180220234849.GK40353@shrubbery.net> Tue, Feb 20, 2018 at 06:16:52PM -0500, Gerhard Mourani: > Connection to the FortiWeb doesn?t complete and make a timeout. In the past, It was related to password prompt that has been changed by Fortinet on this model. Here past discussion on the subject -> https://lists.gt.net/rancid/users/9793 > > Regards, The output appears to present a successful login. expect: does "Fortiweb01 $ " (spawn_id exp3) match regular expression "[\r\n]+"? (No Gate, RE only) gate=yes re=no "^(.+[#\$] )"? Gate "* "? gate=yes re=yes expect: set expect_out(0,string) "Fortiweb01 $ " expect: set expect_out(1,string) "Fortiweb01 $ " expect: set expect_out(spawn_id) "exp3" expect: set expect_out(buffer) "Fortiweb01 $ " so, what is timing-out? > > On Feb 20, 2018, at 5:30 PM, heasley wrote: > > > > Fri, Feb 16, 2018 at 09:19:10AM -0500, Gerhard Mourani: > >> Hello, > >> > >> I've a problem again backing up Fortiweb configuration. > >> Rancid 3.7 > >> FortiWeb-400C 5.82,build1375,170622 > > > > and the problem is? > > > From gmourani at gmail.com Wed Feb 21 15:22:23 2018 From: gmourani at gmail.com (Gerhard Mourani) Date: Wed, 21 Feb 2018 10:22:23 -0500 Subject: [rancid] Fortiweb 400C 5.82 In-Reply-To: <20180220234849.GK40353@shrubbery.net> References: <39C96F08-0F28-4C9E-BF5B-9C45FCC7D41C@gmail.com> <20180220223034.GF40353@shrubbery.net> <1BE5D690-0419-4864-A933-5B11A09A2166@gmail.com> <20180220234849.GK40353@shrubbery.net> Message-ID: <20E5C82D-E71F-4071-90C6-3EC7AA9858B3@gmail.com> You're right, login works but logout timeout. su - rancid -c "clogin 172.16.207.10" 172.16.207.10 spawn ssh -p 22 -x -l admin 172.16.207.10 please input passwd: Fortiweb01 $ exit Error: TIMEOUT reached Regards, > On Feb 20, 2018, at 6:48 PM, heasley wrote: > > Tue, Feb 20, 2018 at 06:16:52PM -0500, Gerhard Mourani: >> Connection to the FortiWeb doesn?t complete and make a timeout. In the past, It was related to password prompt that has been changed by Fortinet on this model. Here past discussion on the subject -> https://lists.gt.net/rancid/users/9793 >> >> Regards, > > The output appears to present a successful login. > > expect: does "Fortiweb01 $ " (spawn_id exp3) match regular expression "[\r\n]+"? > (No Gate, RE only) gate=yes re=no > "^(.+[#\$] )"? Gate "* "? gate=yes re=yes > expect: set expect_out(0,string) "Fortiweb01 $ " > expect: set expect_out(1,string) "Fortiweb01 $ " > expect: set expect_out(spawn_id) "exp3" > expect: set expect_out(buffer) "Fortiweb01 $ " > > so, what is timing-out? > >>> On Feb 20, 2018, at 5:30 PM, heasley wrote: >>> >>> Fri, Feb 16, 2018 at 09:19:10AM -0500, Gerhard Mourani: >>>> Hello, >>>> >>>> I've a problem again backing up Fortiweb configuration. >>>> Rancid 3.7 >>>> FortiWeb-400C 5.82,build1375,170622 >>> >>> and the problem is? >>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From Wayne.Eisenberg at CarolinasIT.com Wed Feb 21 20:27:14 2018 From: Wayne.Eisenberg at CarolinasIT.com (Wayne Eisenberg) Date: Wed, 21 Feb 2018 20:27:14 +0000 Subject: [rancid] OTP/2-factor authentication In-Reply-To: <20180220222446.GD40353@shrubbery.net> References: <20180220222446.GD40353@shrubbery.net> Message-ID: I believe you are correct. It happens when certain people insist on a policy that requires the only way to connect is via 2-factor and don't make any accommodation for things like this or the need to be able to script a large rollout of a change, etc. Thanks. -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Tuesday, February 20, 2018 5:25 PM To: Wayne Eisenberg Cc: 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] OTP/2-factor authentication Tue, Feb 20, 2018 at 09:34:32PM +0000, Wayne Eisenberg: > I did some searching, and I'm pretty sure I already know the answer, but has anyone had any success with rancid and 2-factor authentication such as OKTA (time-based OTP)? > > Any workarounds? how would it work? I'm probably being dense on the subject, but it seems like an obstacle to automation. Happy to receive a cluebyfour. it seems that such security goals can be achieved by aaa authorization (ie: read-only) and password expiration in aaa authentication. ________________________________ The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. From heas at shrubbery.net Wed Feb 21 21:16:28 2018 From: heas at shrubbery.net ('heasley') Date: Wed, 21 Feb 2018 21:16:28 +0000 Subject: [rancid] OTP/2-factor authentication