Re: [rancid] Support for Ciena

2017-11-22 Thread heasley
Wed, Nov 22, 2017 at 09:43:43PM +, Will Lampen:
> I have several different models of ciena switches and wanted to know if there 
> is some official support of someone has created the scripting to support this 
> Vendor.

ciena waveserver support is in 3.7.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Issue with custom ports

2017-12-15 Thread heasley
Fri, Dec 15, 2017 at 03:45:54PM +, Craig Hopkins:
> Hi,
> 
> I've tried adding
> 
> add method HOST {ssh:60022}
> 
> to my config, but it's still connecting to HOST on port 22. Is there
> something special to this flag?
> 
> Running rancid 3.6.2

which device type?  does clogin -m HOST display the method you expect?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] DELL PowerConnect 70xx Watts Status

2017-12-05 Thread heasley
Mon, Dec 04, 2017 at 01:52:20PM -0500, Gerhard Mourani:
> Hello,
> 
> Sorry for the delay, here the output, thanks.
> 
> EliteStack7024#show system
> 
> System Description: Dell Ethernet Switch
> System Up Time: 60 days, 06h:26m:08s
> System Contact: x...@xxx.xx
> System Name: EliteStack7024
> System Location: 
> Burned In MAC Address: ..
> System Object ID: 1.3.6.1.4.1.674.10895.3035
> System Model ID: PCT7048
> Machine Type: PowerConnect 7048
> Temperature Sensors:
> 
> Unit Description   TemperatureStatus
> (Celsius)
>  ---   -----
> 1MAC   31 Good
> 1PHY   29 Good
> 2MAC   30 Good
> 2PHY   28 Good
> 3MAC   32 Good
> 3PHY   26 Good
> 
> Fans:
> --More-- or (q)uit
> 
> Unit DescriptionStatus
>  -----
>  1   Fan 1  OK
>  1   Fan 2  OK
>  1   Fan 3  OK
>  2   Fan 1  OK
>  2   Fan 2  OK
>  2   Fan 3  OK
>  3   Fan 1  OK
>  3   Fan 2  OK
>  3   Fan 3  OK
> 
> Power Supplies:
> 
> Unit  DescriptionStatus Average Current  Since
>  Power   Power Date/Time
> (Watts) (Watts)
>   ---  ---  --    ---
> 1 System   OK1.465.2
> 1 Internal OK   N/A N/A   10/05/2017 20:18:35
> 1 RedundantNo Power
> 2 System   OK0.267.0
> --More-- or (q)uit
> 2 Internal OK   N/A N/A   10/05/2017 20:18:35
> 2 RedundantNo Power
> 3 System   OK0.770.6
> 3 Internal OK   N/A N/A   10/05/2017 20:18:23
> 3 RedundantNo Power
> 
> USB Port Power Status:
> --
> Device Not Present

Does this patch work properly in production?

Index: bin/srancid.in
===
--- bin/srancid.in  (revision 3734)
+++ bin/srancid.in  (working copy)
@@ -151,6 +151,35 @@
}
}
 
+   # filter power rates and tmestamps from 7024 power supply info
+   # Power Supplies:
+   #  
+   # Unit  DescriptionStatus Average Current  Since
+   #  Power   Power Date/Time
+   # (Watts) (Watts)
+   #   ---  ---  --    
---
+   # 1 System   OK1.465.2
+   # 1 Internal OK   N/A N/A   10/05/2017 
20:18:35
+   if (/power supplies/i) {
+   ProcessHistory("COMMENTS","keysort","C1",
+   "! Unit\tDescription\tStatus\n");
+   ProcessHistory("COMMENTS","keysort","C1",
+   "! \t---\t--\n");
+   while () {
+   s/^\s+\015//g;
+   tr/\015//d;
+   /^(unit\s|--+\s|\s)/i && next;
+   if (/(\d+)\s+(\w+)\s+(\w+(\s\w+)?)\s/) {
+   if (length($2) >= 8) {
+   ProcessHistory("COMMENTS","keysort","C1","! 
$1\t$2\t$3\n");
+   } else {
+   ProcessHistory("COMMENTS","keysort","C1","! 
$1\t$2\t\t$3\n");
+   }
+   }
+   /^\s*$/ && last;
+   }
+   }
+
/system description: (.*)/i &&
ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $1\n") &&
next;

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Logging in with ssh keys vs username passwords

2017-12-05 Thread heasley
Tue, Dec 05, 2017 at 10:50:54PM +, Remsik,Robert:
> Hello!
> 
> 
> I've got a couple network devices that support either username/password OR 
> sshkeys, but not both, for management access.  Is there a way to have rancid 
> use an ssh key in the .clogit file or another way to
> 
> 
> I'm trying to setup sshing into network devices via ssh keys (bypassing 
> username/passwords) and I'm not coming up with anything.  Is this possible?
> 

yes, see cloginrc(5).

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] rancid 3.7 and HP 1910-8G - can't get rancid to work with that router

2017-12-11 Thread heasley
Mon, Dec 11, 2017 at 02:51:27PM +, Eichhorn, Thomas:
> Hello,
> 
> I'm new to rancid and don't know, how to solve my problem. Maybe someone can 
> help me.
> 
> I did setup rancid 3.7. Everything works quite well so far except for some 
> routers.
> 
> We've got a HP 1910-8G and I can't find a way to get rancid to work probably 
> with that router type.
> 
> If router type is set to 'hp', rancid-run won't end his run and runs forever 
> without any configs get backed up.

HP OEMs a lot of their network hardware; so while badged hp, its not one
to rancid due to the o/s.  look at rancid.types.base; there are a number
of comments there about HP devices and the rancid types that are known to
work with them.

> I've found some scripts ('h3clogin'; 'h3crancid') on another server in our 
> network. rancid-run ends correctly with this script but throws some errors:
> defined(%hash) is deprecated at /usr/local/rancid/bin/h3crancid line 121.
> (Maybe you should just omit the defined()?)
> defined(%hash) is deprecated at /usr/local/rancid/bin/h3crancid line 121.
> (Maybe you should just omit the defined()?)
> defined(%hash) is deprecated at /usr/local/rancid/bin/h3crancid line 121.
> (Maybe you should just omit the defined()?)
> defined(%hash) is deprecated at /usr/local/rancid/bin/h3crancid line 121.
> (Maybe you should just omit the defined()?)
> defined(%hash) is deprecated at /usr/local/rancid/bin/h3crancid line 121.
> (Maybe you should just omit the defined()?)
> lnb-o2a: End of run not found
>  % Unrecognized command found at '^' position.
> defined(%hash) is deprecated at /usr/local/rancid/bin/h3crancid line 121.
> (Maybe you should just omit the defined()?)
> lnb-o2b: End of run not found
>  % Unrecognized command found at '^' position.
> lnb-o3a: End of run not found
>  % Unrecognized command found at '^' position.
> lnb-o1a: End of run not found
>  % Unrecognized command found at '^' position.
> lnb-o1b: End of run not found
>  % Unrecognized command found at '^' position.
> lnb-o3b: End of run not found
>  % Unrecognized command found at '^' position.
> 
> Now I don't know what to do. Any suggestions?

h3crancid is a 3rdparty module.  Those errors imply to me that some command
required by that module are not implemented by the device.

the errors before that appear to be programming errors, likely grammar
that was permissible in a previous version of perl.

Grüße

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-05-04 Thread heasley
Thu, May 03, 2018 at 06:39:55PM +0100, Howard Jones:
> Aha, thanks! That's much neater than my bodge (make an f5login and
> remove the conditional for send quit/exit).
> 
> For anyone else, heasley's clogin patch above, plus this new type got me 
> going:

great.  i'll commit it if i dont find any issues with it locally.

> bigip13;script;rancid -t bigip13
> bigip13;login;clogin
> bigip13;module;bigip
> bigip13;inloop;bigip::inloop
> bigip13;command;rancid::RunCommand;modify cli preference pager
> disabled display-threshold 0
> bigip13;command;bigip::ShowVersion;show sys version
> bigip13;command;bigip::ShowHardware;show sys hardware
> bigip13;command;bigip::ShowLicense;show sys license
> bigip13;command;bigip::ShowRouteStatic;show /net route static
> bigip13;command;bigip::WriteTerm;list all-properties recursive

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Cisco CPU goes crazy

2018-05-04 Thread heasley
Fri, May 04, 2018 at 11:00:02AM -0400, Gerhard Mourani:
> How to know which command causes it with rancid ?

try each of the commands rancid uses.

rancid -t cisco -C

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-05-04 Thread heasley
Fri, May 04, 2018 at 07:52:28PM +0100, Howard Jones:
> On 3 May 2018 at 18:39, Howard Jones  wrote:
> > Aha, thanks! That's much neater than my bodge (make an f5login and
> > remove the conditional for send quit/exit).
> >
> > For anyone else, heasley's clogin patch above, plus this new type got me 
> > going:
> >
> > bigip13;script;rancid -t bigip13
> > bigip13;login;clogin
> > bigip13;module;bigip
> > bigip13;inloop;bigip::inloop
> > bigip13;command;rancid::RunCommand;modify cli preference pager disabled 
> > display-threshold 0
> > bigip13;command;bigip::ShowVersion;show sys version
> > bigip13;command;bigip::ShowHardware;show sys hardware
> > bigip13;command;bigip::ShowLicense;show sys license
> > bigip13;command;bigip::ShowRouteStatic;show /net route static
> > bigip13;command;bigip::WriteTerm;list all-properties recursive
> 
> I've just noticed that although if I run `rancid-run -r lb01` I get a
> successful collection, I don't get one during a normal hourly run
> (rancid-run with no params)
> 
> lb01: missed cmd(s): all commands
> lb01: End of run not found
> 
> (and also its buddy lb02) Both cases running as the same `rancid`
> user, which owns the files, so it doesn't appear to be permissions
> related. Every other device is running smoothly.
> 
> Is there some way to either keep the .new file or increase logging
> from rancid-run (like rancid -d)?

no; I've needed this in the past, but I wanted to keep the .raw.

perhaps first try just a cronjob.
. etc/rancid.conf; export NOPIPE=YES; rancid -d -t bigip13 host

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Cisco CPU goes crazy

2018-05-04 Thread heasley
Fri, May 04, 2018 at 09:51:54AM -0400, Gerhard Mourani:
> Hello,
> 
> Rancid version is 3.7 on Linux.
> 
> When Rancid logs on to the Cisco switches listed bellow, the CPU goes crazy 
> for a few seconds which causes some processes like OSPF to converge.

suppose you're hitting a IOS bug.  figure-out which command causes the
high cpu usage and open a ticket with cisco.

> Cisco WS-C4510R+E, cat4500e-universalk9.SPA.03.07.03.E.152-3.E3.bin, 316 ports
> Cisco WS-C4510R+E, cat4500e-universalk9.SPA.03.07.03.E.152-3.E3.bin, 124 ports
> Cisco WS-C4510R+E, cat4500e-universalk9.SPA.03.07.03.E.152-3.E3.bin, 200 ports
> Stack of 2 x Cisco WS-C3850-24P,  
> cat3k_caa-universalk9.SPA.03.06.03.E.152-2.E3.bin, 56 ports
> Stack of 2 x Cisco WS-C3650-24PS, cat3k_caa-universalk9.16.03.05b.SPA.bin, 56 
> ports
> Stack of 3 x Cisco WS-C3850-24P, 
> cat3k_caa-universalk9.SPA.03.07.05.E.152-3.E5.bin, 80 ports
> Stack of 2 x Cisco WS-C3850-48P,  
> cat3k_caa-universalk9.SPA.03.06.03.E.152-2.E3.bin, 104 ports
> 
> Regards,
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Couple of very general questions.

2018-05-17 Thread heasley
Thu, May 17, 2018 at 07:28:28PM +, Chris Davis:
> We are looking at jumping off our current switch platform for a number of 
> annoying reasons and are considering a couple of options for replacement.  I 
> use Rancid pretty heavily and I wondered if I could get some feedback on how 
> Rancid works with those vendors (it seems there's support, but the devil is 
> in the details) from people using the equipment.
> 
> We're looking at Fortinet switches, as we use their firewalls.  I have Rancid 
> well integrated with the firewalls and as I understand it, the switches are 
> downloaded from the firewalls when in linked mode.  Do the switch configs get 
> uploaded to rancid as part of the firewall's configuration backup?  Or do you 
> have to somehow interrogate each switch separately like we do for our current 
> switches?
> 
> The other option we're looking at is Extreme.  I see that it is managed by 
> the standard clogin (according to the Rancid docs) and just wondered if there 
> was anything to be aware of with interfacing to their gear.

I can't comment on fortinet, but the extreme ought to work.  however, it has
been at least a year since I've had feed back about one.

Also, recommend considering juniper and arista.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Rancid and Netgear switches

2018-05-16 Thread heasley
Wed, May 16, 2018 at 05:08:04PM +, o...@leferguson.com:
> > Looks a lot like a Ubiquiti EdgeMAX so presumably Ubiquiti and Netgear are 
> > buying the design from the same place.
> > You're in luck:
> > #  edgemax.pm - Ubiquity ("UBNT") EdgeMAX switch rancid procedures
> > 
> 
> Real close but it uses exit not logout.  exit won't actually log off, it just 
> loops forever.  Doing a site turn-up now so cannot experiment much more until 
> later today or evening.  Not sure if that part is in clogin or the module 
> edgemax.
> 
> Thanks, getting closer. 
> 
> Linwood

i'd added this for f5 v13, perhaps something similar would work for ulogin.

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3786)
+++ bin/clogin.in   (working copy)
@@ -440,6 +440,11 @@
  send -h "exit\r"
  exp_continue;
}
+   -re "^\[^\n\r *]*Use .quit. to end" {
+ # the F5 >=11 uses quit
+ send -h "quit\r"
+ exp_continue;
+   }
"The system has unsaved changes"{ # Force10 SFTOS
  if {$do_saveconfig} {
catch {send "y\r"}

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Cisco SB: Disable AAA-I-CONNECT: User CLI session for user cisco over ssh

2018-06-11 Thread heasley
Mon, Jun 11, 2018 at 01:15:32PM +0100, Alex DEKKER:
> On 11/06/18 12:02, Kevin Olbrich wrote:
> >
> > *How can I disable "AAA-I-CONNECT: User CLI session for user cisco 
> > over ssh..."?*
> > This periodically is printed when rancid receives the configuration, 
> > resulting in a new (useless) commit.
> > This happens 4 -5 times a day.
> 
> This is a limitation/bug of the platform, I reckon. You will also get 
> interface up/down events appearing in commits too. I haven't found 
> anything in 'line' section or in 'terminal' settings to disable logs to 
> terminal [ie specifically off for remote terminals]. 'logging console 
> emergencies' might do it but then it's off for the local terminal too.
> 
> 'copy run tftp://...' would presumably not have this problem.
> 
> alexd

in ios 'term monitor' copies logging to the terminal.  the only sb device
i have does not have this command, nor the problem.  the only logging
config i have is
no log console
logg host  sev deb
make sure you have the first of those.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Support for newer cisco ASA - iOS Version 9.8(2)

2018-06-08 Thread heasley
Thu, Jun 07, 2018 at 11:25:14AM +, Andy D'Arcy Jewell:
> Hi all,
> 
> 
> First time poster here. Apologies if I breach any protocols unintentionally.
> 
> 
> We have a number of ASAs running "Cisco Adaptive Security Appliance Software 
> Version 9.8(2)" which were failing to back up with rancid version 3.5. I 
> upgraded to 3.7, but had the same problem.
> 
> 
> I have worked out, and tested, a solution, and obviously would like to pass 
> it upstream, so that others may benefit.
> 
> 
> It seems that v9.8(2) changes the login banner to include information about 
> recent failed login attempts, and this confounds the expect script, because 
> the login regex matches the new banner line, causing expect to attempt to 
> send the login credentials again, when the device is expecting a valid 
> command (such as "enable").
> 
> 

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3772)
+++ bin/clogin.in   (revision 3773)
@@ -248,6 +248,12 @@
  send_user "\nError: Check your passwd for 
$router\n"
  catch {close}; catch {wait}; return 1
}
+   -nocase -re "last login:"   {
+ exp_continue
+   }
+   -nocase -re "failed login:" {
+ exp_continue
+   }
"Login failed"  {
  send_user "\nError: Check your passwd for 
$router\n"
  catch {close}; catch {wait}; return 1
@@ -267,9 +273,6 @@
  send "K\r"
  exp_continue
}
-   -re "Last login:"   {
- exp_continue
-   }
-re "Press the  key \[^\r\n]+\[\r\n]+" {
  exp_continue
}

full source:
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/bin/clogin.in
alpha dist:
ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.99.99.tar.gz

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] RANCID with ALU/Nokia 7750 SAR TiMOS

2018-06-11 Thread heasley
Mon, Jun 11, 2018 at 06:35:15PM +, IT-Info:
> Hi Folks,
> 
> Does RANCID support the backing up of ALU/Nokia 7750 devices, or any 
> ALU/Nokia devices at that? This one in particular is running TiMOS-C-13.0.R4.

yes; take the current alpha tarball.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Rancid for Cumulus

2018-06-06 Thread heasley
Wed, Jun 06, 2018 at 07:52:46AM +0200, Tore Anderson:
> * Kasper Adel
> 
> > When yoy say its Linux, do you mean that rancid is mot needed?
> > 
> > I’d like to think that rancid can capture configs of multiple files, is
> > that not possible today? Is there any other tool that comes to mind?
> RANCID captures the output of an arbitrary number CLI commands, which
> can be very well be something like «grep -r . /etc» and/or «net show
> configuration» to get the active config on the box.

so, it works with any number of files/commands.

