<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Mike,<br>
<br>
I am curious how did you get around using clogin without any changes.
Lance and I ran in to "term length" command issue. clogin was trying to
run that command on f5 which set errors and F5 never declared it a
clean run until we remarked out "term length" line. That's why we
thought having a separate f5login was good idea to filter out cisco
specific login routines :-)<br>
<br>
BTW, your script is working great and I have started using it. Your
script do a little more than "b list" I had. Specially "cat
bigip_base.conf" which is needed to rebuild the box.<br>
<br>
Thanks,<br>
Sam<br>
<blockquote
 cite="mid:45EB285310B55542A513F93230F0A5330115DBAD@EXCHANGE0.orm.omniture.com"
 type="cite">
  <pre wrap="">Lance,

Thanks for the feedback.

"b list" and "cat bigip.conf" are equivalent with the exception that b
list may reflect changes made in the cli that are not saved and will be
lost on reboot.  Changes made using the web configuration tool are
automatically saved.  "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights.  This
file has the software configuration.  

The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.  

One could debate whether the f5rancid script should get the saved
configuration files or the running config or both.  For cisco devices,
rancid obtains both.  I'll look at adding both.

Mike

-----Original Message-----
From: Lance [<a class="moz-txt-link-freetext" href="mailto:rancid@gheek.net">mailto:rancid@gheek.net</a>] 
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Cc: <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>; <a class="moz-txt-link-abbreviated" href="mailto:sam@munzani.com">sam@munzani.com</a>
Subject: RE: [rancid] Re: F5 load balancer support

Mike,

Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".

-Lance

  </pre>
  <blockquote type="cite">
    <pre wrap="">-------- Original Message --------
Subject: RE: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <a class="moz-txt-link-rfc2396E" href="mailto:mashcraft@omniture.com">&lt;mashcraft@omniture.com&gt;</a>
Date: Tue, July 17, 2007 10:49 am
To: <a class="moz-txt-link-rfc2396E" href="mailto:sam@munzani.com">&lt;sam@munzani.com&gt;</a>,  "Lance" <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;rancid@gheek.net&gt;</a>
Cc: <a class="moz-txt-link-rfc2396E" href="mailto:rancid-discuss@shrubbery.net">&lt;rancid-discuss@shrubbery.net&gt;</a>

I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort. 
 
It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night.  I have attached my
f5rancid which I have been running for a few months.  Installation
instructions are included as comments in the file.  This version uses
clogin so that a separate f5login script is not required.
 
This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a
    </pre>
  </blockquote>
  <pre wrap=""><!---->tech
  </pre>
  <blockquote type="cite">
    <pre wrap="">out.  It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device.  This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.  
 
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout.  On a small number of devices it failed to process the
last few commands when running from cron but always worked properly
    </pre>
  </blockquote>
  <pre wrap=""><!---->from
  </pre>
  <blockquote type="cite">
    <pre wrap="">the command line on all devices [making it difficult to track down].
    </pre>
  </blockquote>
  <pre wrap=""><!---->I
  </pre>
  <blockquote type="cite">
    <pre wrap="">mention this because it may be an appropriate fix for other
    </pre>
  </blockquote>
  <pre wrap=""><!---->intermittent
  </pre>
  <blockquote type="cite">
    <pre wrap="">problems sometimes discussed on this list.
 
Any feedback is appreciated.  I hope to get f5 support added to future
releases of rancid.  
 
Thanks,
 
Mike
 
 

________________________________

From: Sam Munzani [<a class="moz-txt-link-freetext" href="mailto:sam@munzani.com">mailto:sam@munzani.com</a>] 
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>
Subject: Re: [rancid] Re: F5 load balancer support


Lance,

Thanks a lot for all your help. Pretty much you did all the work while
    </pre>
  </blockquote>
  <pre wrap=""><!---->I
  </pre>
  <blockquote type="cite">
    <pre wrap="">watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have left some
    </pre>
  </blockquote>
  <pre wrap=""><!---->basic
  </pre>
  <blockquote type="cite">
    <pre wrap="">functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a
    </pre>
  </blockquote>
  <pre wrap=""><!---->new
  </pre>
  <blockquote type="cite">
    <pre wrap="">device type "f5", f5login was copied from clogin and remarked some
    </pre>
  </blockquote>
  <pre wrap=""><!---->"term
  </pre>
  <blockquote type="cite">
    <pre wrap="">length" statements we don't need on F5.