In-Reply-To: References: <20180220222446.GD40353@shrubbery.net> Message-ID: <20180221211628.GA93875@shrubbery.net> Wed, Feb 21, 2018 at 08:27:14PM +0000, Wayne Eisenberg: > I believe you are correct. It happens when certain people insist on a policy that requires the only way to connect is via 2-factor and don't make any accommodation for things like this or the need to be able to script a large rollout of a change, etc. > > Thanks. ie: management a thought is that an oauth2-like system might work - but thats just another form of password expiration. > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Tuesday, February 20, 2018 5:25 PM > To: Wayne Eisenberg > Cc: 'rancid-discuss at shrubbery.net' > Subject: Re: [rancid] OTP/2-factor authentication > > Tue, Feb 20, 2018 at 09:34:32PM +0000, Wayne Eisenberg: > > I did some searching, and I'm pretty sure I already know the answer, but has anyone had any success with rancid and 2-factor authentication such as OKTA (time-based OTP)? > > > > Any workarounds? > > how would it work? I'm probably being dense on the subject, but it seems like an obstacle to automation. Happy to receive a cluebyfour. > > it seems that such security goals can be achieved by aaa authorization > (ie: read-only) and password expiration in aaa authentication. > > > ________________________________ > > The information in this Internet e-mail (and any attachments) is confidential, may be legally privileged and is intended solely for the Addressee(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, then any dissemination or copying of this e-mail (and any attachments) is prohibited and may be unlawful. If you received this e-mail in error, please immediately notify us by e-mail or telephone, then delete the message. Thank you. From hank at kilmer.org Wed Feb 21 21:41:21 2018 From: hank at kilmer.org (Hank Kilmer) Date: Wed, 21 Feb 2018 16:41:21 -0500 Subject: [rancid] OTP/2-factor authentication In-Reply-To: <20180221211628.GA93875@shrubbery.net> References: <20180220222446.GD40353@shrubbery.net> <20180221211628.GA93875@shrubbery.net> Message-ID: <5A8DE781.6090300@kilmer.org> 'heasley' wrote: > Wed, Feb 21, 2018 at 08:27:14PM +0000, Wayne Eisenberg: >> I believe you are correct. It happens when certain people insist on a policy that requires the only way to connect is via 2-factor and don't make any accommodation for things like this or the need to be able to script a large rollout of a change, etc. >> >> Thanks. > > ie: management > > a thought is that an oauth2-like system might work - but thats just another > form of password expiration. I've seen companies get around some of this by requiring the 2-factor to get into a bastion host where the scripts are run from (and/or rancid). Not ideal but a work-around. From heas at shrubbery.net Fri Feb 23 02:23:37 2018 From: heas at shrubbery.net (heasley) Date: Fri, 23 Feb 2018 02:23:37 +0000 Subject: [rancid] Role Privileges for Nexus 9k In-Reply-To: References: Message-ID: <20180223022337.GI95665@shrubbery.net> Wed, Feb 07, 2018 at 11:05:19AM -0800, Pico Leto: > Hi, > > I seem to be having some troubles backing up my configs for a ASR9k > (C93108TC-EX) running NXOS 7.0.3.I4.4. My current version of rancid is 3.7 > > I thought I created the correct role for rancid to run under however my > debug seems to end after 'system redundancy status'. The command is > actually available however you have to be in config term mode to see the > output. > > Role: rancid > Description: rancid restricted access > Vlan policy: permit (default) > Interface policy: permit (default) > Vrf policy: permit (default) > ------------------------------------------------------------------- > Rule Perm Type Scope Entity > ------------------------------------------------------------------- > 4 permit command dir * > 3 permit command show * > 2 permit command terminal * > 1 permit command show running-config > > Debug: > > rancid -t cisco-nx -d host.xx.xx > loadtype: device type cisco-nx > loadtype: found device type cisco-nx in > /usr/local/rancid/etc/rancid.types.base > executing clogin -t 90 -c"term no monitor-force;show version;show version > build-info all;show license;show license usage;show license > host.xx.xx-id;show system redundancy status;show environment clock;show > environment fan;show environment fex all fan;show environment > temperature;show environment power;show boot;dir bootflash:;dir debug:;dir > logflash:;dir slot0:;dir usb1:;dir usb2:;dir volatile:;show module;show > module xbar;show inventory;show vtp status;show vlan;show debug;show cores > vdc-all;show processes log vdc-all;show module fex;show fex;show > running-config" host.xx.xx > PROMPT MATCH: host.xx# > HIT COMMAND:host.xx# term no monitor-force > In RunCommand: host.xx# term no monitor-force > HIT COMMAND:host.xx# show version > In ShowVersion: host.xx# show version > TYPE = NXOS > HIT COMMAND:host.xx# show version build-info all > In ShowVersionBuild: host.xx# show version build-info all > HIT COMMAND:host.xx# show license > In ShowLicense: host.xx# show license > HIT COMMAND:host.xx# show license usage > In ShowLicense: host.xx# show license usage > HIT COMMAND:host.xx# show license host.xx.xx-id > In ShowLicense: host.xx# show license host.xx.xx-id > HIT COMMAND:host.xx# show system redundancy status > In ShowRedundancy: host.xx# show system redundancy status > host.xx.xx: show system redundancy status failed: -1 > host.xx.xx: missed cmd(s): show environment clock, show environment fan, There was a recent change for show red and show env fex recently: nxos.pm: filter show redundancy/show env fex when unsupported which you can grab here: http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/lib/nxos.pm.in Weylin's good advice aside, perhaps try running it as a user whose account is not limited to ensure that it is not a failure of rancid itself due to some caveat of the platform. You can also look at the output of what rancid collects and look for authorization falures: rancid -t cisco-nx -C device will give you the full command that rancid would run. > show environment fex all fan, show environment temperature, show > environment power, show boot, dir bootflash:, dir debug:, dir logflash:, > dir slot0:, dir usb1:, dir usb2:, dir volatile:, show module, show module > xbar, show inventory, show vtp status, show vlan, show debug, show cores > vdc-all, show processes log vdc-all, show module fex, show fex > host.xx.xx: End of run not found > host.xx.xx: clean_run is false > host.xx.xx: found_end is false > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Fri Feb 23 02:34:30 2018 From: heas at shrubbery.net (heasley) Date: Fri, 23 Feb 2018 02:34:30 +0000 Subject: [rancid] Brocade VDX In-Reply-To: <1221278298.4896124.1517948075907@mail.yahoo.com> References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com> <1221278298.4896124.1517948075907@mail.yahoo.com> Message-ID: <20180223023430.GJ95665@shrubbery.net> Tue, Feb 06, 2018 at 08:14:35PM +0000, Andrew Meyer: > I have 4 Brocade VDX 6740 switches that I am trying to add to RANCiD. Has anyone gotten these to work? I'm trying to write documentation so I can repeat this in the future. > > This is what I have found so far. But I'm running this on FreeBSD 11.1. I'm ok if I need to patch it. Just loooking for the right way to add this to the system or patch it. > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-April/009534.html > > https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/Automatic-backup-for-brocade-VDX-Switches/td-p/84924 > https://webclient.obs.j0ke.net/package/view_file/server:monitoring/rancid-stable/rancid.types.conf > > https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/ > > http://www.dmcservicescorp.com/?p=2064 you havent told us what version of rancid. are you trying to add some other script because type foundry doesnt work for the device? this page is accurate and/or see section 4 of the rancid FAQ > https://tobru.ch/backup-brocade-router-config-with-rancid/ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From doug.hughes at keystonenap.com Fri Feb 23 02:44:47 2018 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Thu, 22 Feb 2018 21:44:47 -0500 Subject: [rancid] Brocade VDX In-Reply-To: <20180223023430.GJ95665@shrubbery.net> References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com> <1221278298.4896124.1517948075907@mail.yahoo.com> <20180223023430.GJ95665@shrubbery.net> Message-ID: I have VDX switches working. I use brcdvcs type 2 6940 and 2 6740 in a stack rancid.types.conf: # Brocade VCS 10g/40g brcdvcs;script;rancid -t brcdvcs brcdvcs;login;a10login brcdvcs;module;brocade brcdvcs;inloop;brocade::inloop brcdvcs;command;brocade::ShowVersion;show version all-partitions brcdvcs;command;brocade::ShowLicense;show license brcdvcs;command;brocade::ShowRasLicense;show logging