> Nick's point is that if you've automated your Cumulus environment so
> that the entire config on the box is exported from some other
> authoritative system, then you don't need RANCID for backing up your
> config. Instead, if your switch breaks, you can always just redeploy a
> replacement device using a fresh config pushed from the authoritative
> automation system.

while I wholly support managing a network this way, in fact suggest that
it is the only acceptable way, rancid (or some backup system) still plays
a role - for any device whose config can be changed locally (during test,
debug, ???).  it is useful to catch those events.  also configuration is
not the only thing that rancid collects.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Upgrade 3.1 ->3.7

2018-06-06 Thread heasley
Wed, Jun 06, 2018 at 07:15:15PM +, Michael T. Voity:
> Hello,
> 
> After reading the UPGRADE,   this seem pretty straight forward and I should 
> not have any issues.
> 
> I also have ViewVc 1.1.23.   Anyone see any issues?

correct; if you use the same config args just install over top. 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Router Config diffs

2018-05-31 Thread heasley
Thu, May 31, 2018 at 12:19:25PM +0800, Nanda Kumar Arumugam:
>  I am receiving a mail for particular customer, is that anything i need to
> update in the CVS file.
> 
> 
> Index: configs/ 1x.1x.1x.1x
> 
> ===
> 
> retrieving revision 1.378
> 
> diff -u -4 -r1.378 1x.1x.1x.1x
> 
> @@ -30,9 +30,9 @@
> 
>   set admin-server-cert "self-sign"
> 
>   set admin-sport 443
> 
>   set admin-ssh-grace-time 120
> 
>   set admin-ssh-port 22
> 
> - set admin-ssh-v1 disable
> 
> + set admin-ssh-v1 disable
> 
>   set admin-telnet-port 23
> 
>   set admintimeout 5
> 
>   set anti-replay strict
> 
>   set auth-cert "self-sign"
> 
> Index: configs/1x.1x.1x.1x

it is benign.  it is most likely a result of the pager.  Some devices
offer no way to turn it off and sometimes the login scripts do not
handle the pager prompting properly.  what version of rancid and what
device type?  there have been pager fixes as recently as 3.5.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] stopping command from being run

2018-06-27 Thread heasley
Wed, Jun 27, 2018 at 03:35:59PM +0300, Vacheslav:
> Thank you very much for your insight. The 9ks have been bugging me for a
> long time with the little of use flash log and now it's gone thanks to you.
> But I added the cisco-nx9k to rancid.types.base and did not modify
> rancid.types.conf and just changed the type in the db file and the miracle
> happened!

Charles suggested that you edit the .conf, because the next upgrade/install
will overwrite the .base but not the .conf.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-05-03 Thread heasley
Thu, May 03, 2018 at 05:05:27PM +0100, Howard Jones:
> I'm updating an old F5 loadbalancer script to work with BIG-IP 13.1 -
> it seems that since the last time I needed to use it, F5 have changed
> to starting users in tmsh instead of bash, so the command list needed
> to be tweaked. That's all fine but...

if you run rancid 3.6 (or better 3.7) there are two device types for f5;
f5 and bigip (for >=11.0).

> What I end up with is the following clogin command-line:
> 
> clogin -t 90 -c "modify cli preference pager disabled
> display-threshold 0;show /sys version;show /sys hardware;show /sys
> license;show /net route static;list all-properties recursive" lb01
> 
> which does everything I need, but then sits at the final prompt
> repeatedly type 'exit':
> 
> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit
> Use "quit" to end the current session
> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
> Use "quit" to end the current session
> 
> Where is this 'exit' coming from? Can it be altered?
> 
> If I add 'quit' to the end of my command list, then instead it
> complains EOF received and none of the commands are matched:
> 
> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# quit
> Connection to lb01 closed.
> 
> Error: EOF received
> 
> Do I need to dig into the expect code to deal with this?

the expect it using exit to logout.  Does this work

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3786)
+++ bin/clogin.in   (working copy)
@@ -440,6 +440,11 @@
  send -h "exit\r"
  exp_continue;
}
+   -re "^\[^\n\r *]*Use .quit. to end" {
+ # the F5 >=11 uses quit
+ send -h "quit\r"
+ exp_continue;
+   }
"The system has unsaved changes"{ # Force10 SFTOS
  if {$do_saveconfig} {
catch {send "y\r"}

> Thanks for any pointers (or to a modern f5rancid)...
> 
> Howie
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] is there scripts for 3com router

2017-12-27 Thread heasley
Tue, Dec 26, 2017 at 04:39:09AM +, Piegorsch, Weylin William:
> Would a script from v1 work in v3?  That’s what we upgraded from; the old 
> server was circa 2002 or so.

it should, if the login script hasn't changed in an incompatible way
with the device.  to use a v1 or v2 script in v3, the device type must
be added to your rancid.types.conf; see an existing v2 entry in
rancid.types.base, such as smc.

> Anyway, thanks for the SMC info; I’ll check that out.  Our 3COMs are so old I 
> doubt it (the oldest we have running were installed around 1990 I think, with 
> further installations until sometime 1999 - 2002).  But, it can’t hurt to 
> check, maybe we can restore rancid’s service to some of them at least.
> 
> weylin
> 
> -Original Message-
> From: heasley <h...@shrubbery.net>
> Date: Monday, October 30, 2017 at 04:32
> To: Weylin Piegorsch <wey...@bu.edu>
> Cc: Adrian Dimitrov <adrian.dimit...@efellows.bg>, 
> "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net>
> Subject: Re: [rancid] is there scripts for 3com router
> 
> Thu, Oct 26, 2017 at 08:13:10PM +, Piegorsch, Weylin William:
> > There are no 3com scripts.  My predecessor had configured an SNMP 
> thing, but that stopped working when we upgraded to rancid v3.  If you find 
> one, let me know because I would love to use it.
> 
> theres no reason that i can think of that a script from v2 would not work 
> in
> v3.
> 
> anyway, some SMC swtiches were marketed under a 3com name, so the smc 
> device
> type may support it.
> 
> > From: Adrian Dimitrov <adrian.dimit...@efellows.bg>
> > Date: Thursday, October 26, 2017 at 06:57
> > To: "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net>
> > Subject: [rancid] is there scripts for 3com router
> > 
> > Hello team ,
> > 
> > Hope all of you guys are doing well. I have my rancid set up working 
> perfectly fine for a long time now. I am backing up a lot of different 
> devices successfully, but now I have to back up “3COM” router and I can’t 
> find scripts for this type of device.
> > Is there someone who can help with this?
> > 
> > Best Regards,
> > Adrian Dimitrov
> > System Administrator
> > [Fellows-Mark-RGB_Sign]
> > Direct line:  ; Mobile: +359 876 7744 41; SIP URI (Telepresence): 
> adrian.dimit...@efellows.bg<mailto:adrian.dimit...@efellows.bg> ; Website: 
> http://www.efellows.bg<http://www.efellows.bg/>;
> > 
> 
> 
> 
> > ___
> > Rancid-discuss mailing list
> > Rancid-discuss@shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> 
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Nexus 9K support in RANCiD 3.7

2017-12-29 Thread heasley
Fri, Dec 29, 2017 at 06:09:51PM +, Charles T. Brooks:
> We recently outfitted a new office with Cisco Nexus 9000s.  I monitor router 
> and switch configuration changes enterprise-wide with custom built RPM 
> packages of RANCiD on RHEL7 with git and gitweb.
> 
> The 9Ks have a constantly changing file date on a subfolder that can't be 
> controlled:
> 
> - !Flash: logflash:   69632Dec 29 01:37:09 2017  debug_logs/
> + !Flash: logflash:   69632Dec 29 02:42:52 2017  debug_logs/
> 
> The following code patch to v7 prevents this from generating hourly commits 
> and emails.
> 
> --- nxos.pm.in.orig 2017-12-29 13:02:01.347259970 -0500
> +++ nxos.pm.in  2017-12-29 13:03:39.336922201 -0500
> @@ -497,7 +497,7 @@ sub DirSlotN {
> /\s+vtp_debug(_old)?\.log$/ && next;
> 
> next if (/BufferMonitor-1HourData/);
> -   if (/ log\/$/) {
> +   if (/[_ ]logs?\/$/) {
> # change
> # 8192Jan 08 14:05:05 2015  log/
> # to
> 
> There's also a problem with a constantly fluctuating memory size value, but I 
> haven't figured out how to fix that.
> 
> Thank you Heasley and co-conspirators for a great tool!
> 
> --Charlie

How about the following, so nothing is mistakingly caught.

Index: nxos.pm.in
===
--- nxos.pm.in  (revision 3754)
+++ nxos.pm.in  (working copy)
@@ -497,7 +497,8 @@
/\s+vtp_debug(_old)?\.log$/ && next;
 
next if (/BufferMonitor-1HourData/);
-   if (/ log\/$/) {
+
+   if (/( debug_logs| log)\/$/) {
# change
# 8192Jan 08 14:05:05 2015  log/
# to

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Prompt detection eats exit, clean run not found

2018-01-05 Thread heasley
Fri, Jan 05, 2018 at 09:40:28AM -0600, Brandon Ewing:
> It appears that several modules for rancid rely on non-prompt exits from
> specific commands (IE, "end" at the end of WriteTerm) to ensure that the
> "exit" string is available for inloop to detect to mark a clean run.
> 
> Devices that do not have an end marker, or custom types that do not have
> WriteTerm last, have to fall back on prompt detection, which in most
> modules, also swallows the "exit" string.
> 
> It appears this is fixed in aeos.pm with a GOTO CMD statement, but that
> doesn't appear standard in other modules.

right, if $_ has a prompt, evaluate it, dont read another line.

if (defined($prompt)) {
if (/$prompt/) {
goto CMD;
}
}

> You can reproduce this error by defining a custom type:
> 
> test;script;rancid -t test
> test;login;clogin
> test;module;ios
> test;inloop;ios::inloop
> test;command;ios::WriteTerm;show running-config
> test;command;ios::ShowVersion;show version
> 
> rancid -dt test ios
> loadtype: device type test
> loadtype: found device type test in /home/bewing/etc/rancid.types.conf
> executing clogin -t 90 -c"show running-config;show version" ios
> PROMPT MATCH: ios#
> HIT COMMAND:ios#show running-config
> In WriteTerm: ios#show running-config
> HIT COMMAND:ios#show version
> In ShowVersion: ios#show version
> TYPE = WS-C3850-48U

thats ios, it should have and eng marker; if it does not, then its broken.
and, ios devices and others do this from time to time; they leak memory
until they have so little free that they can not produce a full human-
display config, then they just truncate it.  others produce no output, but
indicate success or lack an error.  hence, the checks.


> ios: End of run not found
> ios: clean_run is false
> !BOOTLDR: Version 3.58, RELEASE SOFTWARE (P)
> 
> 
> -- 
> Brandon Ewing (nicot...@warningg.com)



> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Enterasys Switches help

2018-01-05 Thread heasley
Thu, Jan 04, 2018 at 03:43:50PM -0800, Azher:
> This is Enterasys "71K11L4-48" switch. It has the same CLI and commands
> like the other S/N/K series switches.

S/N/K are other Enterasys boxes?

> Some commands are:
> 
> show version
> show config
> show system hardware
> 
> -Azher
> 
> 
> 
> On Thu, Jan 4, 2018 at 3:19 PM, heasley <h...@shrubbery.net> wrote:
> 
> > Thu, Jan 04, 2018 at 01:38:15PM -0800, Azher:
> > > Hi Heasley,
> > >
> > > [rancid@rancid ~]$ rivrancid -d -t enterasys cal-7100-1
> > > executing rivlogin -t 90 -c"system show uptime;system show version;system
> > > show hardware;system show active-config" cal-7100-1
> > > cal-7100-1: missed cmd(s): all commands
> > > cal-7100-1: End of run not found
> > > cal-7100-1: clean_run is false
> > >
> > > These commands starting with "system" does not work on the Enterasys
> > > switches.
> >
> > is it an oem of someone else's box?  or a completely new enterasys
> > o/s?
> >
> > > Thanks
> > > -Azher
> > >
> > >
> > >
> > > On Tue, Jan 2, 2018 at 3:27 PM, heasley <h...@shrubbery.net> wrote:
> > >
> > > > Thu, Dec 28, 2017 at 06:08:57PM -0800, Azher:
> > > > > Hi Chris,
> > > > >
> > > > > I added following lines in the "rancid.types.base " otherwise there
> > is
> > > > just
> > > > > a reference of enterasys to rivrancid.
> > > > >
> > > > > enterasys;script;xrancid
> > > > > enterasys;login;xlogin
> > > > > enterasys;command;enterasys::ShowVersion;show version
> > > > > enterasys;command;enterasys::WriteTerm;show config
> > > >
> > > > you should not need that; there is already an entry in
> > rancid.types.base
> > > > for this device type - use that.
> > > >
> > > > > Running in debug mode:
> > > > >
> > > > > [rancid@rancid ~/etc]$ rancid -d -t enterasys cal3-n7
> > > > > loadtype: device type enterasys
> > > > > loadtype: found device type enterasys in
> > /opt/rancid/etc/rancid.types.
> > > > base
> > > > > loadtype: undefined function in enterasys: enterasys::ShowVersion
> > > > > Couldn't load device type spec for enterasys
> > > > >
> > > > > I am not sure why it is complaining because xrancid does have this
> > > > function
> > > > > defined:
> > > > >
> > > > > # This routine parses "show version"
> > > > > sub ShowVersion {
> > > > > print STDERR "In ShowVersion: $_" if ($debug);
> > > > >
> > > > > And in the main routine:
> > > > >
> > > > > # Main
> > > > > @commandtable = (
> > > > > {'show version' => 'ShowVersion'},
> > > > > ### {'show memory'  => 'ShowMemory'},
> > > > > ### {'show diag'=> 'ShowDiag'},
> > > > > ### {'show switch'  => 'ShowSwitch'},
> > > > > ### {'show slot'=> 'ShowSlot'},
> > > > > # way too confusing {'show configuration detail'=>
> > 'WriteTerm'},
> > > > > {'show config'  => 'WriteTerm'},
> > > > > );
> > > > >
> > > > > Trying rivrancid also complains about no commands:
> > > > >
> > > > > [rancid@rancid ~]$ rivrancid -d cal3-n7
> > > > > executing rivlogin -t 90 -c"system show uptime;system show
> > version;system
> > > > > show hardware;system show active-config" cal3-n7
> > > >
> > > > manually run the rivlogin command that is there to see if there is a
> > > > failure in that login script.
> > > >
> > > > > cal3-n7: missed cmd(s): all commands
> > > > > cal3-n7: End of run not found
> > > > > cal3-n7: clean_run is false
> > > > > !
> > > > >
> > > > > Thanks
> > > > > -Azher
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Thu, Dec 28, 2017 at 2:39 PM, Gauthier, Chris <
> > cgauth...@comscore.com
> > > > >
> > > > >

Re: [rancid] Howto setup Rancid with Git on Debian?

2018-01-11 Thread heasley
Thu, Jan 11, 2018 at 12:37:54PM +, shouldbe q931:
> On Thu, Jan 11, 2018 at 11:02 AM, ACS Solutions Network
>  wrote:
> > Hello folks,
> >
> >
> >
> > i’ve searched the web, this list, contents in the package etc. but didn’t
> > find any up to date information on how to setup Rancid with Git on Debian.
> >
> >
> >
> > I’ve installed rancid via apt-get (rancid ver. 3.6.2-2) on Debian 9. Git is
> > ver. 2.11.
> >
> 
> <10 seconds with google found
> 
> https://www.cryptomonkeys.com/2016/11/rancid-git/
> http://opennodecloud.com/howto/2014/05/08/howto-about-rancid.html
> 
> I do not know if the Debian packaged 3.6.2 includes git support.

