<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3132" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>I have been on vacation for the last&nbsp;couple 
of&nbsp;weeks or I would have posted this sooner and possibly saved some of you 
a bit of effort.&nbsp;</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>It sounds like&nbsp;Lance and Sam&nbsp;have put together a 
working f5rancid with&nbsp;basic functionality which Sam posted last 
night.&nbsp; I have attached my f5rancid which I have been running for a 
few&nbsp;months. &nbsp;Installation instructions are included as comments in the 
file.&nbsp; This version uses clogin so that a separate f5login script is not 
required.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN><SPAN class=308284916-17072007><FONT 
face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>This version&nbsp;formats and processes the output to make 
it more usable.&nbsp;&nbsp;As far as what is captured, I based this on the F5 
equivalent of a tech out.&nbsp;&nbsp;It grabs a copy of all the configuration 
files, hardware configuration and software version as well as the timestamps and 
file sizes for SSL certs hosted on the device.&nbsp; This facilitates rebuilding 
from scratch as quickly as possible if this is ever needed.</FONT>&nbsp;<FONT 
face=Arial color=#0000ff size=2>&nbsp;</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN><SPAN class=308284916-17072007><FONT 
face=Arial color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>I was able to resolve the&nbsp;bug I mentioned yesterday by 
increasing the clogin timeout.&nbsp; On&nbsp;a small number of&nbsp;devices it 
failed to process the last few commands when running from cron but always worked 
properly from the command line on all devices [making it difficult to track 
down].&nbsp;&nbsp; I mention this because it may be an appropriate fix for other 
intermittent problems sometimes discussed on this list.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>Any feedback is appreciated.&nbsp; I hope to get f5 support 
added to future releases of rancid.&nbsp; </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>Thanks,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2>Mike</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=308284916-17072007><FONT face=Arial 
color=#0000ff size=2></FONT></SPAN>&nbsp;</DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Sam Munzani [mailto:sam@munzani.com] 
<BR><B>Sent:</B> Monday, July 16, 2007 7:49 PM<BR><B>To:</B> Lance<BR><B>Cc:</B> 
Mike Ashcraft; rancid-discuss@shrubbery.net<BR><B>Subject:</B> Re: [rancid] Re: 
F5 load balancer support<BR></FONT><BR></DIV>
<DIV></DIV>Lance,<BR><BR>Thanks a lot for all your help. Pretty much you did all 
the work while I watched what you are doing :-)..<BR><BR>Attached are cleaned up 
files. In f5rancid file, I have left some basic functions(non platform specific) 
just in case we expand this script to do a lot more than just "b list" output. 
In rancid-fe, we defined a new device type "f5", f5login was copied from clogin 
and remarked some "term length" statements we don't need on F5.<BR><BR>All 3 
files are attached and working great. Please be aware, we are not parsing 
anything at all. All its doing is basic function of running "b list" command and 
capturing its output. As I expand more on this, I will be sure to share with the 
audience here.<BR><BR>Again, thanks a lot for all your help 
today.<BR><BR>Regards,<BR>Sam<BR>
<BLOCKQUOTE 
cite=mid:20070716173200.8e114e4890519e5179c192e02d6bca26.b34fb90ffd.wbe@email.secureserver.net 
type="cite"><PRE wrap="">I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.

Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.

-lance

  </PRE>
  <BLOCKQUOTE type="cite"><PRE wrap="">-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <A class=moz-txt-link-rfc2396E href="mailto:mashcraft@omniture.com">&lt;mashcraft@omniture.com&gt;</A>
Date: Mon, July 16, 2007 11:48 am
To: <A class=moz-txt-link-rfc2396E href="mailto:sam@munzani.com">&lt;sam@munzani.com&gt;</A>
Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A>

Sam,
 
I have a working f5rancid that I have been using for a number of months
now.   I have one minor bug related to tracking installed SSL certs
which you probably don't care about.  Other than that, it works great.
 
I did encounter and solve all the problems you have been discussing on
the list.
 
Let me know if you are interested in trying what I have.  I have tested
it with Big-IP 9.1.2.  
 
Mike

________________________________

From: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</A>
[<A class=moz-txt-link-freetext href="mailto:rancid-discuss-bounces@shrubbery.net">mailto:rancid-discuss-bounces@shrubbery.net</A>] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: <A class=moz-txt-link-abbreviated href="mailto:smunzani@comcast.net">smunzani@comcast.net</A>
Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A>
Subject: [rancid] Re: F5 load balancer support


BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam


        David,
        
        Thanks a lot for the tip. This worked well. Now f5login goes
much more 
        cleaner and the "root" doesn't set sent again. I still have
other issues 
        where rancid-run is backing up config properly but I am still 
        troubleshooting it.
        
        Now here is a question. What does "bldshgalsjd" mean and how
does it do 
        this miracle?
        
        Thanks,
        Sam
          

                Thanks for this tip, turns out that this is also the
reason the
                username gets entered at a prompt on the cisco IPS
devices. Since it's
                using SSH and therefore doesn't need a username prompt,
solution was
                to simply add in .cloginrc:
                
                add userprompt ids* bldshgalsjd  (&lt;- something that
won't get sent 
                during login)
                
                Regards,
                
                David
                
                On 14/07/07, Lance <A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net">&lt;rancid@gheek.net&gt;</A>
<A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</A>  wrote:
                    

                        Sam,
                        
                        Have you tried using telnet to login, if the f5
has it enabled.
                        You may also want to set auto enable in your
.cloginrc for this device
                        as it looks to clogin as you are already in a
cisco equivalent equal to
                        enable since your prompt has a # sign in it.
                        