raslog rbridge-id 11 brcdvcs;command;brocade::ShowRasLicense;show logging raslog rbridge-id 12 brcdvcs;command;brocade::ShowVcs;show vcs detail brcdvcs;command;brocade::ShowVlan;show vlan brief brcdvcs;command;brocade::ShowSnapshots;show config snapshot rbridge-id 1 brcdvcs;command;brocade::ShowFabric;show virtual-fabric status brcdvcs;command;brocade::ShowFabric;show fabric all brcdvcs;command;brocade::ShowSupport;show support brcdvcs;command;brocade::ShowMonitor;show system monitor brcdvcs;command;brocade::ShowConfig;show running-config (you'll want to change your rbridge-ids appropriately) On 2/22/2018 9:34 PM, heasley wrote: > Tue, Feb 06, 2018 at 08:14:35PM +0000, Andrew Meyer: >> I have 4 Brocade VDX 6740 switches that I am trying to add to RANCiD. Has anyone gotten these to work? I'm trying to write documentation so I can repeat this in the future. >> >> This is what I have found so far. But I'm running this on FreeBSD 11.1. I'm ok if I need to patch it. Just loooking for the right way to add this to the system or patch it. >> >> >> >> http://www.shrubbery.net/pipermail/rancid-discuss/2017-April/009534.html >> >> https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/Automatic-backup-for-brocade-VDX-Switches/td-p/84924 >> https://webclient.obs.j0ke.net/package/view_file/server:monitoring/rancid-stable/rancid.types.conf >> >> https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/ >> >> http://www.dmcservicescorp.com/?p=2064 > you havent told us what version of rancid. are you trying to add some > other script because type foundry doesnt work for the device? this > page is accurate and/or see section 4 of the rancid FAQ > >> https://tobru.ch/backup-brocade-router-config-with-rancid/ >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From andrewm659 at yahoo.com Fri Feb 23 02:38:15 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Fri, 23 Feb 2018 02:38:15 +0000 (UTC) Subject: [rancid] Brocade VDX In-Reply-To: <20180223023430.GJ95665@shrubbery.net> References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com> <1221278298.4896124.1517948075907@mail.yahoo.com> <20180223023430.GJ95665@shrubbery.net> Message-ID: <1732560433.4078926.1519353495061@mail.yahoo.com> My apologies, I am using rancid 3.2 on CentOS 6.8 On Thursday, February 22, 2018 8:34 PM, heasley wrote: Tue, Feb 06, 2018 at 08:14:35PM +0000, Andrew Meyer: > I have 4 Brocade VDX 6740 switches that I am trying to add to RANCiD.? Has anyone gotten these to work?? I'm trying to write documentation so I can repeat this in the future. > > This is what I have found so far.? But I'm running this on FreeBSD 11.1.? I'm ok if I need to patch it.? Just loooking for the right way to add this to the system or patch it. > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-April/009534.html > > https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/Automatic-backup-for-brocade-VDX-Switches/td-p/84924 > https://webclient.obs.j0ke.net/package/view_file/server:monitoring/rancid-stable/rancid.types.conf > > https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/ > > http://www.dmcservicescorp.com/?p=2064 you havent told us what version of rancid.? are you trying to add some other script because type foundry doesnt work for the device?? this page is accurate and/or see section 4 of the rancid FAQ > https://tobru.ch/backup-brocade-router-config-with-rancid/ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrewm659 at yahoo.com Fri Feb 23 02:39:42 2018 From: andrewm659 at yahoo.com (Andrew Meyer) Date: Fri, 23 Feb 2018 02:39:42 +0000 (UTC) Subject: [rancid] Brocade VDX In-Reply-To: <1732560433.4078926.1519353495061@mail.yahoo.com> References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com> <1221278298.4896124.1517948075907@mail.yahoo.com> <20180223023430.GJ95665@shrubbery.net> <1732560433.4078926.1519353495061@mail.yahoo.com> Message-ID: <270171666.4074684.1519353582588@mail.yahoo.com> I am just trying to backup the config.?? On Thursday, February 22, 2018 8:38 PM, Andrew Meyer wrote: My apologies, I am using rancid 3.2 on CentOS 6.8 On Thursday, February 22, 2018 8:34 PM, heasley wrote: Tue, Feb 06, 2018 at 08:14:35PM +0000, Andrew Meyer: > I have 4 Brocade VDX 6740 switches that I am trying to add to RANCiD.? Has anyone gotten these to work?? I'm trying to write documentation so I can repeat this in the future. > > This is what I have found so far.? But I'm running this