I'd recommend using 3.7 for git.  A minor fix for git, but will make it
easier, IMO.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] does dancid support chinese switches?

2018-01-26 Thread heasley
Fri, Jan 26, 2018 at 11:03:05AM +0300, Vacheslav:
> Health be upon you,
> model name: DCS-3650-8C

I've never seen one and it is not clear who the manufacturer is.  But,
it might; try it.  Based on the behavior of the CLI, try the device type
that most closely resembles the device.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Howto setup Rancid with Git on Debian?

2018-01-11 Thread heasley
Thu, Jan 11, 2018 at 03:20:20PM +, Gauthier, Chris:
> As for the Git part, rancid uses a local git server that it creates the 
> folder structure for.  Each rancid group is its gets own Git repo.  The key 
> is really the rancid config file.  Set RCSSYS=”git” and it will do the heavy 
> lifting.  If you need the stuff to go to a remote repo, then you will need to 
> make the local Git do blind commits to the remote repo.  That’s something one 
> of my server admins took care of, so I’m not sure exactly how he did it.

Add a remote to a given rancid group: 
https://help.github.com/articles/adding-a-remote/
add to the rancid-run cronjob, a 'git push newremote'

cd ~rancid/group
git remote add foo giturl
... rancid-run; cd ~rancid/group; git push foo

add a second push destination (remote should not require auth) to origin
and rancid will push to it each run.
cd ~rancid/group
git remote add foo giturl
git remote set-url --add --push origin `git remote get-url --push 
origin`
git remote set-url --add --push origin `git remote get-url --push foo`


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] problem with new Aruba/HP 2920

2018-01-27 Thread heasley
Sat, Jan 27, 2018 at 10:57:56AM -0500, Doug Hughes:
> got a new HP/Aruba 2920 to replace an old failed 2910al (POE power
> supply failure - very common).. Weird thing is, hlogin doesn't work on
> it. I get an EOF right after trying to send enable and it tries to match
> the many stupid formatting characters that the Aruba folks have tried to
> put into the output.
> 
> I have manually set the switch to vt100 terminal type and reloaded, but
> still it persists and it's loaded with those characters. I can't say
> definitively that they are the issue, but something sure is strange. I
> started looking into it and debugging and noticed all that. Also, clogin
> seems to work (aside from command incompatibility), but hlogin does not
> and gets an EOF prematurely.
> 
> Anybody seen this?

I havent any of these.  Have one that I can poke remotely?  else, collect
debug info from hlogin -d -c ... devicename

> I did just upgraed to rancid3.7 from 3.4.1 to see if that would help,
> and it did not. Same behavior.
> 
> 
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Juniper switches and firewall

2018-02-05 Thread heasley
Mon, Feb 05, 2018 at 06:43:23PM +, Andrew Meyer:
> Touched the file.  Still getting the errors.

are you sure the error(s) are the same?  share them.

> On Monday, February 5, 2018 11:29 AM, heasley <h...@shrubbery.net> wrote:
>  
> 
>  Mon, Feb 05, 2018 at 05:04:31PM +, Nick Hilliard:
> > this looks like a bug in the freebsd package - rancid.types.conf is not
> > included.  This isn't terminal though.
> > 
> > You have two options:
> > 
> > > 1. touch /usr/local/etc/rancid/rancid.types.conf
> > > 2. wget -O /usr/local/etc/rancid/rancid.types.conf 
> > > http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf
> > 
> > It would probably be a good idea to alert the package maintainer about
> > this, or file a bug in FreeBSD bugzilla.
> 
> an empty file will suffice; there are device examples the file.
> 
> 
>

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Juniper switches and firewall

2018-02-05 Thread heasley
Mon, Feb 05, 2018 at 05:04:31PM +, Nick Hilliard:
> this looks like a bug in the freebsd package - rancid.types.conf is not
> included.  This isn't terminal though.
> 
> You have two options:
> 
> > 1. touch /usr/local/etc/rancid/rancid.types.conf
> > 2. wget -O /usr/local/etc/rancid/rancid.types.conf 
> > http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/etc/rancid.types.conf
> 
> It would probably be a good idea to alert the package maintainer about
> this, or file a bug in FreeBSD bugzilla.

an empty file will suffice; there are device examples the file.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Fortiweb 400C 5.82

2018-02-20 Thread heasley
Tue, Feb 20, 2018 at 06:16:52PM -0500, Gerhard Mourani:
> Connection to the FortiWeb doesn’t complete and make a timeout. In the past, 
> It was related to password prompt that has been changed by Fortinet on this 
> model. Here past discussion on the subject -> 
> https://lists.gt.net/rancid/users/9793 
> <https://lists.gt.net/rancid/users/9793>
> 
> Regards,

The output appears to present a successful login.

expect: does "Fortiweb01 $ " (spawn_id exp3) match regular expression "[\r\n]+"?
 (No Gate, RE only) gate=yes re=no
"^(.+[#\$] )"? Gate "* "? gate=yes re=yes
expect: set expect_out(0,string) "Fortiweb01 $ "
expect: set expect_out(1,string) "Fortiweb01 $ "
expect: set expect_out(spawn_id) "exp3"
expect: set expect_out(buffer) "Fortiweb01 $ "

so, what is timing-out?

> > On Feb 20, 2018, at 5:30 PM, heasley <h...@shrubbery.net> wrote:
> > 
> > Fri, Feb 16, 2018 at 09:19:10AM -0500, Gerhard Mourani:
> >> Hello,
> >> 
> >> I've a problem again backing up Fortiweb configuration.
> >> Rancid 3.7
> >> FortiWeb-400C 5.82,build1375,170622
> > 
> > and the problem is?
> > 
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] OTP/2-factor authentication

2018-02-20 Thread heasley
Tue, Feb 20, 2018 at 09:34:32PM +, Wayne Eisenberg:
> I did some searching, and I'm pretty sure I already know the answer, but has 
> anyone had any success with rancid and 2-factor authentication such as OKTA 
> (time-based OTP)?
> 
> Any workarounds?

how would it work?  I'm probably being dense on the subject, but it seems
like an obstacle to automation.  Happy to receive a cluebyfour.

it seems that such security goals can be achieved by aaa authorization
(ie: read-only) and password expiration in aaa authentication.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Rancid Login to device with wrong username and password

2018-02-24 Thread heasley
Sat, Feb 24, 2018 at 10:15:33AM +, Sathish Kumar. Ippani:
> 
> Dear All,
> 
> I have recently installed Rancid and I added device.
> 
> But when I testing clogin to a cisco device it is login to device rancid 
> user, where I have configured deferent username(cisco) to login to cisco 
> device.
> 
> Please let me know, If I need to change any configuration.

your .cloginrc.  see clogin -[Mm]

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] OTP/2-factor authentication

2018-02-21 Thread 'heasley'
Wed, Feb 21, 2018 at 08:27:14PM +, Wayne Eisenberg:
> I believe you are correct. It happens when certain people insist on a policy 
> that requires the only way to connect is via 2-factor and don't make any 
> accommodation for things like this or the need to be able to script a large 
> rollout of a change, etc.
> 
> Thanks.

ie: management

a thought is that an oauth2-like system might work - but thats just another
form of password expiration.

> -Original Message-
> From: heasley [mailto:h...@shrubbery.net]
> Sent: Tuesday, February 20, 2018 5:25 PM
> To: Wayne Eisenberg
> Cc: 'rancid-discuss@shrubbery.net'
> Subject: Re: [rancid] OTP/2-factor authentication
> 
> Tue, Feb 20, 2018 at 09:34:32PM +, Wayne Eisenberg:
> > I did some searching, and I'm pretty sure I already know the answer, but 
> > has anyone had any success with rancid and 2-factor authentication such as 
> > OKTA (time-based OTP)?
> >
> > Any workarounds?
> 
> how would it work?  I'm probably being dense on the subject, but it seems 
> like an obstacle to automation.  Happy to receive a cluebyfour.
> 
> it seems that such security goals can be achieved by aaa authorization
> (ie: read-only) and password expiration in aaa authentication.
> 
> 
> 
> 
> The information in this Internet e-mail (and any attachments) is 
> confidential, may be legally privileged and is intended solely for the 
> Addressee(s) named above. If you are not the intended recipient, or the 
> employee or agent responsible for delivering it to the intended recipient, 
> then any dissemination or copying of this e-mail (and any attachments) is 
> prohibited and may be unlawful. If you received this e-mail in error, please 
> immediately notify us by e-mail or telephone, then delete the message. Thank 
> you.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Enterasys Switches help

2018-01-02 Thread heasley
Thu, Dec 28, 2017 at 06:08:57PM -0800, Azher:
> Hi Chris,
> 
> I added following lines in the "rancid.types.base " otherwise there is just
> a reference of enterasys to rivrancid.
> 
> enterasys;script;xrancid
> enterasys;login;xlogin
> enterasys;command;enterasys::ShowVersion;show version
> enterasys;command;enterasys::WriteTerm;show config

you should not need that; there is already an entry in rancid.types.base
for this device type - use that.

> Running in debug mode:
> 
> [rancid@rancid ~/etc]$ rancid -d -t enterasys cal3-n7
> loadtype: device type enterasys
> loadtype: found device type enterasys in /opt/rancid/etc/rancid.types.base
> loadtype: undefined function in enterasys: enterasys::ShowVersion
> Couldn't load device type spec for enterasys
> 
> I am not sure why it is complaining because xrancid does have this function
> defined:
> 
> # This routine parses "show version"
> sub ShowVersion {
> print STDERR "In ShowVersion: $_" if ($debug);
> 
> And in the main routine:
> 
> # Main
> @commandtable = (
> {'show version' => 'ShowVersion'},
> ### {'show memory'  => 'ShowMemory'},
> ### {'show diag'=> 'ShowDiag'},
> ### {'show switch'  => 'ShowSwitch'},
> ### {'show slot'=> 'ShowSlot'},
> # way too confusing {'show configuration detail'=> 'WriteTerm'},
> {'show config'  => 'WriteTerm'},
> );
> 
> Trying rivrancid also complains about no commands:
> 
> [rancid@rancid ~]$ rivrancid -d cal3-n7
> executing rivlogin -t 90 -c"system show uptime;system show version;system
> show hardware;system show active-config" cal3-n7

manually run the rivlogin command that is there to see if there is a
failure in that login script.

> cal3-n7: missed cmd(s): all commands
> cal3-n7: End of run not found
> cal3-n7: clean_run is false
> !
> 
> Thanks
> -Azher
> 
> 
> 
> 
> On Thu, Dec 28, 2017 at 2:39 PM, Gauthier, Chris 
> wrote:
> 
> > I would take a look at the rancid types file to make sure it’s running the
> > commands you need.  It seems like it’s throwing up in the very beginning of
> > its run.
> >
> >
> >
> > There are several emails in the list on how to get into a “debugging” mode
> > if you’re not already familiar.  That will help completely isolate the
> > issue.
> >
> >
> >
> > --Chris
> >
> >
> >
> >
> > Chris  Gauthier  Senior Network Engineer  |  comScore, Inc.
> > t +1 *(503) 331-2704* <(503)%20331-2704>  |
> > *cgauth...@comscore.com* 
> > 317
> > 
> >  SW
> > 
> >  Alder
> > 
> >  Street,
> > 
> >  Suite
> > 
> >  700
> > 
> >  |
> > 
> >   Portland,
> > 
> >  OR
> > 
> >  97204
> > 
> >United
> > 
> >  States
> > 
> > *comscore.com* 
> > ​​​This e-mail (including any attachments) may contain information that is
> > private, confidential, or protected by attorney-client or other privilege.
> > If you received this e-mail in error, 

Re: [rancid] ASA-5585 Enable mode

2018-01-02 Thread heasley
Mon, Jan 01, 2018 at 06:41:56PM -0800, Azher:
> In the ASA version 9.8.X , there are sending out the "Last login: " and the
> "Last failed Login: " as default. There is no way to disable this.
> 
> I tried adding following lines in .cloginrc but no luck:
> 
> add prompt sslvpna {"sslvpna>"}
> add enableprompt sslvpna {"sslvpna>"}
> 
> Is there a way to skip login: for this specific device ?
> 
> Thanks
> -Azher

Does this work?

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3754)
+++ bin/clogin.in   (working copy)
@@ -248,6 +248,12 @@
  send_user "\nError: Check your passwd for 
$router\n"
  catch {close}; catch {wait}; return 1
}
+   -nocase -re "last login:"   {
+ exp_continue
+   }
+   -nocase -re "failed login:" {
+ exp_continue
+   }
"Login failed"  {
  send_user "\nError: Check your passwd for 
$router\n"
  catch {close}; catch {wait}; return 1
@@ -267,9 +273,6 @@
  send "K\r"
  exp_continue
}
-   -re "Last login:"   {
- exp_continue
-   }
-re "Press the  key \[^\r\n]+\[\r\n]+" {
  exp_continue
}


> 
> 
> On Sun, Dec 31, 2017 at 1:19 PM, heasley <h...@shrubbery.net> wrote:
> 
> > Thu, Dec 28, 2017 at 06:42:46PM -0800, Azher:
> > > Hi All,
> > >
> > > Our current Cisco ASA devices "ASA5550" , 8.4(7)30, work fine with
> > RANCID.
> > >
> > > Same config does not work for ASA-5585, 9.8(1). I am not sure why it is
> > > sending "admin" twice and later it sends "enable" at the prompt  Any
> > > suggestions ?
> > >
> > > add user sslvpnb admin
> > > add password sslvpnb pass1 pass2
> > > add autoenable sslvpnb 0
> > > add method sslvpnb ssh
> > >
> > > [rancid@rancid ~]$ more var/asa/router.db
> > > sslvpn1;cisco;up
> > > sslvpn2;cisco;up
> > > sslvpna;cisco;up
> > > sslvpnb;cisco;up
> > >
> > > [rancid@rancid ~]$ clogin sslvpnb
> > > sslvpnb
> > > spawn ssh -c aes128-ctr,aes128-cbc,3des-cbc -x -l admin sslvpnb
> > > admin@sslvpnb's password:
> > > User admin logged in to sslvpnb
> > > Logins over the last 44 days: 29.  Last login: 18:09:41 PST Dec 28 2017
> > > from 68.181.191.19
> > > Failed logins since the last login: 0.  Last failed login: 06:47:32 PST
> > Dec
> > > 28 2017 from 68.181.191.19
> >
> > its sending admin again because it sees "login:" before a prompt.  why
> > is it displaying this?
> >
> > > Type help or '?' for a list of available commands.
> > > sslvpnb> admin
> > >  ^
> > > ERROR: % Invalid input detected at '^' marker.
> > >
> > > Error: Unrecognized command, check your enable command
> > > sslvpnb> admin
> > >  ^
> > > ERROR: % Invalid input detected at '^' marker.
> > > sslvpnb> enable
> > > Password:
> > > Invalid password
> > > Password:
> > > Invalid password
> > > Password:
> > > Invalid password
> > > Access denied.
> > > sslvpnb>
> > >
> > >
> > > Thanks
> > > -Azher
> >
> > > ___
> > > Rancid-discuss mailing list
> > > Rancid-discuss@shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> >
> >

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Problem rancid 3.7 config with cmw routers

2018-06-21 Thread heasley
Thu, Jun 21, 2018 at 12:27:37PM +0200, Service Informatique CH DECIZE:
> Hello,
> 
> I have made a rancid 3.7 installation on a Ubuntu 18.04 LTS machine.
> I have followed the jrbinks indications ->
> https://sites.google.com/site/jrbinks/code/rancid/cmwrancid
> My tests are ok with a cisco router (config is ok in cvsweb), but ko with
> cmw / hp routers (model 5120/5130).
> 
> In the log file, I have the following error :
> "Added swd01
> Trying to get all of the configs.
> sh: 1: cmwlogin: not found

I am not familiar with cmwlogin, but that error means that the script
can not be found.  make sure that it is in the same directroy as 
clogin, has permissions 0555 and that the interpreter in the first
line of that file matches the first line of clogin.