All 3 files are attached and working great. Please be aware, we are
    </pre>
  </blockquote>
  <pre wrap=""><!---->not
  </pre>
  <blockquote type="cite">
    <pre wrap="">parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I
    </pre>
  </blockquote>
  <pre wrap=""><!---->will
  </pre>
  <blockquote type="cite">
    <pre wrap="">be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam


        I have helped Sam get a working f5rancid which requires a
f5login (only
        because it doesn't recognize the prompt with a space and exit,
unless
        you enter a return before the exit). He is cleaning up all the
unused
        functions and will post it.
        
        Once John H. sends out his script I will look at it and see how
it
        differs from the one I did with Sam. I will even help Sam get it
working
        for his setup. We will let you know when it is all working.
        
        -lance
        
          

                -------- Original Message --------
                Subject: [rancid] Re: F5 load balancer support
                From: "Mike Ashcraft" <a class="moz-txt-link-rfc2396E" href="mailto:mashcraft@omniture.com">&lt;mashcraft@omniture.com&gt;</a>
<a class="moz-txt-link-rfc2396E" href="mailto:mashcraft@omniture.com">&lt;mailto:mashcraft@omniture.com&gt;</a> 
                Date: Mon, July 16, 2007 11:48 am
                To: <a class="moz-txt-link-rfc2396E" href="mailto:sam@munzani.com">&lt;sam@munzani.com&gt;</a> <a class="moz-txt-link-rfc2396E" href="mailto:sam@munzani.com">&lt;mailto:sam@munzani.com&gt;</a> 
                Cc: <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>
                
                Sam,
                 
                I have a working f5rancid that I have been using for a
number of months
                now.   I have one minor bug related to tracking
installed SSL certs
                which you probably don't care about.  Other than that,
it works great.
                 
                I did encounter and solve all the problems you have been
discussing on
                the list.
                 
                Let me know if you are interested in trying what I have.
I have tested
                it with Big-IP 9.1.2.  
                 
                Mike
                
                ________________________________
                
                From: <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a>
                [<a class="moz-txt-link-freetext" href="mailto:rancid-discuss-bounces@shrubbery.net">mailto:rancid-discuss-bounces@shrubbery.net</a>] On Behalf
Of Sam Munzani
                Sent: Monday, July 16, 2007 10:58 AM
                To: <a class="moz-txt-link-abbreviated" href="mailto:smunzani@comcast.net">smunzani@comcast.net</a>
                Cc: <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>
                Subject: [rancid] Re: F5 load balancer support
                
                
                BTW, this is what I see in the log when I do rancid-run
now. That means
                the f5rancid file(hacked copy of rancid) is still
missing something.
                
                more nfl.20070716.114842
                starting: Mon Jul 16 11:48:42 CDT 2007
                
                
                
                Trying to get all of the configs.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 1.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 2.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 3.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 4.
                test-f5-01: End of run not found
                -bash: write: command not found
                
                cvs diff: Diffing .
                cvs diff: Diffing configs
                nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007
                
                
                
                Trying to get all of the configs.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 1.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 2.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 3.
                test-f5-01: End of run not found
                -bash: write: command not found
                =====================================
                Getting missed routers: round 4.
                test-f5-01: End of run not found
                -bash: write: command not found
                
                cvs diff: Diffing .
                cvs diff: Diffing configs
                cvs diff: cannot find configs/test-f5-01
                cvs commit: Examining .
                cvs commit: Examining configs
                cvs commit: Up-to-date check failed for
`configs/test-f5-01'
                cvs [commit aborted]: correct above errors first!
                ls: test-f5-01: No such file or directory
                
                ending: Mon Jul 16 11:49:41 CDT 2007
                
                Thanks,
                Sam
                
                
                        David,
                        
                        Thanks a lot for the tip. This worked well. Now
f5login goes
                much more 
                        cleaner and the "root" doesn't set sent again. I
still have
                other issues 
                        where rancid-run is backing up config properly
but I am still 
                        troubleshooting it.
                        