on FreeBSD 11.1.? I'm ok if I need to patch it.? Just loooking for the right way to add this to the system or patch it. > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-April/009534.html > > https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/Automatic-backup-for-brocade-VDX-Switches/td-p/84924 > https://webclient.obs.j0ke.net/package/view_file/server:monitoring/rancid-stable/rancid.types.conf > > https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/ > > http://www.dmcservicescorp.com/?p=2064 you havent told us what version of rancid.? are you trying to add some other script because type foundry doesnt work for the device?? this page is accurate and/or see section 4 of the rancid FAQ > https://tobru.ch/backup-brocade-router-config-with-rancid/ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From ko at sv01.de Fri Feb 23 13:18:34 2018 From: ko at sv01.de (Kevin Olbrich) Date: Fri, 23 Feb 2018 14:18:34 +0100 Subject: [rancid] Getting h3crancid to work In-Reply-To: References: Message-ID: Hi! Can you send me the updated file? My knowledge of perl is very limited. Thank you very much. - Kevin 2018-02-06 15:26 GMT+01:00 Kevin Olbrich : > Hi! > > Thank you. I think you are right. I am on Debian 9 and I get this error in > rancid logs when I try to collect from one of these switches: > > Trying to get all of the configs. > wrong # args: should be "set varName ?newValue?" > while executing > "set do_command 0 set do_script 0" > (file "/usr/lib/rancid/bin/cmwlogin" line 68) > > > Kind regards > Kevin > > 2018-02-05 15:01 GMT+01:00 Jethro R Binks : > >> Try this instead; >> >> https://sites.google.com/site/jrbinks/code/rancid/cmwrancid >> >> but I might need to send you updated cmw.pm and cmwlogin if you could >> test >> those and feedback? >> >> h3c module was for rancid 2 really. >> >> Jethro. >> >> >> On Mon, 5 Feb 2018, Kevin Olbrich wrote: >> >> > Hi! >> > >> > I got some HP 5130 switches (rebranded Comware / H3C). >> > Can someone tell me how I get this to work? >> > >> > https://sites.google.com/site/jrbinks/code/rancid/h3c >> > >> > After fixing two path errors (expect path, etc.) I still don't get >> where I >> > should add "h3c". >> > When I had to add plugins like this, I had to edit the types-config and >> > nothing in rancid-fe. >> > >> > I am currently on rancid (3.7-1~bpo9+1) - Debian Stretch backports. >> > >> > Kind regards, >> > Kevin >> > >> >> . . . . . . . . . . . . . . . . . . . . . . . . . >> Jethro R Binks, Network Manager, >> Information Services Directorate, University Of Strathclyde, Glasgow, UK >> >> The University of Strathclyde is a charitable body, registered in >> Scotland, number SC015263. >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Feb 23 18:14:31 2018 From: heas at shrubbery.net (heasley) Date: Fri, 23 Feb 2018 18:14:31 +0000 Subject: [rancid] Brocade VDX In-Reply-To: References: <1221278298.4896124.1517948075907.ref@mail.yahoo.com> <1221278298.4896124.1517948075907@mail.yahoo.com> <20180223023430.GJ95665@shrubbery.net> Message-ID: <20180223181430.GD10876@shrubbery.net> Thu, Feb 22, 2018 at 09:44:47PM -0500, Doug Hughes: > I have VDX switches working. > > I use brcdvcs type > > 2 6940 and 2 6740 in a stack > > rancid.types.conf: > > # Brocade VCS 10g/40g > brcdvcs;script;rancid -t brcdvcs > brcdvcs;login;a10login > brcdvcs;module;brocade > brcdvcs;inloop;brocade::inloop > brcdvcs;command;brocade::ShowVersion;show version all-partitions > brcdvcs;command;brocade::ShowLicense;show license > brcdvcs;command;brocade::ShowRasLicense;show logging raslog rbridge-id 11 > brcdvcs;command;brocade::ShowRasLicense;show logging raslog rbridge-id 12 > brcdvcs;command;brocade::ShowVcs;show vcs detail > brcdvcs;command;brocade::ShowVlan;show vlan brief > brcdvcs;command;brocade::ShowSnapshots;show config snapshot rbridge-id 1 > brcdvcs;command;brocade::ShowFabric;show virtual-fabric status > brcdvcs;command;brocade::ShowFabric;show fabric all > brcdvcs;command;brocade::ShowSupport;show support > brcdvcs;command;brocade::ShowMonitor;show system monitor > brcdvcs;command;brocade::ShowConfig;show running-config It'd be great if others who use this would confirm that it works properly and reliably. > (you'll want to change your rbridge-ids appropriately) > > > > On 2/22/2018 9:34 PM, heasley wrote: > > Tue, Feb 06, 2018 at 08:14:35PM +0000, Andrew Meyer: > >> I have 4 Brocade VDX 6740 switches that I am trying