> swd01: missed cmd(s): all commands
> swd01: End of run not found
> !"
> 
> Please help, I don't know how to resolve the problem.
> Thanks.
> 
> PS : sorry for my bad english (I'm French ;o) )
> 
> Yann PAGE

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Fortigate additional tweaks and device filters

2018-08-01 Thread heasley
Wed, Aug 01, 2018 at 08:37:03AM +, Nick Nauwelaerts:
> hm,
> i actually like to have those versions in the output. if something breaks my 
> first reaction tends to be: "what changed?", and rancid is usually the first 
> place i check.
> 
> would it be an option to control this with FILTER_OSC , even though its not 
> quite it's intended application?

Could be; what are they?  version stamp of what exactly?

> thx
> 
> // nick
> 
> 
> From: Rancid-discuss [mailto:rancid-discuss-boun...@shrubbery.net] On Behalf 
> Of Doug Hughes
> Sent: Tuesday, July 31, 2018 23:18
> To: rancid-discuss@shrubbery.net
> Subject: Re: [rancid] Fortigate additional tweaks and device filters
> 
> 
> 
> 
> On 7/31/2018 5:14 PM, heasley wrote:
> 
> Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:
> 
> Hi Heasley and folks,
> 
> 
> 
> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to
> 
> filter out some additional chattiness, see:
> 
> 
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html
> 
> 
> 
> A few people chimed in seeming to be OK with the propsed changes, which are
> 
> to filter these things:
> 
> 
> 
> next if (/^\s*IPS-ETDB: .*/);
> 
> next if (/^\s*APP-DB: .*/);
> 
> next if (/^\s*IPS Malicious URL Database: .*/);
> 
> next if (/^\s*Botnet DB: .*/);
> 
> 
> 
> Mentioning this as 3.8 came out and i didn't notice any of these included.
> 
> 
> 
> We have an additional fortigate tweak we make every time we update too,
> 
> which to change from 'show full-configuration' to just 'show' in
> 
> @commandtable. 'full-configuration' shows default config, just like the
> 
> cisco 'full' command. It's really not necessary IMO.
> 
> 
> 
> This is from:
> 
> r2258 | heas | 2010-10-11 20:49:05 + (Mon, 11 Oct 2010) | 3 lines
> 
> 
> 
> fnrancid: update recent fortinet software - Diego Ercolani
> 
> Cleaned-up a little by me.
> 
> 
> 
> afaict, the justification for full-configuration was so that VDOMs would
> 
> be included in the output.  perhaps this behavior has changed since this
> 
> change??  I have none of these devices.
> 
> I think you are right.. I have a vague recollection of this as well.
> --
> Doug Hughes
> Keystone NAP
> Fairless Hills, PA
> 1.844.KEYBLOCK (439.2562)
> 
> [http://www.keystonenap.com/wp-content/themes/keystoneNAP/images/keystone-nap-logo.png]
> 
> 
> 
> 
> 
> Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | 
> Twitter<https://twitter.com/aquafinnv> | 
> YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> 
> | LinkedIN<http://www.linkedin.com/company/aquafin/products>
> 
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin 
> persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de 
> betrokkenen zijn, kan je nalezen in onze privacy 
> policy<https://www.aquafin.be/nl-be/privacy-policy>.
> 
> [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
>   P Denk aan het milieu. Druk deze mail niet onnodig af.

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Fortigate additional tweaks and device filters

2018-08-02 Thread heasley
Thu, Aug 02, 2018 at 09:25:30AM -0500, Chris Wopat:
> > Wed, Aug 01, 2018 at 08:37:03AM +, Nick Nauwelaerts:
> >> hm,
> >> i actually like to have those versions in the output. if something breaks 
> >> my first reaction tends to be: "what changed?", and rancid is usually the 
> >> first place i check.
> >>
> >> would it be an option to control this with FILTER_OSC , even though its 
> >> not quite it's intended application?
> > Could be; what are they?  version stamp of what exactly?
> > 
> 
> 
> My additions to filter are based on the fact that there's already a 
> block of these being filtered, this is just 'more of the same' chatty 
> stuff that changes daily.
> 
> I'd say go one way or another- add more similar filters (my suggestion) 
> or do none or have a toggle-able option. FILTER_OSC sounds more like 
> it's for security stuff, so that doesn't seem like the best fit to me.
> 
> Has a new FILTER_CRUFT type of option been discussed in the past? Unsure 
> if this fits the category of any other previously discussed things.

it was intended for stuff that oscillated but is still desirable (by some).
so, seems to fit the application, perhaps for the other similar filters.
again, i dont know the platform, so I need input.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

2018-07-26 Thread heasley
Thu, Jul 26, 2018 at 09:20:42PM +, Piegorsch, Weylin William:
> I should note that using the NOPIPE=yes thing causes the "controller wlogin 
> error: Error: Connection closed (ssh): controller" message that I show below. 
>  If I omit the NOPIPE environment variable on the CLI, I get the output I 
> showed in the other email, where it hangs in the middle of output.
> 
> weylin

i dont see the problem in what you've provided; you'll have to share more
output with me.

eval `rancid -t cisco-wlc8 -C hostname` &> output

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

2018-07-27 Thread heasley
Fri, Jul 27, 2018 at 12:08:37PM +, Piegorsch, Weylin William:
> I did some experimenting, issuing the "config paging disable" CLI command on 
> initial login seems to eliminate the paging issue, similar to the ASA 
> "terminal pager 0" or the IOS "terminal length 0".
> weylin

wlogin should have sent this command at the beginning.  please look at
the beginning of the transcript with the device.

> On 7/27/18, 8:01 AM, "Piegorsch, Weylin William"  wrote:
> 
> When I login as myself and run the "show sysinfo" command, I get the 
> below output.  I notice that rancid (wlogin) gets stuck on the prompt at the 
> end there.  When expect sees the prompt, a  would be the appropriate 
> response.  I'm not sure how to disable paging, unfortunately. 
> 
> Weylin
> 
> (cumm111-wism-aca05) >show sysinfo
> 
> Manufacturer's Name.. Cisco Systems Inc.
> Product Name. Cisco Controller
> Product Version.. 8.2.166.0
> Bootloader Version... 1.0.20
> Field Recovery Image Version. 7.6.101.1
> Firmware Version. FPGA 1.7, Env 0.0, USB 
> console 2.2
> Build Type... DATA + WPS
> 
> System Name.. cumm111-wism-aca05
> System Location.. 111 Cummington St., 
> Room B05
> System Contact... Network Operations 
> Center
> System ObjectID.. 1.3.6.1.4.1.9.1.1293
> Redundancy Mode.. SSO
> IP Address... 10.123.18.234
> IPv6 Address. ::
> Last Reset... Software reset
> System Up Time... 97 days 17 hrs 26 mins 
> 34 secs
> System Timezone Location. (GMT -5:00) Eastern 
> Time (US and Canada)
> System Stats Realtime Interval... 5
> System Stats Normal Interval. 180
> 
> 
> --More-- or (q)uit
> 
> 
> 
> 
> 
> On 7/26/18, 6:43 PM, "heasley"  wrote:
> 
> Thu, Jul 26, 2018 at 09:20:42PM +, Piegorsch, Weylin William:
> > I should note that using the NOPIPE=yes thing causes the 
> "controller wlogin error: Error: Connection closed (ssh): controller" message 
> that I show below.  If I omit the NOPIPE environment variable on the CLI, I 
> get the output I showed in the other email, where it hangs in the middle of 
> output.
> > 
> > weylin
> 
> i dont see the problem in what you've provided; you'll have to share 
> more
> output with me.
> 
> eval `rancid -t cisco-wlc8 -C hostname` &> output
> 
> 
> 
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] is there scripts for 3com router

2018-07-27 Thread heasley
Thu, Jul 26, 2018 at 09:25:54PM +, Piegorsch, Weylin William:
> Hello,
> 
> I tried the SMC script and, well...
> 
> Weylin
> 
> 
> [rancid@nsgv-prod-59 ~]$ NOPIPE=yes rancid -d -t smc babc273-1032es02.bu.edu
> loadtype: device type smc
> loadtype: found device type smc in /usr/local/rancid/etc/rancid.types.base
> executing hlogin -t 90 -c"" babc273-1032es02.bu.edu
> inloop is not configured for device type smc at /usr/local/rancid/bin/rancid 
> line 126.

have you altered the smc definition?  It should be as follows:
smc;script;srancid
smc;login;hlogin

and that works properly.  you would add a definition similar this to
etc/rancid.type.conf for your own v2-like (or v3) script.  see the manpage.

> [rancid@nsgv-prod-59 ~]$
> 
> 
> -Original Message-
> From: heasley  
> Sent: Wednesday, December 27, 2017 2:02 PM
> To: Piegorsch, Weylin William 
> Cc: heasley ; Adrian Dimitrov 
> ; rancid-discuss@shrubbery.net
> Subject: Re: [rancid] is there scripts for 3com router
> 
> Tue, Dec 26, 2017 at 04:39:09AM +, Piegorsch, Weylin William:
> > Would a script from v1 work in v3?  That’s what we upgraded from; the old 
> > server was circa 2002 or so.
> 
> it should, if the login script hasn't changed in an incompatible way with the 
> device.  to use a v1 or v2 script in v3, the device type must be added to 
> your rancid.types.conf; see an existing v2 entry in rancid.types.base, such 
> as smc.
> 
> > Anyway, thanks for the SMC info; I’ll check that out.  Our 3COMs are so old 
> > I doubt it (the oldest we have running were installed around 1990 I think, 
> > with further installations until sometime 1999 - 2002).  But, it can’t hurt 
> > to check, maybe we can restore rancid’s service to some of them at least.
> > 
> > weylin
> > 
> > -Original Message-
> > From: heasley 
> > Date: Monday, October 30, 2017 at 04:32
> > To: Weylin Piegorsch 
> > Cc: Adrian Dimitrov , 
> > "rancid-discuss@shrubbery.net" 
> > Subject: Re: [rancid] is there scripts for 3com router
> > 
> > Thu, Oct 26, 2017 at 08:13:10PM +, Piegorsch, Weylin William:
> > > There are no 3com scripts.  My predecessor had configured an SNMP 
> > thing, but that stopped working when we upgraded to rancid v3.  If you find 
> > one, let me know because I would love to use it.
> > 
> > theres no reason that i can think of that a script from v2 would not 
> > work in
> > v3.
> > 
> > anyway, some SMC swtiches were marketed under a 3com name, so the smc 
> > device
> > type may support it.
> > 
> > > From: Adrian Dimitrov 
> > > Date: Thursday, October 26, 2017 at 06:57
> > > To: "rancid-discuss@shrubbery.net" 
> > > Subject: [rancid] is there scripts for 3com router
> > > 
> > > Hello team ,
> > > 
> > > Hope all of you guys are doing well. I have my rancid set up working 
> > perfectly fine for a long time now. I am backing up a lot of different 
> > devices successfully, but now I have to back up “3COM” router and I can’t 
> > find scripts for this type of device.
> > > Is there someone who can help with this?
> > > 
> > > Best Regards,
> > > Adrian Dimitrov
> > > System Administrator
> > > [Fellows-Mark-RGB_Sign]
> > > Direct line:  ; Mobile: +359 876 7744 41; SIP URI (Telepresence): 
> > adrian.dimit...@efellows.bg<mailto:adrian.dimit...@efellows.bg> ; Website: 
> > http://www.efellows.bg<http://www.efellows.bg/>;
> > >
> > 
> > 
> > 
> > > ___
> > > Rancid-discuss mailing list
> > > Rancid-discuss@shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> > 
> > 
> > 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] xilogin, stuck on system-view

2018-07-27 Thread heasley
Thu, Jul 26, 2018 at 01:34:06AM +, james Di Trapani:
> Hi All,
> 
> 
> Using latest version of Rancid and xilogin to connect to Huawei AR169's, when 
> trying to pass the command 'system-view' it appears that xilogin gets stuck 
> and cannot interpret the prompt changing from '>' to ']', has anyone else 
> experienced this?
> 

is this a device that runs VRP?  it was developed against VRP v5.170, which
does not change the prompt as you describe; or at least not that I
discovered.

if it is not VRP, I likely can not help.  if it does, I need a full
transcript.

eval `rancid -t vrp -C hostname` &> output

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Juniper CLI prompts out of sync causing frequent changes

2018-07-27 Thread heasley
Fri, Jul 27, 2018 at 08:18:08AM -0500, Chris Wopat:
> Hi folks,
> 
> Last year I commented on an issue we're seeing across many Juniper devices.
> I neglected to follow up on Heasley's response then but are seeing it a lot
> more frequently now, perhaps related to some OS upgrades or something else.
> 
> 
> Thread was here:
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009916.html
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-October/009922.html
> 
> Looking at the last week or so of these we've had, they're on devices
> running 14.1X53-D4*, which is primaraily QFX5100 but also a few EX4200.
> 
> Here's output from a single diff, its like this on various commands nearly
> every run:
> 
> 
> 
> Index: configs/r-kettlemoraine-hub
> ===
> retrieving revision 1.144
> diff -u -4 -r1.144 r-kettlemoraine-hub
> @@ -1,7 +1,8 @@
>   #RANCID-CONTENT-TYPE: juniper
>   #
>   # r-kettlemoraine-hub> show chassis clocks
> + # show chassis environment
>   # r-kettlemoraine-hub> show chassis environment
>   # Class Item   Status
>   # Power FPC 0 Power Supply 0   OK
>   #   FPC 0 Power Supply 1   OK
> Index: configs/r-lacrossecity-hub
> ===
> retrieving revision 1.108
> diff -u -4 -r1.108 r-lacrossecity-hub
> @@ -15,9 +15,8 @@
>   #   FPC 0 Fan 2OK
>   #   FPC 0 Fan 3OK
>   #
>   # r-lacrossecity-hub> show chassis firmware
> - # show chassis fpc detail
>   # Part Type   Version
>   # FPC 0uboot  U-Boot 1.1.6 (Jun  5 2012 -
> 02:24:53) 1.0.0
>   #  loader FreeBSD/PowerPC U-Boot bootstrap
> loader 2.4
>   #
> Index: configs/r-platteville-hub
> ===
> retrieving revision 1.274
> diff -u -4 -r1.274 r-platteville-hub
> @@ -1,7 +1,8 @@
>   #RANCID-CONTENT-TYPE: juniper
>   #
>   # r-platteville-hub> show chassis clocks
> + # show chassis environment
>   # r-platteville-hub> show chassis environment
>   # Class Item   Status
>   # Power FPC 0 Power Supply 0   OK
>   #   FPC 0 Power Supply 1   OK
> 
> Heasley, you chimed in saying the prompt may be out of sync. While I don't
> quite know what that means, you suggested sending output of:
> 
> eval `rancid -Ct juniper device`
> 
> Here that is, finally:
> 
> jlogin -t 120 -c 'show chassis clocks;show chassis environment;show chassis
> firmware;show chassis fpc detail;show chassis hardware detail;show chassis
> hardware models;show chassis routing-engine;show chassis scb;show chassis
> sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show
> chassis cfeb;show chassis alarms;show system license;show system
> boot-messages;show system core-dumps;show version detail;show version
> invoke-on other-routing-engine;show configuration;file checksum md5
> /var/db/scripts/*/*;file list recursive /var/db/scripts/' r-platteville-hub
> 
> You may notice some additions at the end which help us track some slax
> scripts:
> 
> file checksum md5 /var/db/scripts/*/*;file list recursive /var/db/scripts/'
> 
> we've had those in place for quite some time (before this) so I'm unsure if
> those are related.

not likely.  I presume you have a banner with something that looks like a
prompt; like 
https://www.juniper.net/documentation/software/junos/junos93/swconfig-system-basics/configuring-a-system-login-message.html.
if not, you'll have to share output with me.

eval `rancid -t juniper -C hostname` &> output

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Juniper CLI prompts out of sync causing frequent changes

2018-07-31 Thread heasley
Fri, Jul 27, 2018 at 12:58:14PM -0500, Chris Wopat:
> We actually do not have a banner, but your mention of that reminds me that
> indeed, when doing some updates recently we enabled login-tip (
> https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/login-tip-edit-system.html/)
> which is almost certainly putting something random in a banner-ish area
> upon each login.
> 
> Here are 3 random examples from the same device:
> 
> 
> Password:
> --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC
> JUNOS tip:
> Use the 'no-more' CLI pipe to disable the CLI's more capability and
> let the multiple pages of output scroll without stopping.
> 
> 
> --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC
> JUNOS tip:
> Use ESC-/ in the CLI to expand strings into matching words from the
> command line history.
> 
> Password:
> --- JUNOS 14.1X53-D47.3 built 2018-05-10 21:38:01 UTC
> JUNOS tip:
> Use the TAB key to autocomplete interface names in operational mode.
> 
> 
> Since they liberally use dashes, single quotes, forward slashes and so on-
> this seems to be the likely culprit?

maybe; those do not look like prompts.