                        Looking at your next email along with this one
it looks like you are
                        already in a cisco equivalent of enable after
you login. f5login seems
                        to be sending your username of root as a command
after you get connected
                        because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
                        172.24.100.12" and it matches on the word
"Login". See below.
                        
                        "(Username|Login|login|user name):"? yes
                        
                        expect: set expect_out(0,string) "login:"
                        
                        expect: set expect_out(1,string) "login"
                        
                        expect: set expect_out(spawn_id) "exp4"
                        
                        expect: set expect_out(buffer) " \r\nLast
login:"
                        
                        send: sending "root\r" to { exp4 }
                        
                        expect: continuing expect
                        
                        You are just using a Cisco login/parsing script
so it expects prompts
                        from a Cisco device and in this case you have a
*nix SSH banner that
                        gets interrupted. I know you can use RANCID to
backup *nix systems. So
                        it knows how to understand connecting to a *nix
system. You might want
                        to try this email thread which asks about
backing up Linux conifgs.
        
<A class=moz-txt-link-rfc2396E href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html">"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"</A>
<A class=moz-txt-link-rfc2396E href="http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html">&lt;http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml&gt;</A>  
                        
                        Or you could modify the existing f5login like
so.
                        
                        I think you have to use the carrot before the ()
to work. I haven't
                        checked this as I am at home and not on a UNIX
system right now. Sorry
                        to lazy to check it out right now. You might
want to uncomment the line
                        below 3. and comment out the line below 2. and
see if that works. This
                        is the only point in the code that I see it look
for login in any line.
                        If that doesn't work send me back the debug and
I will see what I can
                        do. I am sure some people that use expect more
often then I can probably
                        quickly tell you what to use as syntax there.
                        
                        # Figure out prompts
                           set u_prompt [find userprompt $router
                        if { "$u_prompt" == "" } {
                               #1. ORIGINAL
                               #set u_prompt
"^(Username|Login|login|user name):"
                               #2. Modified to read for a line beginning
with 
                        Username,Login,login, or
                        user name.
                               set u_prompt "^(Username|Login|login|user
name):"
                               #3. Modified to read for a line beginning
with Login or login. 
                        but I
                        may be wrong
                               #set u_prompt
"^(Username|^Login|^login|user name):"
                           } else {
                               set u_prompt [join [lindex $u_prompt 0]
""]
                        
                        
                        Let me know if this works for you.
                        
                        -Lance
                        
                              

                                -------- Original Message --------
                                Subject: Re: [rancid]  F5 load balancer
support
                                From: Sam Munzani <A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net">&lt;smunzani@comcast.net&gt;</A>
<A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</A> 
                                Date: Fri, July 13, 2007 2:30 pm
                                To: Lance <A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net">&lt;rancid@gheek.net&gt;</A>
<A class=moz-txt-link-rfc2396E href="mailto:rancid@gheek.net">&lt;mailto:rancid@gheek.net&gt;</A> 
                                Cc: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A>
                                
                                Lance,
                                
                                F5 login works fine with a minor error.
                                
                                $ f5login test-f5-01
                                test-f5-01
                                spawn ssh -c 3des -x -l root test-f5-01
                                Password:
                                Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
                                root
                                [root@test-f5-01:Active] config # root
                                -bash: root: command not found
                                [root@test-f5-01:Active] config #
                                [root@test-f5-01:Active] config #
                                [root@test-f5-01:Active] config #
                                
                                I don't know how to debug otherwise I
would turn on debug too. If you
                                can provide some hints on debug, I would
appreciate it.
                                
                                Thanks,
                                Sam
                                        

                                What error(s) do you get when you try to
run your f5rancid?
                                
                                Where does it fail if you debug your
f5login?
                                
                                
                                -lance
                                
                                
                                          

                                -------- Original Message --------
                                Subject: [rancid]  F5 load balancer
support
                                From: Sam Munzani <A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net">&lt;smunzani@comcast.net&gt;</A>
<A class=moz-txt-link-rfc2396E href="mailto:smunzani@comcast.net">&lt;mailto:smunzani@comcast.net&gt;</A> 
                                Date: Fri, July 13, 2007 12:45 pm
                                To: <A class=moz-txt-link-abbreviated href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</A>
                                
                                Hi,
                                
                                Did anybody happened to hack one of
Cisco scripts to support 
                                            

                        BigIP F5
                              

                                boxes? It should be pretty simple. All I
want to do is login and
                                            

                                type "b
                                        

                                list" which is equivalent of "show run"
on cisco.
                                
                                However for some reason things not
working. All I did was copied
                                            

                                clogin
                                        

                                to f5login, copied rancid to f5rancid
and added following to
                                            

                                rancid-fe.
                                        

                                elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid', 
                                            

                        $router); }
                              

                                Then modified f5 rancid file and kept
only one command in list of
                                commands "b list".
                                
                                For some reason its not working. I can
post my configs here if
                                            

                                somebody
                                        

                                like to see them.
                                
                                Thanks,
                                Sam
        
_______________________________________________
                                Rancid-discuss mailing list
                                <A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
        
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
                                
                                            

                                
                                          

                        _______________________________________________
                        Rancid-discuss mailing list
                        <A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
        
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
                        
                              

        
        _______________________________________________
        Rancid-discuss mailing list
        <A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
        <A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>&lt;hr&gt;_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>
    </PRE></BLOCKQUOTE><PRE wrap=""><!---->
_______________________________________________
Rancid-discuss mailing list
<A class=moz-txt-link-abbreviated href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</A>
<A class=moz-txt-link-freetext href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</A>

  </PRE></BLOCKQUOTE><BR></BODY></HTML>