to add to RANCiD. Has anyone gotten these to work? I'm trying to write documentation so I can repeat this in the future. > >> > >> This is what I have found so far. But I'm running this on FreeBSD 11.1. I'm ok if I need to patch it. Just loooking for the right way to add this to the system or patch it. > >> > >> > >> > >> http://www.shrubbery.net/pipermail/rancid-discuss/2017-April/009534.html > >> > >> https://community.brocade.com/t5/Ethernet-Fabric-VDX-CNA/Automatic-backup-for-brocade-VDX-Switches/td-p/84924 > >> https://webclient.obs.j0ke.net/package/view_file/server:monitoring/rancid-stable/rancid.types.conf > >> > >> https://www.forwardingplane.net/2012/11/vdxrancid-contrib-scripts/ > >> > >> http://www.dmcservicescorp.com/?p=2064 > > you havent told us what version of rancid. are you trying to add some > > other script because type foundry doesnt work for the device? this > > page is accurate and/or see section 4 of the rancid FAQ > > > >> https://tobru.ch/backup-brocade-router-config-with-rancid/ > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From sathish.i at ctrls.in Sat Feb 24 10:15:33 2018 From: sathish.i at ctrls.in (Sathish Kumar. Ippani) Date: Sat, 24 Feb 2018 10:15:33 +0000 Subject: [rancid] Rancid Login to device with wrong username and password Message-ID: Dear All, I have recently installed Rancid and I added device. But when I testing clogin to a cisco device it is login to device rancid user, where I have configured deferent username(cisco) to login to cisco device. Please let me know, If I need to change any configuration. Thanks, Sathish ________________________________ Disclaimer: The contents of this e-mail message and any attachments are confidential and are intended solely for the addressee. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Any unauthorized use, copying or dissemination of this transmission is prohibited. Neither the confidentiality nor the integrity of this message can be vouched for following transmission on the Internet. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 40700 bytes Desc: image001.png URL: From heas at shrubbery.net Sat Feb 24 15:56:43 2018 From: heas at shrubbery.net (heasley) Date: Sat, 24 Feb 2018 15:56:43 +0000 Subject: [rancid] Rancid Login to device with wrong username and password In-Reply-To: References: Message-ID: <20180224155643.GA57586@shrubbery.net> Sat, Feb 24, 2018 at 10:15:33AM +0000, Sathish Kumar. Ippani: > > Dear All, > > I have recently installed Rancid and I added device. > > But when I testing clogin to a cisco device it is login to device rancid user, where I have configured deferent username(cisco) to login to cisco device. > > Please let me know, If I need to change any configuration. your .cloginrc. see clogin -[Mm] From randy at psg.com Sat Feb 24 20:17:12 2018 From: randy at psg.com (Randy Bush) Date: Sat, 24 Feb 2018 10:17:12 -1000 Subject: [rancid] Rancid Login to device with wrong username and password In-Reply-To: <20180224155643.GA57586@shrubbery.net> References: <20180224155643.GA57586@shrubbery.net> Message-ID: > Sat, Feb 24, 2018 at 10:15:33AM +0000, Sathish Kumar. Ippani: > I have configured deferent username(cisco) to login to cisco device. ^^^^^^^^^^^^^^^ this is strongly NOT recommended for security reasons From sathish.i at ctrls.in Mon Feb 26 06:47:33 2018 From: sathish.i at ctrls.in (Sathish Kumar. Ippani) Date: Mon, 26 Feb 2018 06:47:33 +0000 Subject: [rancid] Rancid Login to device with wrong username and password In-Reply-To: References: Message-ID: Thanks Shoaib, Thanks for your inputs. I have already configured .cloginrc with correct username and password also given cisco name for reference only. Regards, sathish -----Original Message----- From: Muhammad Shoaib [mailto:mshoaib at paciolan.com] Sent: Monday, February 26, 2018 12:10 PM To: rancid-discuss at shrubbery.net; Sathish Kumar. Ippani Subject: Re: Rancid Login to device with wrong username and password Hi Sathish, You can define the following in your .cloginrc to use ?cisco? as a username as : # Cisco switches add user ciscoswitch01 cisco add userpassword ciscoswitch01 {password} add password ciscoswitch01 {password} {password} add method ciscoswitch01 {ssh} {telnet} The first line define the username ? here it is "cisco" Second line is the password Third line is the first and then enable password Last line is the method ? here it will try ssh first then telnet. ciscoswitch01 - it is your device hostname and it should resolved to an ip address. You can use either DNS or /etc/hosts file for resolution. As Heasley mentioned ? this file sits under rancid root directory and named ?.cloginrc? Also Randy has a point not to use ?cisco? as a username for security reason. You can create user ?rancid? or any other and update your .cloginrc file. Hope it is helpful. mS --- Muhammad Shoaib Sr. Mgr, Network Engineering On 2/25/18, 12:00 PM, "Rancid-discuss on behalf of rancid-discuss-request at shrubbery.net" wrote: >Send Rancid-discuss mailing list submissions to > rancid-discuss at shrubbery.net > >To subscribe or unsubscribe via the World Wide Web, visit > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >or, via email, send a message with subject or body 'help' to > rancid-discuss-request at shrubbery.net > >You can reach the person managing the list at > rancid-discuss-owner at shrubbery.net > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Rancid-discuss digest..." > > >Today's Topics: > > 1. Re: Rancid Login to device with wrong username and password > (Randy Bush) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Sat, 24 Feb 2018 10:17:12 -1000 >From: Randy Bush >To: "Sathish Kumar. Ippani" >Cc: rancid-discuss at shrubbery.net >Subject: Re: [rancid] Rancid Login to device with wrong username and > password >Message-ID: >Content-Type: text/plain; charset=US-ASCII > >> Sat, Feb 24, 2018 at 10:15:33AM +0000, Sathish Kumar. Ippani: > >> I have configured deferent username(cisco) to login to cisco device. > ^^^^^^^^^^^^^^^ > >this is strongly NOT recommended for security reasons > > > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss > >------------------------------ > >End of Rancid-discuss Digest, Vol 88, Issue 17 >********************************************** ________________________________ Disclaimer: The contents of this e-mail message and any attachments are confidential and are intended solely for the addressee. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Any unauthorized use, copying or dissemination of this transmission is prohibited. Neither the confidentiality nor the integrity of this message can be vouched for following transmission on the Internet. ________________________________ From mshoaib at paciolan.com Mon Feb 26 06:39:37 2018 From: mshoaib at paciolan.com (Muhammad Shoaib) Date: Mon, 26 Feb 2018 06:39:37 +0000 Subject: [rancid] Rancid Login to device with wrong username and password Message-ID: Hi Sathish, You can define the following in your .cloginrc to use ?cisco? as a username as : # Cisco switches add user ciscoswitch01 cisco add userpassword ciscoswitch01 {password} add password ciscoswitch01 {password} {password} add method ciscoswitch01 {ssh} {telnet} The first line define the username ? here it is "cisco" Second line is the password Third line is the first and then enable password Last line is the method ? here it will try ssh first then telnet. ciscoswitch01 - it is your device hostname and it should resolved to an ip address. You can use either DNS or /etc/hosts file for resolution. As Heasley mentioned ? this file sits under rancid root directory and named ?.cloginrc? Also Randy has a point not to use ?cisco? as a username for security reason. You can create user ?rancid? or any other and update your .cloginrc file. Hope it is helpful. mS --- Muhammad Shoaib Sr. Mgr, Network Engineering On 2/25/18, 12:00 PM, "Rancid-discuss on behalf of rancid-discuss-request at shrubbery.net" wrote: >Send Rancid-discuss mailing list submissions to > rancid-discuss at shrubbery.net > >To subscribe or unsubscribe via the World Wide Web, visit > http://www.shrubbery.net/mailman/listinfo/rancid-discuss >or, via email, send a message with subject or body 'help' to > rancid-discuss-request at shrubbery.net > >You can reach the person managing the list at > rancid-discuss-owner at shrubbery.net > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Rancid-discuss digest..." > > >Today's Topics: > > 1. Re: Rancid Login to device with wrong username and password > (Randy Bush) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Sat, 24 Feb 2018 10:17:12 -1000 >From: Randy Bush >To: "Sathish Kumar. Ippani" >Cc: rancid-discuss at shrubbery.net >Subject: Re: [rancid] Rancid Login to device with wrong username and > password >Message-ID: >Content-Type: text/plain; charset=US-ASCII > >> Sat, Feb 24, 