> Would it be possible to filter out anything between "JUNOS tip" and the
> first valid prompt so we have a chance of leaving them enabled?

it is all about reliably identifying the valid prompt.  if i could tell
users and vendors not to use [\][[:space:])(_*\\<>] in their prompts, life
would be easier - the regex would simply be
^[^PROMPTTERMINALCHAR\r\n ]+PROMPTTERMINALCHAR

jlogin is looking for '>'.  can you reproduce it reliably with a particular
device?  if you can share (with me only) the output of
jlogin -d -c 'show version' hostname 2> output
i expect that i can fix it, but i may need more output, like:
jlogin -d -c 'show chassis clocks;show chassis environment;show chassis 
firmware;show chassis fpc detail' hostname 2> output

> --Chris
> 
> 
> 
> On Fri, Jul 27, 2018 at 12:00 PM, heasley  wrote:
> 
> > Fri, Jul 27, 2018 at 08:18:08AM -0500, Chris Wopat:
> > > Hi folks,
> > >
> > > Last year I commented on an issue we're seeing across many Juniper
> > devices.
> > > I neglected to follow up on Heasley's response then but are seeing it a
> > lot
> > > more frequently now, perhaps related to some OS upgrades or something
> > else.
> > >
> > >
> > > Thread was here:
> > >
> > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-
> > October/009916.html
> > > http://www.shrubbery.net/pipermail/rancid-discuss/2017-
> > October/009922.html
> > >
> > > Looking at the last week or so of these we've had, they're on devices
> > > running 14.1X53-D4*, which is primaraily QFX5100 but also a few EX4200.
> > >
> > > Here's output from a single diff, its like this on various commands
> > nearly
> > > every run:
> > >
> > >
> > >
> > > Index: configs/r-kettlemoraine-hub
> > > ===
> > > retrieving revision 1.144
> > > diff -u -4 -r1.144 r-kettlemoraine-hub
> > > @@ -1,7 +1,8 @@
> > >   #RANCID-CONTENT-TYPE: juniper
> > >   #
> > >   # r-kettlemoraine-hub> show chassis clocks
> > > + # show chassis environment
> > >   # r-kettlemoraine-hub> show chassis environment
> > >   # Class Item   Status
> > >   # Power FPC 0 Power Supply 0   OK
> > >   #   FPC 0 Power Supply 1   OK
> > > Index: configs/r-lacrossecity-hub
> > > ===
> > > retrieving revision 1.108
> > > diff -u -4 -r1.108 r-lacrossecity-hub
> > > @@ -15,9 +15,8 @@
> > >   #   FPC 0 Fan 2OK
> > >   #   FPC 0 Fan 3OK
> > >   #
> > >   # r-lacrossecity-hub> show chassis firmware
> > > - # show chassis fpc detail
> > >   # Part Type   Version
> > >   # FPC 0uboot  U-Boot 1.1.6 (Jun  5 2012 -
> > > 02:24:53) 1.0.0
> > >   #  loader FreeBSD/PowerPC U-Boot bootstrap
> > > loader 2.4
> > >   #
> > > Index: configs/r-platteville-hub
> > > ===
> > > retrieving revision 1.274
> > > diff -u

Re: [rancid] Fortigate additional tweaks and device filters

2018-07-31 Thread heasley
Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:
> Hi Heasley and folks,
> 
> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to
> filter out some additional chattiness, see:
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html
> 
> A few people chimed in seeming to be OK with the propsed changes, which are
> to filter these things:
> 
> next if (/^\s*IPS-ETDB: .*/);
> next if (/^\s*APP-DB: .*/);
> next if (/^\s*IPS Malicious URL Database: .*/);
> next if (/^\s*Botnet DB: .*/);
> 
> Mentioning this as 3.8 came out and i didn't notice any of these included.
> 
> We have an additional fortigate tweak we make every time we update too,
> which to change from 'show full-configuration' to just 'show' in
> @commandtable. 'full-configuration' shows default config, just like the
> cisco 'full' command. It's really not necessary IMO.

This is from:
r2258 | heas | 2010-10-11 20:49:05 + (Mon, 11 Oct 2010) | 3 lines

fnrancid: update recent fortinet software - Diego Ercolani
Cleaned-up a little by me.

afaict, the justification for full-configuration was so that VDOMs would
be included in the output.  perhaps this behavior has changed since this
change??  I have none of these devices.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Fortigate additional tweaks and device filters

2018-08-03 Thread heasley
Fri, Aug 03, 2018 at 03:34:05PM +, Nick Nauwelaerts:
> i guess the fortinet module could use some polishing. it does a great job for 
> getting a complete running config backup. but other information could 
> certainly be welcome to.
> 
> perhaps i'll have a look at converting it to a library later on, then you can 
> just comment out the modules you have no interest in. but that will have to 
> wait until i get aerohive hiveos polished a bit.

i'll convert it, but someone needs to commit to testing it for me, since i
have none of these devices.

> // nick
> 
> 
> -Original Message-
> From: Rancid-discuss [mailto:rancid-discuss-boun...@shrubbery.net] On Behalf 
> Of heasley
> Sent: Friday, August 3, 2018 00:16
> To: Chris Wopat 
> Cc: rancid-discuss@shrubbery.net
> Subject: Re: [rancid] Fortigate additional tweaks and device filters
> 
> Thu, Aug 02, 2018 at 09:25:30AM -0500, Chris Wopat:
> > > Wed, Aug 01, 2018 at 08:37:03AM +, Nick Nauwelaerts:
> > >> hm,
> > >> i actually like to have those versions in the output. if something 
> > >> breaks my first reaction tends to be: "what changed?", and rancid is 
> > >> usually the first place i check.
> > >>
> > >> would it be an option to control this with FILTER_OSC , even though its 
> > >> not quite it's intended application?
> > > Could be; what are they?  version stamp of what exactly?
> > >
> >
> >
> > My additions to filter are based on the fact that there's already a
> > block of these being filtered, this is just 'more of the same' chatty
> > stuff that changes daily.
> >
> > I'd say go one way or another- add more similar filters (my suggestion)
> > or do none or have a toggle-able option. FILTER_OSC sounds more like
> > it's for security stuff, so that doesn't seem like the best fit to me.
> >
> > Has a new FILTER_CRUFT type of option been discussed in the past? Unsure
> > if this fits the category of any other previously discussed things.
> 
> it was intended for stuff that oscillated but is still desirable (by some).
> so, seems to fit the application, perhaps for the other similar filters.
> again, i dont know the platform, so I need input.
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> 
> 
> Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | 
> Twitter<https://twitter.com/aquafinnv> | 
> YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> 
> | LinkedIN<http://www.linkedin.com/company/aquafin/products>
> 
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin 
> persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de 
> betrokkenen zijn, kan je nalezen in onze privacy 
> policy<https://www.aquafin.be/nl-be/privacy-policy>.
> 
> [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
>   P Denk aan het milieu. Druk deze mail niet onnodig af.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Ciena Waveserver 1.6 - fluctuating power values + other improvement suggestions

2018-08-03 Thread heasley
Fri, Aug 03, 2018 at 11:29:03AM -0500, Chris Wopat:
> We recently upgraded some Ciena Waveservers to v1.6, Ciena added power draw
> info to the output of "show chassis". That value fluctuates a lot, causing
> diffs on most rancid-runs. looking to see the best method to filter it out.
> 
> Attached is a .txt file (or see
> https://falz.net/static/waveserver-1.6-chassis.txt)  with sample output
> from 1.5 and 1.6m where the power column was added as well as a new box
> displaying a total power value, which also fluctuates.
> 
> Is there a quick and easy way to filter out just the power values? If not,

does the patch below do it?  I no longer have any of these devices.

> a proposed solution would be to run these commands instead of 'chassis
> show':
> 
> chassis show capabilities
> chassis show mac
> 
> These would not show the power related info, but it would show the rest of
> whats normally in the 'chassis show command'.
> 
> While looking in to this issue, we also notice that the command 'software
> show' is run, but our diffs never show the output of it. If i run this via
> command line, it does show output.

what does the cmd output look like?  output from one of ours looked like:

! WS>  software show
! + ACTIVE RELEASE INFORMATION ---+
! | Parameter | Value |
! +---+---+
! | Version   | 1.0.1 |
! | Build | ae03  |
! | Build Date| 2015.12.16-13:36.17   |
! | Catalog Name  | 1.0.1-ae03_svrbuild_wvsrvr|
! +---+---+-+-+
! | Release Component | Version   | Build   | State   |
! +---+---+-+-+
! | Waveserver OS | 1.0.1 | ae03| Active  |
! | WS Control Datapath Firmware  | 1.0.1 | ae03| Active  |
! | WS Wavelogic Firmware | 1.0.1 | ae03| Active  |
! | WS Controller App | 1.0.1 | ae03| Active  |
! | WS Datapath App   | 1.0.1 | ae03| Active  |
! | WS Management App | 1.0.1 | ae03| Active  |
! | WS MIB| 01-00-00  | 00  | Active  |
! | WS YANG   | 01-00-00  | 00  | Active  |
! | WS HW-ID  | 003   | 00  | Active  |
! | WS SW-ID  | 01| 00  | Active  |
! +---+---+-+-+

> Lastly, there's a few other useful commands that I could see being added
> fairly painlessly that show some useful information. Some of these came
> from looking at what Juniper does already and some are unique to Fortigate
> (the service things).
> 
> alarm show
> blade show
> license client show
> license file list
> service-domain show
> service show map

you have to show me output of these.

Index: wavesvros.pm.in
===
--- wavesvros.pm.in (revision 3846)
+++ wavesvros.pm.in (working copy)
@@ -103,6 +103,7 @@
 # This routine parses "chassis show"
 sub ShowChassis {
 my($INPUT, $OUTPUT, $cmd) = @_;
+my($PSW) = 0;
 print STDERR "In ShowChassisClocks: $_" if ($debug);
 
 # include the command
@@ -113,8 +114,8 @@
last if (/^$prompt/);
/no matching entry found/ && return(-1);# unknown cmd
 
-   # skip fan status
-   if (/CFU FAN STATUS/) {
+   # skip fan status/chassis power draw
+   if (/(cfu fan status|chassis power summary)/i) {
while (<$INPUT>) {
tr/\015//d;
return(-1) if (/^$prompt/);
@@ -121,6 +122,20 @@
last if (/^\s*$/);
}
}
+   # filter PS wattage from power supply status
+   if (/(cfu fan status|chassis power summary)/i) {
+   while (<$INPUT>) {
+   tr/\015//d;
+   return(-1) if (/^$prompt/);
+   $PSW = 1 if (/power \(w\)/i);
+   if ($PSW && /^(|[^|]+){7,}|\s+([0-9.]+ |)/) {
+   ProcessHistory("","","","! $1|\n");
+   } else {
+   ProcessHistory("","","","! $_");
+   }
+   last if (/^\s*$/);
+   }
+   }
 
ProcessHistory("","","","! $_");
 }

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Help Using git with RANCID

2018-08-16 Thread heasley
Wed, Aug 15, 2018 at 08:17:28PM +, Ryan Melville:
> Hi,
> 
> I have tried my darndest to git RANCID working with a remote git server based 
> on the few web articles and forum threads, but am still missing something.  
> Assistance would be appreciated.
> 
> rancid.conf
> LIST_OF_GROUPS="all"
> RCSSYS=git; export RCSSYS
> CVSROOT=$BASEDIR/repos; export CVSROOT
> 
> I ran sudo -H -u rancid /mnt/rancid/rancid/bin/rancid-cvs and it seemed happy.

perfect.
cd $BASEDIR/
git remote add  
git remote set-url --add --push origin $CVSROOT/all
git remote set-url --add --push origin 

test (and initial push) it:
git push 
This must not require interactive authentication, which i leave to your
own research.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] [patch] fluctuating data from cisco-nx

2018-08-18 Thread heasley
Fri, Aug 17, 2018 at 10:16:51PM +0300, Pavel Korovin:
> Dear all,
> 
> There are several issues with fluctuating data received from Cisco Nexus
> platform (55xx, 77xx):
> 
> * accounting logs filenames are named as accounting_log,
>   accounting_log.0, etc. These filenames are not filtered out from the
>   output
> 
> * "show interface transceiver" command introduced in v3.8 produces huge
>   (temperature, current, power & voltage); imagine how much output produces
>   N5596 with 96 ports/transceivers. I propose to filter out this output
>   if FILTER_OSC != NO
> 
> * if PAR_COUNT is > 1 (by default, it's 5) and rancid simultaneously runs
>   "show version" in multiple VDCs on the same device, bootflash size

slot0 too?  or just bootflash?

>   values hop between 0 and actual size, with each invocation producing cvs
>   commits and change notifications. To reproduce, run "show ver"
>   simultaneously on multiple VDCs. It seems that NX-OS requires exclusive
>   access to hardware to determine the size of bootflash and fails during
>   concurrent access. I cannot offer any better solution than just
>   providing a knob to filter out bootflash size fluctuations by setting
>   FILTER_OSC = ALL.
> 
> Please see the diff attached.
> 
> -- 
> With best regards,
> Pavel Korovin

> $OpenBSD$
> 
> Index: lib/nxos.pm.in
> --- lib/nxos.pm.in.orig
> +++ lib/nxos.pm.in
> @@ -186,7 +186,7 @@ EndSoftware:
>   }
>   }
>  EndHardware:
> - if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/) {
> + if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/ && ($filter_osc < 2)) {
>   my($tmp) = int($2 / 1024);
>   ProcessHistory("COMMENTS","keysort","B1",
>  "!Memory: $1: $tmp MB$3\n");
> @@ -496,8 +496,8 @@ sub DirSlotN {
>   # Drop bootvar_debug log files
>   /\s+bootvar_debug\./ && next;
>  
> - # Drop accounting.log
> - /\s+accounting\.log$/ && next;
> + # Drop accounting logs
> + /\s+accounting.log.*/ && next;

was removal of the escape of the . intentional?

>   # Drop vtp_debug.log and vtp_debug_old.log CDETS bug CSCuy87611
>   /\s+vtp_debug(_old)?\.log$/ && next;
> @@ -574,6 +574,9 @@ sub ShowIntTransceiver {
>   return(-1) if (/No token match at /);   # 1000v
>   return(-1) if (/\% Permission denied/);
>   return(-1) if (/command authorization failed/i);
> + 
> + # filter out oscillating data from transceivers if FILTER_OSC != NO
> + next if (/(Temperature|Current|Power|Voltage)\s+:/ && ($filter_osc >= 
> 1));

The ones that I have access to, do not include this. :)  It seems to always
be approperiate to filter this, so I've removed the FILTER_OSC knob.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-08-25 Thread heasley
Thu, Aug 23, 2018 at 12:32:38PM +0100, Howard Jones:
> Reaping a thread, but I think I finally got this fixed now. The
> bigip.pm overrides TERM with "vt100", always. The prompt is so long
> (70 chars on my test box!) that the command scrolls within its line
> (although without ^H), so the cmds_regexp never matches. Changing the
> TERM line to "screen-w" in bigip.pm resolves it.
> 

what version are you running?  the TERM was changed to vt100-w in rancid
3.3.