                        Now here is a question. What does "bldshgalsjd"
mean and how
                does it do 
                        this miracle?
                        
                        Thanks,
                        Sam
                          
                
                                Thanks for this tip, turns out that this
is also the
                reason the
                                username gets entered at a prompt on the
cisco IPS
                devices. Since it's
                                using SSH and therefore doesn't need a
username prompt,
                solution was
                                to simply add in .cloginrc:
                                
                                add userprompt ids* bldshgalsjd  (&lt;-
something that
                won't get sent 
                                during login)
                                
                                Regards,
                                
                                David
                                
                                On 14/07/07, Lance <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;rancid@gheek.net&gt;</a>
<a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</a> 
                <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</a> <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</a>
wrote:
                                    
                
                                        Sam,
                                        
                                        Have you tried using telnet to
login, if the f5
                has it enabled.
                                        You may also want to set auto
enable in your
                .cloginrc for this device
                                        as it looks to clogin as you are
already in a
                cisco equivalent equal to
                                        enable since your prompt has a #
sign in it.
                                        
                                        Looking at your next email along
with this one
                it looks like you are
                                        already in a cisco equivalent of
enable after
                you login. f5login seems
                                        to be sending your username of
root as a command
                after you get connected
                                        because it sees this line "Last
login: Fri Jul
                13 14:38:03 2007 from
                                        172.24.100.12" and it matches on
the word
                "Login". See below.
                                        
                                        "(Username|Login|login|user
name):"? yes
                                        
                                        expect: set expect_out(0,string)
"login:"
                                        
                                        expect: set expect_out(1,string)
"login"
                                        
                                        expect: set expect_out(spawn_id)
"exp4"
                                        
                                        expect: set expect_out(buffer) "
\r\nLast
                login:"
                                        
                                        send: sending "root\r" to { exp4
}
                                        
                                        expect: continuing expect
                                        
                                        You are just using a Cisco
login/parsing script
                so it expects prompts
                                        from a Cisco device and in this
case you have a
                *nix SSH banner that
                                        gets interrupted. I know you can
use RANCID to
                backup *nix systems. So
                                        it knows how to understand
connecting to a *nix
                system. You might want
                                        to try this email thread which
asks about
                backing up Linux conifgs.
                        
                

    </pre>
  </blockquote>
  <pre wrap=""><!---->"<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht">http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht</a>
  </pre>
  <blockquote type="cite">
    <pre wrap="">                ml"

    </pre>
  </blockquote>
  <pre wrap=""><!---->&lt;<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht">http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht</a>
  </pre>
  <blockquote type="cite">
    <pre wrap="">ml&gt; 
                

    </pre>
  </blockquote>
  <pre wrap=""><!---->&lt;<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht">http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht</a>
  </pre>
  <blockquote type="cite">
    <pre wrap="">                ml&gt;

    </pre>
  </blockquote>
  <pre wrap=""><!---->&lt;<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht">http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht</a>
  </pre>
  <blockquote type="cite">
    <pre wrap="">ml&gt;   
                                        
                                        Or you could modify the existing
f5login like
                so.
                                        
                                        I think you have to use the
carrot before the ()
                to work. I haven't
                                        checked this as I am at home and
not on a UNIX
                system right now. Sorry
                                        to lazy to check it out right
now. You might
                want to uncomment the line
                                        below 3. and comment out the
line below 2. and
                see if that works. This
                                        is the only point in the code
that I see it look
                for login in any line.
                                        If that doesn't work send me
back the debug and
                I will see what I can
                                        do. I am sure some people that
use expect more
                often then I can probably
                                        quickly tell you what to use as
syntax there.
                                        
                                        # Figure out prompts
                                           set u_prompt [find userprompt
$router
                                        if { "$u_prompt" == "" } {
                                               #1. ORIGINAL
                                               #set u_prompt
                "^(Username|Login|login|user name):"
                                               #2. Modified to read for
a line beginning
                with 
                                        Username,Login,login, or
                                        user name.
                                               set u_prompt
"^(Username|Login|login|user
                name):"
                                               #3. Modified to read for
a line beginning
                with Login or login. 
                                        but I
                                        may be wrong
                                               #set u_prompt
                "^(Username|^Login|^login|user name):"
                                           } else {
                                               set u_prompt [join
[lindex $u_prompt 0]
                ""]
                                        