2018 at 10:15:33AM +0000, Sathish Kumar. Ippani: > >> I have configured deferent username(cisco) to login to cisco device. > ^^^^^^^^^^^^^^^ > >this is strongly NOT recommended for security reasons > > > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss > >------------------------------ > >End of Rancid-discuss Digest, Vol 88, Issue 17 >********************************************** From howie at thingy.com Mon Feb 26 11:30:36 2018 From: howie at thingy.com (Howard Jones) Date: Mon, 26 Feb 2018 11:30:36 +0000 Subject: [rancid] Rate-limiting connections through one host? Message-ID: I have a slightly unusual RANCID problem - we have some multi-context Cisco ASAs, where for convenience, each context is backed up as a separate 'host'. To do that: 1) hostnames are firewallname[contextname] 2) removed some 'force lower case stuff' because our context names are capitalised 3) Pass the [contextname] bit as a separate parameter to the polling process 4) *rancid script that knows to switch to the correct context 5) some small patches to allow the filename to be different from the hostname All of that is not standard, but the problem I see now is that rancid blitzes the firewall with dozens of concurrent connections, as these "different" devices are all polled together. It occurred to me that anyone with a terminal server, or some other proxy would see similar issues though, so maybe there's already a solution for it. My current plan is to randomize the order of the hosts during control_rancid passes, so at least it's not deterministic which ones will fail 3 times, and I get a fairly recent backup of everything. Has anyone else run across similar issues and found a more elegant solution? Thanks, Howard From heas at shrubbery.net Mon Feb 26 18:21:24 2018 From: heas at shrubbery.net (heasley) Date: Mon, 26 Feb 2018 18:21:24 +0000 Subject: [rancid] Rate-limiting connections through one host? In-Reply-To: References: Message-ID: <20180226182123.GF71977@shrubbery.net> Mon, Feb 26, 2018 at 11:30:36AM +0000, Howard Jones: > I have a slightly unusual RANCID problem - we have some multi-context > Cisco ASAs, where for convenience, each context is backed up as a > separate 'host'. To do that: > > 1) hostnames are firewallname[contextname] > 2) removed some 'force lower case stuff' because our context names are > capitalised > 3) Pass the [contextname] bit as a separate parameter to the polling process > 4) *rancid script that knows to switch to the correct context > 5) some small patches to allow the filename to be different from the hostname > > All of that is not standard, but the problem I see now is that rancid > blitzes the firewall with dozens of concurrent connections, as these > "different" devices are all polled together. It occurred to me that > anyone with a terminal server, or some other proxy would see similar > issues though, so maybe there's already a solution for it. > > My current plan is to randomize the order of the hosts during > control_rancid passes, so at least it's not deterministic which ones > will fail 3 times, and I get a fairly recent backup of everything. > > Has anyone else run across similar issues and found a more elegant solution? reduce the number of concurrent connections in /rancid.conf. From howie at thingy.com Mon Feb 26 20:55:05 2018 From: howie at thingy.com (Howard Jones) Date: Mon, 26 Feb 2018 20:55:05 +0000 Subject: [rancid] Rate-limiting connections through one host? In-Reply-To: <20180226182123.GF71977@shrubbery.net> References: <20180226182123.GF71977@shrubbery.net> Message-ID: <411327ee-bb3d-9c2d-e571-71b2b2ed1eab@thingy.com> On 26/02/2018 18:21, heasley wrote: > > reduce the number of concurrent connections in /rancid.conf. Thanks! I didn't know /rancid.conf was a thing! From heas at shrubbery.net Mon Feb 26 22:08:15 2018 From: heas at shrubbery.net (heasley) Date: Mon, 26 Feb 2018 22:08:15 +0000 Subject: [rancid] Rate-limiting connections through one host? In-Reply-To: <411327ee-bb3d-9c2d-e571-71b2b2ed1eab@thingy.com> References: <20180226182123.GF71977@shrubbery.net> <411327ee-bb3d-9c2d-e571-71b2b2ed1eab@thingy.com> Message-ID: <20180226220815.GG77017@shrubbery.net> Mon, Feb 26, 2018 at 08:55:05PM +0000, Howard Jones: > On 26/02/2018 18:21, heasley wrote: > > > > reduce the number of concurrent connections in /rancid.conf. > > Thanks! I didn't know /rancid.conf was a thing! it is in 3.something. see the change log.