> 
> 
> On 8 May 2018 at 16:20, heasley  wrote:
> > Tue, May 08, 2018 at 02:39:06PM +0100, Howard Jones:
> >> Definitely something funky going on. The .raw file left behind from
> >> cron is different from the one if I run the same in a subshell.
> >>
> >> The front 9 or so characters of commands are chopped off, which would
> >> explain why I get "missed all commands".
> >> Also, it's trying to send Cisco terminal commands, although those are
> >> just ignored, so probably not the immediate issue.
> >>
> >> I checked with hexdump, and there don't seem to be lots of ^H or
> >> anything like that redrawing the prompt. Although, for those terminal
> >> commands, there's:
> >>
> >>terminal  ^Hwidth 132^M
> >>
> >> but not in the non-cron version. Nothing else like that further on.
> >>
> >> In the output below, ssh-no-pubkey is a one-liner shellscript to avoid
> >> Cisco Nexus complaining about too many authentication fails, when
> >> pubkeys are loaded:
> >>
> >>ssh -o PubkeyAuthentication=no $*
> >
> > exec ssh -o PubkeyAuthentication=no $*
> >>
> >> I just checked and from a normal command line, the F5 doesn't scroll
> >> the command horizontally or anything strange.
> >>
> >> Any ideas where I can look next? If it was telnet, I'd capture the
> >> traffic, but it doesn't look like wireshark will do much with the
> >> encrypted part of SSH captures.
> >>
> >> Howard
> >
> > probably the most likely cause is that its assuming the client will
> > have a terminal (TERM) type and it makes further assumptions when it
> > doesnt.  But, it looks like bigip IS setting the term to vt100.  Can
> > you trying setting your interactive TERM to vt100 to see if that
> > reproduces it?
> >
> > Else, it might need other tty intrinsics; so, perhaps try hlogin with
> > it, but it will need that 'quit' patch.
> >
> > is f5 supporting NETCONF?
> >
> >> executing clogin -t 90 -c"modify cli preference pager disabled
> >> display-threshold 0;show sys version;show sys hardware;show sys
> >> license;show /net route static;list all-properties recursive" lb01
> >>
> >> lb01
> >> spawn /opt/rancid/local/ssh-no-pubkey -c aes192-ctr -x -l rancidconfbackup 
> >> lb01
> >> Password:
> >> Last login: Tue May  8 12:40:30 2018 from 192.168.0.27^M
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
> >> terminal length 0
> >> Syntax Error: unexpected argument "terminal"
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
> >> terminal width 132
> >> Syntax Error: unexpected argument "terminal"
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# i
> >> preference pager disabled display-threshold 0
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#version

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-08-26 Thread heasley
Sun, Aug 26, 2018 at 09:36:54AM +0100, Howard Jones:
> On Sat, 25 Aug 2018 at 23:43, heasley  wrote:
> 
> > Thu, Aug 23, 2018 at 12:32:38PM +0100, Howard Jones:
> > > Reaping a thread, but I think I finally got this fixed now. The
> > > bigip.pm overrides TERM with "vt100", always. The prompt is so long
> > > (70 chars on my test box!) that the command scrolls within its line
> > > (although without ^H), so the cmds_regexp never matches. Changing the
> > > TERM line to "screen-w" in bigip.pm resolves it.
> > >
> >
> > what version are you running?  the TERM was changed to vt100-w in rancid
> > 3.3.
> 
> 
> Huh, that’s odd. I’m running 3.6.

Not sure what to tell you; might be a bug between the keyboard and chair.
Can you try a fresh 3.8?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Rancid vs tac_plus for IOS XR

2018-08-26 Thread heasley
Sun, Aug 26, 2018 at 03:14:37AM +, Piegorsch, Weylin William:
> aaa authorization exec default group TACACS_GROUP local
> aaa authorization commands default group TACACS_GROUP
> 
> I have this configured in tacacs_plus (among a bunch of other things, but 
> zero deny statements):
> 

> but I’m getting this result in rancid:
> 
> RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all nvram:
> 
> % This command is not authorized

that is not the same error that tacacs authorization failure creates,
afaik.  maybe remove the task thing and try only the tacacs author.  if
that works, then you know to complain to cisco.  sth like this from/for
ios-classic:

group = RO {
service = exec {
priv-lvl=15
}
cmd = show {
permit run
permit version
permit install
permit env
permit gsr
permit boot
permit bootvar
permit flash
permit controllers
permit controllers
permit diagbus
permit diag
permit c7200
deny .*
}
cmd = write {
permit term
deny .*
}
cmd = dir {
permit /all
deny .*
}
}

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-08-28 Thread heasley
Tue, Aug 28, 2018 at 11:21:04AM +0100, Howard Jones:
> On 26 August 2018 at 20:47, heasley  wrote:
> > Sun, Aug 26, 2018 at 09:36:54AM +0100, Howard Jones:
> >> On Sat, 25 Aug 2018 at 23:43, heasley  wrote:
> >>
> >> > what version are you running?  the TERM was changed to vt100-w in rancid
> >> > 3.3.
> >>
> >>
> >> Huh, that’s odd. I’m running 3.6.
> >
> > Not sure what to tell you; might be a bug between the keyboard and chair.
> > Can you try a fresh 3.8?
> 
> But which keyboard and chair? ;-)

right!

> I just downloaded a fresh 3.8 and this is what bigip.pm says:
> 
> # load-time initialization
> sub import {
> # force a terminal type so as not to confuse the POS
> $ENV{'TERM'} = "vt100";
> 
> 0;
> }
> 
> f5rancid has vt100-w, but as far as I can see, neither the bigip or
> bigip13 device type actually uses that anymore. (script is set to
> "rancid -t bigip"). It looks like it's used the module since 3.5 - I
> guess that change didn't make the transition?

ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin adding 'exit' command?

2018-08-28 Thread heasley
Tue, Aug 28, 2018 at 04:58:54PM +0100, Howard Jones:
> On 28 August 2018 at 14:48, heasley  wrote:
> >
> > ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
> > Would you test changing this to vt100-w?
> 
> No, vt100-w doesn't work with bigip13:
> 
> Warning, can't fully initialize terminal, TERM is set to
> "vt100-w", status (0)
> No entry for terminal type "vt100-w";

grumble.  One last bit; could you test clogin from ranicd 3.8 without altering
TERM?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Login to Dell N3048p switch

2018-08-22 Thread heasley
Tue, Aug 21, 2018 at 12:26:23PM -0400, Technology Support:
> I got Rancid 3.8 up and running and I am able to get email alerts. It works
> well with Cisco switch.
> However, our core switches are Dell N3048p.
> I tried many combinations in the router.db file like the below
> 
> *192.168.1.1;dell;up*
> *192.168.1.1;dlink;up*
> *192.168.1.1;smc;up*
> *192.168.1.1;force10;up*
> 
> This is based on what I was reading in several support forums.
> When I am running
> 
> */usr/local/rancid/bin/dllogin 192.168.1.1*
> OR
> 
> */usr/local/rancid/bin/clogin 192.168.1.1 *
> OR
> */usr/local/rancid/bin/hlogin 192.168.1.1*
> 
> 
> They are all able to login to the switch with no issue.

Section 3 Q 2 of the FAQ has basic testing procedure.  Please follow
this to narrow the problem.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] backing up ubiquiti edgerouter

2018-07-20 Thread heasley
Fri, Jul 20, 2018 at 10:19:38AM +0100, Craig Hopkins:
> Hi all,
> 
> Does anybody know the syntax for cloginrc and router.db for edgerouters?
> 
> I've tried various permutations and either:
> - it won't log in because there isn't an enable password
> - if I set autoenable to 1, it will log in but fail to back up:
> 
> $ clogin -t edgerouter MYDEVICE

ulogin

> MYDEVICE
> spawn ssh -x -l ubnt MYDEVICE
> Welcome to EdgeOS
> 
> By logging in, accessing, or using the Ubiquiti product, you
> acknowledge that you have read and understood the Ubiquiti
> License Agreement (available in the Web UI at, by default,
> http://192.168.1.1) and agree to be bound by its terms.
> 
> Linux MYDEVICE 3.10.107-UBNT #1 SMP Mon Mar 5 18:18:48 UTC 2018 mips64
> Welcome to EdgeOS
> Last login: Tue Apr 28 05:41:57 2015 from 2a00:my:ip:went::here
> 
> Error: TIMEOUT reached

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Username sent after login

2018-07-20 Thread heasley
Wed, Jul 18, 2018 at 06:18:44PM +, Marles, Rob:
> Thanks Dan
> 
> I was asking because I had searched and kept seeing articles that were close, 
> but not quite the same.
> 
> Your hint allowed me to find the post 
> http://www.shrubbery.net/pipermail/rancid-discuss/2018-June/010255.html
> 
> 
> I issued a “no aaa authentication login-history” and things appear to log in 
> without passing the second username.
> 
> Oddly, it still shows “missed cmd(s): show running-config view full, show 
> running-config”, “End of run not found”.  I guess it wasn’t related afterall.

grab the current alpha rancid tarball, that fixes this.  That will become
rancid 3.8 at some point today.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] backing up ubiquiti edgerouter

2018-07-20 Thread heasley
Fri, Jul 20, 2018 at 04:53:09PM +0100, Alex DEKKER:
> On 20/07/18 15:22, Craig Hopkins wrote:
> >
> >
> > That's only part of it, though. I still need the right .cloginrc 
> > commands. If I use ulogin, then:
> >
> > $ ulogin MYDEVICE
> > MYDEVICE
> > spawn ssh -x -l ubnt MYDEVICE
> > Welcome to EdgeOS
> >
> > By logging in, accessing, or using the Ubiquiti product, you
> > acknowledge that you have read and understood the Ubiquiti
> > License Agreement (available in the Web UI at, by default,
> > http://192.168.1.1) and agree to be bound by its terms.
> >
> > Linux MYDEVICE 3.10.107-UBNT #1 SMP Fri Jun 22 14:27:52 UTC 2018 mips64
> > Welcome to EdgeOS
> > Last login: Fri Jul 20 09:09:49 2018 from MY.IP.GOES.HERE
> > ubnt
> > ubnt@MYDEVICE:~$ ubnt
> > -vbash: ubnt: command not found
> > ubnt@MYDEVICE:~$
> >
> > Where is that extra "ubnt" coming from?
> 
> I expect the "Last login:" message is confusing ulogin and that's why it 
> sends the username again.

probably; thats new.  this ought to address that.

Index: bin/ulogin.in
===
--- bin/ulogin.in   (revision 3831)
+++ bin/ulogin.in   (working copy)
@@ -170,6 +170,12 @@
-nocase -re "^warning: remote host denied authentication agent 
forwarding." {
exp_continue;
}
+   -nocase -re "last login:" {
+   exp_continue
+   }
+   -nocase -re "failed login:" {   
+   exp_continue
+   }
eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
-nocase "unknown host\r" {
catch {close}; catch {wait};

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Weird commands on Cisco ASA

2018-08-30 Thread heasley
Thu, Aug 30, 2018 at 08:14:35PM +, Michael T. Voity:
> Hello,
> 
> I have a firewall that has not been updated by rancid for a few days.
> 
> Upon investigation I did some testing from the server found this -
> 
> Looks like it is adding the command 'rancid' after it logs in.
> 
> This is my only device that does it,   among the 50+ that rancid is polling.
> 
> [rancid@netwatch bin]$ ./clogin 
> 
> spawn ssh -c aes256-ctr -x -l rancid 
> rancid@'s password:
> User rancid logged in to 
> Logins over the last 78 days: 6800.  Last login: 16:04:41 EDT Aug 30 2018 
> from 

please upgrade to rancid 3.8

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Rancid and Brocade 6510

2018-09-07 Thread heasley
Wed, Sep 05, 2018 at 01:37:23PM +, Vivien FRENOT:
> Hello,
> 
> We are deploying Rancid to backup the configuration of our switches, but I'm 
> having issues with Brocade 6510. I've seen in 'rancid.types.base' a Brocad 
> entry that may do the job, but, there's no module for it.
> 
> # Brocade
> #XXX brocade;script;rancid -t brocade
> brocade;login;brlogin
> #XXX brocade;module; XXX
> #XXX brocade;inloop; XXX
> #XXX brocade;command;XXX::ChassisShow;chassisShow
> #XXX brocade;command;XXX::FirmwareShow;firmwareShow
> #XXX brocade;command;XXX::FirmwareShow;version
> #XXX brocade;command;XXX::FirmwareShow;zoneshow
> #XXX brocade;command;XXX::FirmwareShow;portcfgshow
> #XXX brocade;command;XXX::Fosconfig;fosConfig --show
> #XXX brocade;command;XXX::IpAddrShow;ipAddrShow
> #XXX brocade;command;XXX::LicenseShow;licenseShow
> #XXX brocade;command;XXX::DomainsShow;domainsShow
> #XXX brocade;command;XXX::ConfigShow;configShow
> #
> 
> There was a discussion started in 2015 about it 
> (http://www.shrubbery.net/pipermail/rancid-discuss/2015-May/008408.html) but 
> no one seems to actually answerd this.
> 
> Any Ideas ?

does brlogin work, according to the tests in the FAQ S3 Q2?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

2018-03-10 Thread heasley
Sat, Mar 10, 2018 at 04:52:37AM +, Piegorsch, Weylin William:
> Have you tried specifying all the cyphertypes your system support?  I 
> manually ran the command ssh -vvv  and read the (incredibly 
> plentiful) output to find what my system was offering; then, I just specified 
> all of them in .cloginrc.  The target system will only accept those cypher it 
> supports, so there's no harm to the SSH protocol to offer as many as you want.

see ssh -Q

Also, these can be placed these in ~/.ssh/config or /etc/ssh/ssh_config so
that they work outside of rancid too.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Questions about sub ProcessHistory

2018-04-05 Thread heasley
Thu, Apr 05, 2018 at 08:18:57PM +, Gauthier, Chris:
> That helps, but does not completely help me understand what values are 
> "valid" in the 3rd arg.  I couldn't quite figure it out from the code.  I 
> tried.  I looked at the man page, different sections of the source, but it's 
> just not making sense.

a string; a number should also work but with keynsort.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Questions about sub ProcessHistory

2018-04-05 Thread heasley
Thu, Apr 05, 2018 at 05:55:57PM +, Gauthier, Chris:
> I’m trying to get my Aruba Instant access points to be backed up by rancid 
> and I’m using the module developed by miken32, but it really doesn’t support 
> a lot of the Aruba stuff that I have.  I’m trying to add a few extra 
> functions into the perl module, but have run into some difficulty with `sub 
> ProcessHistory` in rancid.pm.  I’ve read the description, but am not 
> understanding the third argument.
> 
> For example:
> ProcessHistory("COMMENTS","keysort","D99","!$_");   (from the aruba.pm file)
> 
> Or
> 
> ProcessHistory("COMMENTS","keysort","F1", "!Image: $_")  (from the ios.pm 
> file)
> 
> What is the function of the “D99” and “F1” arguments and how do I leverage 
> them for my own function?  And, what is the string in the last argument used 
> for?

3rd arg is the argument to the 2nd arg, for keysort, its the key.  4th
arg is data/payload to be stored and later output.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Questions about sub ProcessHistory

2018-04-05 Thread heasley
Thu, Apr 05, 2018 at 09:59:23PM +, Gauthier, Chris:
> So, more specifically, how is that string used as an argument?  What's the 
> significance of the "D99" or the "F1" or whatever the other value is?  That's 
> the part I'm not sure about.  I want to leverage the ProcessHistory function 
> with the keysort, but don't know what the argument value should be or how I 
> determine what it should be.

its the sort key.  what _is_ sorted.

> Thanks,
> Chris
> 
> 
> 
> Chris Gauthier Senior Network Engineer | comScore, Inc.
> t +1 (503) 331-2704 |
> cgauth...@comscore.com
> 317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
> comscore.com
> ​​​This e-mail (including any attachments) may contain information that is 
> private, confidential, or protected by attorney-client or other privilege. If 
> you received this e-mail in error, please delete it from your system and 
> notify sender.
> -Original Message-
> From: heasley <h...@shrubbery.net>
> Date: Thursday, April 5, 2018 at 1:58 PM
> To: "Gauthier, Chris" <cgauth...@comscore.com>
> Cc: heasley <h...@shrubbery.net>, "rancid-discuss@shrubbery.net" 
> <rancid-discuss@shrubbery.net>
> Subject: Re: [rancid] Questions about sub ProcessHistory
> 
> Thu, Apr 05, 2018 at 08:18:57PM +, Gauthier, Chris:
> > That helps, but does not completely help me understand what values are 
> > "valid" in the 3rd arg.  I couldn't quite figure it out from the code.  I 
> > tried.  I looked at the man page, different sections of the source, but 
> > it's just not making sense.
> 
> a string; a number should also work but with keynsort.
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] RANCID-Permission denied, please try again.

2018-04-08 Thread heasley
Sun, Apr 08, 2018 at 06:46:26PM +, Sathish Kumar. Ippani:
> 
> Hi All,
> 
> I have recently installed Rancid and added device. But when I try run 
> ""/usr/local/rancid/bin/clogin"" I am getting Permission denied, please try 
> again and Error: Check your passwd.
> But I am able to ssh same device with same logins, which I have configured in 
> /home/rancid/.cloginrc.
> 
> Could you please suggest where I have done mistake.

see cloginrc(1) [Mm] options and the FAQ section 3 Q2..