                                        
                                        Let me know if this works for
you.
                                        
                                        -Lance
                                        
                                              
                
                                                -------- Original
Message --------
                                                Subject: Re: [rancid]
F5 load balancer
                support
                                                From: Sam Munzani 
<a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;smunzani@comcast.net&gt;</a> <a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</a> 
                <a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</a>
<a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</a>  
                                                Date: Fri, July 13, 2007
2:30 pm
                                                To: Lance 
<a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;rancid@gheek.net&gt;</a> <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</a> 
                <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</a> <a class="moz-txt-link-rfc2396E" href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</a>  
                                                Cc: 
<a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>
                                                
                                                Lance,
                                                
                                                F5 login works fine with
a minor error.
                                                
                                                $ f5login test-f5-01
                                                test-f5-01
                                                spawn ssh -c 3des -x -l
root test-f5-01
                                                Password:
                                                Last login: Fri Jul 13
14:26:28 2007
                from 172.24.100.12
                                                root
                                                [root@test-f5-01:Active]
config # root
                                                -bash: root: command not
found
                                                [root@test-f5-01:Active]
config #
                                                [root@test-f5-01:Active]
config #
                                                [root@test-f5-01:Active]
config #
                                                
                                                I don't know how to
debug otherwise I
                would turn on debug too. If you
                                                can provide some hints
on debug, I would
                appreciate it.
                                                
                                                Thanks,
                                                Sam
                                                        
                
                                                What error(s) do you get
when you try to
                run your f5rancid?
                                                
                                                Where does it fail if
you debug your
                f5login?
                                                
                                                
                                                -lance
                                                
                                                
                                                          
                
                                                -------- Original
Message --------
                                                Subject: [rancid]  F5
load balancer
                support
                                                From: Sam Munzani 
<a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;smunzani@comcast.net&gt;</a> <a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</a> 
                <a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</a>
<a class="moz-txt-link-rfc2396E" href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</a>  
                                                Date: Fri, July 13, 2007
12:45 pm
                                                To: 
<a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>
                                                
                                                Hi,
                                                
                                                Did anybody happened to
hack one of
                Cisco scripts to support 
                                                            
                
                                        BigIP F5
                                              
                
                                                boxes? It should be
pretty simple. All I
                want to do is login and
                                                            
                
                                                type "b
                                                        
                
                                                list" which is
equivalent of "show run"
                on cisco.
                                                
                                                However for some reason
things not
                working. All I did was copied
                                                            
                
                                                clogin
                                                        
                
                                                to f5login, copied
rancid to f5rancid
                and added following to
                                                            
                
                                                rancid-fe.
                                                        
                
                                                elsif ($vendor =~
/^f5$/i)
                { exec('f5rancid', 
                                                            
                
                                        $router); }
                                              
                
                                                Then modified f5 rancid
file and kept
                only one command in list of
                                                commands "b list".
                                                
                                                For some reason its not
working. I can
                post my configs here if
                                                            
                
                                                somebody
                                                        
                
                                                like to see them.
                                                
                                                Thanks,
                                                Sam
                        
                _______________________________________________
                                                Rancid-discuss mailing
list
                                                
<a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
                        
                
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
                                                
                                                            
                
                                                
                                                          
                
        
_______________________________________________
                                        Rancid-discuss mailing list
                                        <a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
                        
                
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
                                        
                                              
                
                        
                        _______________________________________________
                        Rancid-discuss mailing list
                        <a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
                        

    </pre>
  </blockquote>
  <pre wrap=""><!----><a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>&lt;hr&gt;________
  </pre>
  <blockquote type="cite">
    <pre wrap="">_______________________________________
                Rancid-discuss mailing list
                <a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
                
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
                    

        
        _______________________________________________
        Rancid-discuss mailing list
        <a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
        <a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
    </pre>
  </blockquote>
  <pre wrap=""><!---->
_______________________________________________
Rancid-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>

  </pre>
</blockquote>
<br>
</body>
</html>