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] fortigate fnlogin problem (and a workaround)

2018-04-05 Thread heasley
Thu, Apr 05, 2018 at 11:00:30AM +0200, Ak Sn:
> Hi
> 
> I had the same error. See the message
> http://www.shrubbery.net/pipermail/rancid-discuss/2018-April/010180.html
> from heasly
> rancid 3.7 and the changed fnlogin file from 3.99 works perfect in my setup!
> 
> ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.99.99.tar.gz

Sorry; this will be 3.8 soonish.  i have 2 things remaining to fix/add
before cutting 3.8.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Error when trying to back up a JunOS device, SRX100

2018-04-21 Thread Heasley
Sat, Apr 21, 2018 at 10:48:42AM +, Lauri Haveri:
> Hello,
> 
> I just wanted to tell that little over one week ago I was able to fix this 
> error by using an account that had admin-rights. The ones I used previously 
> were root-account and read-only account.

the root account typically receives a unix prompt, which the scripts do not
expect.

> Now the same problem is facing me with a “HP procurve 2510”. I have assigned 
> an account with manager-rights and configured it to .cloginrc file. I am able 
> to login to the HP Switch by using command “/var/lib/rancid/bin/clogin 
> DEVICENAME”
> 
> Do you have any idea if there are any special things to be considered in HP 
> Switches?

rancid -t hp -C hostname

will give you the complete command that rancid will run; use that for testing.
Also, see the FAQ section 3 qestion 2.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Error when trying to back up a JunOS device, SRX100

2018-04-25 Thread Heasley
Wed, Apr 25, 2018 at 03:28:03PM +, Lauri Haveri:
> Thank you for the fast reply.
> 
> Where should the command "rancid" be executed? 
> 
> I have logged in as the users "rancid" and "root" have ran the command 
> "rancid -t hp -C DEVICENAME" in the folder ("/var/lib/rancid/bin/") that has 
> the executable file "rancid", but it just produces "rancid: command not 
> found".
> 
> I also typed the whole path to command "/var/lib/rancid/bin/rancid -t hp -C 
> hostname" I just get the following output: "hlogin -t 90 -c '' DEVICENAME.
> 
> Am I doing it wrong?

Sorry; thats my fault; hp still uses the rancid 2.x method;  so,
hrancid -C hostname.

> BR,
> Lauri
> 
> -Original Message-
> From: Heasley <h...@shrubbery.net> 
> Sent: lauantai 21. huhtikuuta 2018 18.44
> To: Lauri Haveri <lauri.hav...@alsocloudsolutions.fi>
> Cc: Emille Blanc <emi...@abccommunications.com>; Rancid-discuss@shrubbery.net
> Subject: Re: [rancid] Error when trying to back up a JunOS device, SRX100
> 
> Sat, Apr 21, 2018 at 10:48:42AM +, Lauri Haveri:
> > Hello,
> > 
> > I just wanted to tell that little over one week ago I was able to fix this 
> > error by using an account that had admin-rights. The ones I used previously 
> > were root-account and read-only account.
> 
> the root account typically receives a unix prompt, which the scripts do not 
> expect.
> 
> > Now the same problem is facing me with a “HP procurve 2510”. I have 
> > assigned an account with manager-rights and configured it to .cloginrc 
> > file. I am able to login to the HP Switch by using command 
> > “/var/lib/rancid/bin/clogin DEVICENAME”
> > 
> > Do you have any idea if there are any special things to be considered in HP 
> > Switches?
> 
> rancid -t hp -C hostname
> 
> will give you the complete command that rancid will run; use that for testing.
> Also, see the FAQ section 3 qestion 2.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] Hauwei VRP

2018-03-28 Thread heasley
It is incomplete, but we‘ve added support for Hauwei VRP-based devices. It
can be found in the current alpha image or the svn repo.

Again, incomplete, but welcome feedback from folks.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] Cisco FirePower / FX-OS information needed

2018-03-26 Thread heasley
FX-OS is somewhat different from IOS* and ASA.  In trying to write a rancid
module for it, I'm having trouble find access to one or a complete example
of a config.

So, if anyone has a Cisco FirePower (FX-OS) devie, not the FirePower s/w
module that is supported on some ASAs, that they could allow me to access
remotely or from which they could provide a full config and some testing,
please contact me.

Thanks

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Fortigate Cluster uptime

2018-03-29 Thread heasley
Wed, Mar 28, 2018 at 02:51:38PM +, Chris Davis:
> Just ran into this as well when I upgraded my clusters.  I was wondering if 
> this change has been added to the distribution.  Probably be a good time for 
> me to upgrade Rancid if it has been.
> 

it is in 3.7.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


[rancid] fortigate login

2018-04-03 Thread heasley
A user recently reported a problem with fnlogin to a Fortigate device.
While they have reported the changes to fnlogin are working for them,
I'd welcome confirmation from other users.  The problem was primarily
in the initial prompt matching.

http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/bin/fnlogin.in
OR
ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.99.99.tar.gz

tia.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] hash key triggers cvs

2018-03-19 Thread heasley
Mon, Mar 19, 2018 at 09:41:06AM +, marktpl 97:
> Hi,
> 
> The config I download with rancid 3.6 works just fine. One thing is 
> bugging me.
> 
> The config contains a line like this : server host 192.168.1.1 key 
> "b2d85dfa2c6950184c35b6647b5c7a"
> The hash changes every time you check the config, which triggers CVS.
> When I add : /^server .*key/ && next;
> to the perl module, CVS is no longer triggered, but the line does no 
> longer appear in my backup file.

what type of device?  and have you set FILTER_PWDS or FILTER_OSC in
rancid.conf?

> Is there a way to store the line (without the hash is fine by me) in the 
> config and not trigger CVS?
> 
> Kind regards,
> Mark T
> 
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Error when trying to back up a JunOS device, SRX100

2018-03-21 Thread Heasley


> Am 21.03.2018 um 20:43 schrieb Lauri Haveri 
> :
> 
> Hello all,
>  
> I am setting up a test enviroment on Ubuntu 16.04 before Rancid will go to a 
> production enviroment. 
> 
> Everytime I run Rancid I get the following error:
> 
> “Use of uninitialized value $_ in pattern match (m//) at 
> /usr/share/perl5/rancid/junos.pm line 135
> Use of uninitialized value $_ in pattern match (m//) at 
> /usr/share/perl5/rancid/junos.pm line 140
> 3-test-fw01: missed cmd(s): show configuration, show version invoke-on 
> other-routing-engine, show system core-dumps, show version detail
> 3-test-fw01: End of run not foud
> # Error: TIMEOUT reached”
>  
> When I go the the part that the log (/usr/share/perl5/rancid/junos.pm) tells 
> me, the part is following:
>  
> “$rval = {$commands{$cmd}}{$INPUT, $OUTPUT, $cmd};
> delete($commands{$cmd});
> if {$rval == -1} {// this is the line 135
>$clean_run = 0;
>last TOP;
> }
> if (/>\s*quit/){  // this is line 140
> $clean_run=1;
> last;
> }”
> 
> The command I am using to run Rancid is:
> “sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid”
> 
> Could you please help me?

You havent told us what version of rancid nor from where you retrieved it. If 
its not 3.7, please start there. If it already is, but it is a ubuntu package, 
please try an install from source. 

>  
> Kind regards,
> Lauri
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Error when trying to back up a JunOS device, SRX100

2018-03-22 Thread heasley
Thu, Mar 22, 2018 at 04:02:43PM +, Lauri Haveri:
> Hello again and thanks for the answers!
> 
> My device happens to be SRX100b and version of the Rancid is 3.3.
> 
> I got from “apt-get install rancid cvs”

Please install rancid 3/7.  It is available here:
ftp://ftp.shrubbery.net/pub/ranciD

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] signing key?

2018-03-24 Thread heasley
Thu, Mar 22, 2018 at 04:13:35PM -0400, Lee:
> On 3/22/18, Boheme <boh...@gmail.com> wrote:
> > gpg --search-keys h...@shrubbery.net
> 
> Thanks, but that's not the positive ack I'm looking for.
> 
> Maybe he did use a key created in 1996 & maybe that really is his key,
> but I'd rather get the fingerprint from him instead of just searching
> for a key that works.

i hadnt noticed that it was using the old key; the tool behavior changed
and i didnt notice.  future sigs will use the more recent key/subkey.

> $ gpg --verify rancid-3.7.tar.gz.sig rancid-3.7.tar.gz
> gpg: Signature made Wed, Mar  7, 2018  7:32:42 PM EST
> gpg:using RSA key 0x4B2BDD527A774C09
> gpg: Can't check signature: public key not found
> 
> $ gpg --search-keys h...@shrubbery.net
> gpg: searching for "h...@shrubbery.net" from hkps server
> hkps.pool.sks-keyservers.net
> (1) John Heasley <h...@shrubbery.net>
>   2048 bit RSA key 0xFC860A57C2B34FCB, created: 2015-07-06
> (2) John Heasley <h...@shrubbery.net>
>   2048 bit DSA key 0x4472A69EB6650559, created: 2015-04-23
> (3) John Heasley <h...@shrubbery.net>
>   1024 bit RSA key 0x0A5CE6407A774C09, created: 2014-06-16 (revoked)
> (4) John Heasley <h...@shrubbery.net>
>   1024 bit RSA key 0x4B2BDD527A774C09, created: 1996-12-20
> Keys 1-4 of 4 for "h...@shrubbery.net".  Enter number(s), N)ext, or Q)uit > q
> 
> 
> 
> >> On Mar 22, 2018, at 11:07 AM, Lee <ler...@gmail.com> wrote:
> >>
> >>> On 3/22/18, heasley <h...@shrubbery.net> wrote:
> >>> Thu, Mar 22, 2018 at 01:46:09PM -0400, Lee:
> >>>>> On 3/22/18, heasley <h...@shrubbery.net> wrote:
> >>>>> Thu, Mar 22, 2018 at 04:02:43PM +, Lauri Haveri:
> >>>>>> Hello again and thanks for the answers!
> >>>>>>
> >>>>>> My device happens to be SRX100b and version of the Rancid is 3.3.
> >>>>>>
> >>>>>> I got from “apt-get install rancid cvs”
> >>>>>
> >>>>> Please install rancid 3/7.  It is available here:
> >>>>> ftp://ftp.shrubbery.net/pub/ranciD
> >>>>
> >>>> Which has a detached sig -- thank you!!  But what key was used for
> >>>> signing?
> >>>
> >>> mine
> >>
> >> touché
> >>
> >> I don't have your key, so verifying the fingerprint would be nice; a
> >> file I can gpg --import even better
> >>
> >> Thanks
> >> Lee

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] New Cisco ASA Login Failure

2018-03-05 Thread heasley
Mon, Mar 05, 2018 at 02:48:56PM +, Piegorsch, Weylin William:
> Hello,
> 
> I have a Cisco ASA 5506X device I just deployed (running 9.8(2)20 version), 
> that rancid’s not logging into properly.  Clogincrc is set to method {telnet 
> ssh} because there’s a plethora of really really old devices that hang when I 
> try the other way around (and we haven’t been funded to refresh them nor 
> authorized to remove them).
> 

A fix for this will be in the next version.  you can grab clogin from
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid/ or the alpha
from ftp://ftp.shrubbery.net/pub/rancid/alpha/

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] stopping command from being run

2018-06-28 Thread 'heasley'
Thu, Jun 28, 2018 at 08:48:07AM +0300, Vacheslav:
> Well I didn't figure out how to edit the .conf, so I'll just reedit IT on
> upgrade :)

vi? emacs? ed? sed?

its the same format as .base and in the same directory.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

2018-10-12 Thread heasley
Fri, Oct 12, 2018 at 03:36:20PM +, Piegorsch, Weylin William:
> ...with the exception of “if (!$clean_run || !$found_end)”.  For some reason 
> I don’t understand, I keep getting “End of run not found”. I’ve attached .raw 
> and .new files following an execution of “NOPIPE=YES rancid -d -t cisco-wlc5 
> ”.  I’m guessing it’s somehow related to how the session closes, but 
> that’s a 100% guess. Any idea how I can resolve?

the device isnt echoing the \r\n at the logout.  i think this will fix it:

Index: lib/ciscowlc.pm.in
===
--- lib/ciscowlc.pm.in  (revision 3875)
+++ lib/ciscowlc.pm.in  (working copy)
@@ -42,10 +42,6 @@
 
 TOP: while(<$INPUT>) {
tr/\015//d;
-   if (/^.*logout(\s*Connection.*closed.*)?$/)  {
-   $clean_run = 1;
-   last;
-   }
if (/^Error:/) {
print STDOUT ("$host wlogin error: $_");
print STDERR ("$host wlogin error: $_") if ($debug);
@@ -78,6 +74,10 @@
last TOP;
}
}
+   if (/^.*logout(\s*connection.*closed.*)?$/i) {
+   $clean_run = 1;
+   last;
+   }
 }
 }
 
@@ -91,6 +91,7 @@
 while (<$INPUT>) {
 tr/\015//d;
 tr/\020//d;
+   last if (/^$prompt/);
 
next if (/^\s*rogue ap classify/);
next if (/^\s*rogue (adhoc|client) (alert|unknown)/i);
@@ -118,7 +119,6 @@
ProcessHistory("","","","!$1 \n"); next;
}
 
-   last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
 
$linecnt++;

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

2018-10-12 Thread heasley
Fri, Oct 12, 2018 at 03:36:20PM +, Piegorsch, Weylin William:
> send -h "exit\r"
> 
> I changed that line to '   send -h "logout\r"   ', and now I'm getting a 
> clean logout.  Wlogin from 3.8 seems to fix this from reading through 
> wlogin.in (I couldn't fudge things to get wlogin-3.8 to work and still use 
> the rest of the 3.4.1 files).

that is right.  if you installed 3.4.1 from source, you can probably just
copy wlogin.in from 3.8 over that of 3.4.1, build and install.

> In addition to catching these two -re match blocks in run_commands (I 
> actually need both, it wouldn't work at all when I tried to combine them), 
> that seems to have cleared up all the issues I have
> 
>-re "^--More or .*" { send " "
>   exp_continue
> }
> -re "^--More-- .*"  { send " "
>   exp_continue
> }

3.8 has versions of these; it is not clear to me if you are saying that
you added these to 3.8, or if you needed them in addition to what is in
3.8.

> ...with the exception of “if (!$clean_run || !$found_end)”.  For some reason 
> I don’t understand, I keep getting “End of run not found”. I’ve attached .raw 
> and .new files following an execution of “NOPIPE=YES rancid -d -t cisco-wlc5 
> ”.  I’m guessing it’s somehow related to how the session closes, but 
> that’s a 100% guess. Any idea how I can resolve?
> 

i'll look.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] error after migrating to new server

2018-10-16 Thread heasley
Tue, Oct 16, 2018 at 03:06:53PM +, Andrew Meyer:
> Is this a perl/python or something else command?  I think I found the package 
> in Amazon Linux. 

its a command that comes with rancid.  my guess is one of

- you copied rancid from another machine and missed it
- the pre-built package you installed is broken
- you copied rancid.conf from another machine and its PATH doesnt match,
  so it cant find par.
- you deleted it somehow
- you're using an old version of rancid, when par was a perl script, and
  the interpretter line is wrong
- par lacks executable mode bits

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] FortiGate - config fetch ends prematurely - hash-mark in config file

2018-10-18 Thread heasley
Wed, Oct 17, 2018 at 04:36:35AM +, Ni Ne:
> Noticed that a full config backup of some of our FortiGates have been failing 
> due to a hash-mark (#) present in the configuration itself. FortiGates let 
> you add comments to nearly any objects. The comment field is free-form, best 
> I can tell, and lets you insert hash-mark characters. For example a service 
> object had this configuration causing the rancid run to fail at the offending 
> line of "set comment":
> 
> --
> config firewall service custom
> edit "TCP/UDP-4118-4122"
> set proxy disable
> set category ''
> set protocol TCP/UDP/SCTP
> set helper auto
> set check-reset-range default
> set comment "Ticket # 123456"
> set color 1
> set visibility enable
> set iprange 0.0.0.0
> set fqdn ''
> set tcp-portrange 4118-4122
> set udp-portrange 4118-4122
> unset sctp-portrange
> set tcp-halfclose-timer 0
> set tcp-halfopen-timer 0
> set tcp-timewait-timer 0
> set udp-idle-timer 0
> set session-ttl 0
> next
> end
> --
> 
> After removing all offending characters from the firewall config the 
> rancid-run completed fully and normally.
> 
> I've been playing around with fnrancid (3.8, build 3763) to try to find a way 
> to accommodate this happening again, but with only partial success.
> 
> I changed the prompt setting code to the following:
> 
> --
> # - FortiGate prompts end with either '#' or '$'. Further, they may
> # be prepended with a '~' if the hostname is too long. Therefore,
> # we need to figure out what our prompt really is.
> if (!defined($prompt)) {
> if ($_ =~ '^(.*) # ') {
> $prompt = "$1 # ";
> --
> 
> The above works great when the rancid user has root/super_admin permissions 
> (hash-mark (#) prompt). Adjusting rancid to have non-root permissions with a 
> dollar-sign ($) prompt and tacking on some additional code, rancid fails due 
> to end of run not found.
> 
> --
> # - FortiGate prompts end with either '#' or '$'. Further, they may
> # be prepended with a '~' if the hostname is too long. Therefore,
> # we need to figure out what our prompt really is.
> if (!defined($prompt)) {
> if ($_ =~ '^(.*) # ') {
> $prompt = "$1 # ";
> } else {
> if ($_ =~ '^(.*) \$ ') {
> $prompt = "$1 \$ ";
> }
> }
> }
> --
> 
> I tried some variations and either get the same error (end of run not found) 
> or every config line is pre-pended with #. I even tried explicitly defining 
> the firewall name inside $prompt against the firewall I am testing to bypass 
> $1 expansion.
> 
> Anyone have ideas why this is failing? I added some debug statements and my 
> regex matches and $prompt is being set as I would expect, but for some reason 
> it's not matching when rancid runs.
> 
> Doing some testing, when the hostname in the prompt does get truncated, it 
> stays the same regardless of what config level you enter.
> 
> Here is example of setting a 25-character hostname and then entering a few 
> levels of config:

is the content before the '~' consistent?  ie: the first 20 characters?
and its always followed by a space?  and possibly a sub-level in
parentheses?

IOS does similar junk, so we have an art for this that just needs to be
tailored.

> --
> fortigate-firewall # config system global
> fortigate-firewall (global) # set hostname 1234567890123456789012345
> fortigate-firewall (global) # end
> 12345678901234567890~345 #
> 12345678901234567890~345 # config firewall service group
> 12345678901234567890~345 (group) # edit JD_TEST_GROUP
> 12345678901234567890~345 (JD_TEST_GROUP) # set comment "coding is fun"
> 12345678901234567890~345 (JD_TEST_GROUP) # end
> 12345678901234567890~345 #
> --
> 
> 
> Thanks,
> 
> -Aaron
> 

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] rancid - show password in configs

2018-10-18 Thread heasley
Thu, Oct 18, 2018 at 07:55:19AM +, Ra'ed Habib | TAWASOL:
> Hello there,
> 
> We have been using rancid to backup our switches and it has been amazing so 
> far, but the issue is that anywhere a password or a smtp community it appears 
> as "", is there anyway to show the actual password in plain text ?
> 

see rancid.conf(5).

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

2018-10-18 Thread heasley
Thu, Oct 18, 2018 at 03:17:56AM +, Piegorsch, Weylin William:
> Thanks.  I just tried, and got the same "end of run not found."  Then I 
> realized I wasn’t merely cutting/pasting from one location to another, but 
> also the specific logout text test changed; once I updated to what you 
> showed, it worked perfectly.  Also - the lines I had were at different 
> indexes, and different offsets between old/new locations where the commands 
> moved.  For reference, diff below not to my .in file (I don’t have the 
> original install makefiles), but against the production library file.

super.  these changes have been committed, so you can have the full file
from the alpha tarball or the svn repo at 
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid .

> Lest I forget – Muchos mahalo for the help on this the past few months 
> working through things.

thank you! for being responsive & helping.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] router config diffs

2018-10-19 Thread heasley
Fri, Oct 19, 2018 at 05:54:48AM +, Wayne Eisenberg:
> I just upgraded from 3.1 to 3.8, and all of a sudden I am getting emails 
> every time there is a change in the config - 'router config diff' emails. I 
> must have tweaked something in the previous version so that I wasn't getting 
> them for every change in config, but I don't remember what. Is there a switch 
> or conf variable that can turn it off? I just want to be notified if rancid 
> can't contact a device.
> 

please see the FAQ S2 Q4.  your cvs working directory is most likely out
of sync somehow.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] router config diffs

2018-10-21 Thread heasley
Sun, Oct 21, 2018 at 05:45:41PM -0400, Lee:
> On 10/21/18, Wayne Eisenberg  wrote:
> > Hi,
> >
> > I'm using SVN, not CVS.
> >
> > I probably didn't do a good job of explaining. I'm not getting the same diff
> > over and over. They are new versions, valid diffs. I don't see how svn could
> > get out of sync, when the crontab was inactive (everything rem'ed out) so
> > there was no activity during the upgrade. Before the upgrade, I know there
> > were router config changes taking place and I did not get an email about
> > them. Now I do. So I'm hunting for how to turn the notifications off.
> 
> I'd go with changing control_rancid.  Search for
> 
> # Mail out the diffs (if there are any).
> if [ -s $TMP.diff ] ; then
> 
> which looks like the line to change to turn notifications off.  Or
> check the FAQ:
> Q. I just want to store configrurations, I do not want to receive diffs.  How
>can I accomplish this?
> A. Use procmail to filter them out of your inbox.
>OR, redirect the mail aliases in your MTA's aliases file or database to a
>mailman list with no subscribers.
>OR, redirect the mail aliases to /dev/null.
>OR, set DIFFSCRIPT in rancid.conf to something that eats it's input, such
>as "dd of=/dev/null bs=16k".

Ja.  or if it is a diff repeatedly of something that ought to be ignored,
share examples.

> Regards,
> Lee
> >
> > I'm also noticing a .cvsignore file in the 'configs' folder in WebSVN. Not
> > sure why that is there or if I should care. It wasn't there before the
> > upgrade.

its also used for svn

> > Thanks,
> > Wayne
> >
> >
> > -Original Message-
> > From: heasley [mailto:h...@shrubbery.net]
> > Sent: Friday, October 19, 2018 11:47 AM
> > To: Wayne Eisenberg 
> > Cc: 'rancid-discuss@shrubbery.net' 
> > Subject: Re: [rancid] router config diffs
> >
> > Fri, Oct 19, 2018 at 05:54:48AM +, Wayne Eisenberg:
> >> I just upgraded from 3.1 to 3.8, and all of a sudden I am getting emails
> >> every time there is a change in the config - 'router config diff' emails.
> >> I must have tweaked something in the previous version so that I wasn't
> >> getting them for every change in config, but I don't remember what. Is
> >> there a switch or conf variable that can turn it off? I just want to be
> >> notified if rancid can't contact a device.
> >>
> >
> > please see the FAQ S2 Q4.  your cvs working directory is most likely out of
> > sync somehow.
> >
> >
> > 
> >
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Rancid not updating

2018-10-17 Thread heasley
Wed, Oct 17, 2018 at 02:40:50PM +, Larry Larsen:
> I agree with your analysis on refused, host key and time outs.  I was going 
> to work on them one by one as it went along.  Hopefully someone knows 
> something about CVS.

that is addressed in the rancid FAQ.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin commenting script commands following multiple blanks lines

2018-10-24 Thread heasley
Sat, Sep 29, 2018 at 03:19:00PM -0700, Erik Muller:
> So here's an odd thing I just ran across.  Running clogin with a script with 
> multiple blank lines has some very unexpected behaviour.  It looks like it's 
> turning \n\n into \n;, with the net effect of commenting out any command that 
> follows two blank lines.  Reproducible on ubuntu 12.04 and OSX 10.13 with 
> stock 3.8 source.  Works as expected in 2.3.8 ubuntu packages.
> 
> The culprit is definitely in the "# handle escaped ;s in commands, and ;; and 
> ^;" section of clogin (rolling that block back to what was in 2.3.8 fixes 
> it), but trying to grok that in expect language to provide a real fix makes 
> my head hurt, so I'll leave this as a bug report.  Examples below.
> 
> thanks,
> -e

I believe that patch addresses this bug.

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3909)
+++ bin/clogin.in   (working copy)
@@ -76,12 +76,12 @@
}
 
# handle escaped ;s in commands, and ;; and ^;
-   regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-   regsub {^;} $esccommand "\u002;" command
-   set sep "\\1\u001"
-   regsub -all {([^\\])\;} $command "$sep" esccommand
-   set sep "\u001"
-   set commands [split $esccommand $sep]
+   regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+   regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+   regsub {^;} $command "\u002;" esccommand
+   regsub -all {[\\];} $esccommand ";" command
+   set sep "\u002;"
+   set commands [split $command $sep]
set num_commands [llength $commands]
set rshfail 0
for {set i 0} {$i < $num_commands && !$rshfail} { incr i} {
@@ -373,12 +373,12 @@
 log_user 0
 
 # handle escaped ;s in commands, and ;; and ^;
-regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-regsub {^;} $esccommand "\u002;" command
-set sep "\\1\u001"
-regsub -all {([^\\])\;} $command "$sep" esccommand
-set sep "\u001"
-set commands [split $esccommand $sep]
+regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+regsub {^;} $command "\u002;" esccommand
+regsub -all {[\\];} $esccommand ";" command
+set sep "\u002;"
+set commands [split $command $sep]
 set num_commands [llength $commands]
 # the pager can not be turned off on the PIX, so we have to look
 # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin commenting script commands following multiple blanks lines

2018-10-24 Thread heasley
Wed, Oct 24, 2018 at 04:43:41PM -0400, Erik Muller:
> On 10/24/18 13:28 , heasley wrote:
> > Sat, Sep 29, 2018 at 03:19:00PM -0700, Erik Muller:
> >> So here's an odd thing I just ran across.  Running clogin with a script 
> >> with multiple blank lines has some very unexpected behaviour.  It looks 
> >> like it's turning \n\n into \n;, with the net effect of commenting out any 
> >> command that follows two blank lines.  Reproducible on ubuntu 12.04 and 
> >> OSX 10.13 with stock 3.8 source.  Works as expected in 2.3.8 ubuntu 
> >> packages.
> >>
> >> The culprit is definitely in the "# handle escaped ;s in commands, and ;; 
> >> and ^;" section of clogin (rolling that block back to what was in 2.3.8 
> >> fixes it), but trying to grok that in expect language to provide a real 
> >> fix makes my head hurt, so I'll leave this as a bug report.  Examples 
> >> below.
> >>
> >> thanks,
> >> -e
> > 
> > I believe that patch addresses this bug.
> 
> 
> That definitely fixes the blanks-may-comment-the-next-line issue, though it 
> looks like it also breaks handling of escaped ;s as well.
> 
> before:
> $ clogin-3.8 -c 'sh ip bgp nei | inc 1\; ; show ver | inc ^Model Num' fl1-as01
> ...
> fl1-as01#sh ip bgp nei | inc 1;
>   Route to peer address reachability Up: 1; Down: 0
>   Connections established 1; dropped 0
> 
> 
> with patch:
> $ clogin -c 'sh ip bgp nei | inc 1\; ; show ver | inc ^Model Num' fl1-as01
> ...
> fl1-as01#sh ip bgp nei | inc 1
> BGP neighbor is x.x.x.x,  remote AS 42, external link
> 
> 
> 
> And it seems to eat leading semicolon comments as well:
> 
> $ cat ~/clogin-blanks-test2
> show bridge
> ; just a comment
> $ clogin -x ~/clogin-blanks-test2 fl1-as01.polaris.corp
> ...
> fl1-as01#show bridge
> fl1-as01#
> fl1-as01#
> fl1-as01#
> fl1-as01# just a comment
>   ^
> % Invalid input detected at '^' marker.
> 

I missed that in your example, but noticed it in testing...after I sent that
patch.  This is my final patch, i think.  I havent committed it yet, as I
want to review it once more.

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3909)
+++ bin/clogin.in   (working copy)
@@ -76,11 +76,12 @@
}
 
# handle escaped ;s in commands, and ;; and ^;
-   regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-   regsub {^;} $esccommand "\u002;" command
-   set sep "\\1\u001"
-   regsub -all {([^\\])\;} $command "$sep" esccommand
-   set sep "\u001"
+   regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+   regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+   regsub {^;} $command "\u002;" esccommand
+   regsub -all {[\\];} $esccommand ";" command
+   regsub -all {\u002;} $command "\u002" esccommand
+   set sep "\u002;"
set commands [split $esccommand $sep]
set num_commands [llength $commands]
set rshfail 0
@@ -373,11 +374,12 @@
 log_user 0
 
 # handle escaped ;s in commands, and ;; and ^;
-regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-regsub {^;} $esccommand "\u002;" command
-set sep "\\1\u001"
-regsub -all {([^\\])\;} $command "$sep" esccommand
-set sep "\u001"
+regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+regsub {^;} $command "\u002;" esccommand
+regsub -all {[\\];} $esccommand ";" command
+regsub -all {\u002;} $command "\u002" esccommand
+set sep "\u002"
 set commands [split $esccommand $sep]
 set num_commands [llength $commands]
 # the pager can not be turned off on the PIX, so we have to look
@@ -384,11 +386,7 @@
 # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,
 # with a global switch in the config.
 for {set i 0} {$i < $num_commands} { incr i} {
-   if { [lindex $commands $i] == "\u002" } {
-   send -- "\r"
-   } else {
-   send -- "[subst -nocommands [lindex $commands $i]]\r"
-   }
+   send -h -- "[subst -nocommands [lindex $commands $i]]\r"
expect {
-re "^\b+"  { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user -- 
"$expect_out(buffer)"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin commenting script commands following multiple blanks lines

2018-10-24 Thread heasley
Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
> I missed that in your example, but noticed it in testing...after I sent that
> patch.  This is my final patch, i think.  I havent committed it yet, as I
> want to review it once more.

ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
esp for palo alto, of which I have none.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Problem rancid 3.7 after cmw / hp 5130 routers 5130 firmware upgrade

2018-10-31 Thread heasley
Wed, Oct 31, 2018 at 09:10:27AM +0100, Service Informatique CH DECIZE:
> We have made a clogin test :
> "
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *rancid@SRV-TOOLS2:/usr/lib/rancid/bin$ ./clogin SWA22swa22spawn telnet -K
> swa22Trying 172.16.1.22...telnet: Unable to connect to remote host:
> Connection refusedspawn ssh -c aes128-cbc -x -l admin swa22admin@swa22's
> password: exitConnection to swa22
> closed.rancid@SRV-TOOLS2:/usr/lib/rancid/bin$ ./clogin SWA21swa21spawn
> telnet -K swa21Trying 172.16.1.21...Connected to swa21.ch-decize.fr
> <http://swa21.ch-decize.fr>.Escape character is '^]'.Login
> authenticationUsername:adminPassword:quitConnection closed by
> foreign host.rancid@SRV-TOOLS2:/usr/lib/rancid/bin$ *"
> 
> SWA22, as SWSR1, is a router for which we receive "config fetcher problems"
> mails...
> SWA21 is a router for which we have no problem.
> SWA22 clogin test shows a first telnet connexion refused. It's perhaps the
> origin of our problem ?

we do not support that module; ask whomever wrote it.  but, my guess
would be that the cause is that the device appears to not reliably
echo the  after 'exit' and the loop around input must be adjusted
to accept that, as the ios module does.

i do not know the hp 5130; you might try the hp, foundry, or smc device
types that rancid supports.

> Thanks for your help.
> 
> 
> Le mer. 31 oct. 2018 à 08:44, Service Informatique CH DECIZE <
> serv.informatique@gmail.com> a écrit :
> 
> > We use cmw device type (before and after upgrade)...
> > No modification in the rancid config. Just routers firmware upgrade.
> >
> >
> > Le mar. 30 oct. 2018 à 16:40, heasley  a écrit :
> >
> >> Tue, Oct 30, 2018 at 12:02:09PM +0100, Service Informatique CH DECIZE:
> >> > Hello,
> >> >
> >> > We have made a firmware update on our cwm / hp 5130 routers : upgrade
> >> from
> >> > 3115P05 release (7.1.045) to 3208P03 release (7.1.070).
> >> > Since upgrade, we receive "config fetcher problems" mails, that
> >> indicates " The
> >> > following routers have not been successfully contacted for more than 24
> >> > hours".
> >> > In the rancid logs, we can see for these routers :
> >> > " Trying to get all of the configs.
> >> > swsr1: End of run not found
> >> > return
> >> > =
> >> > Getting missed routers: round 1.
> >> > swsr1: End of run not found
> >> > return
> >> > ... "
> >> > Does anyone know where is the problem ?
> >> > Before upgrade, everything was ok with these routers in rancid.
> >>
> >> what device type are you using for these?  It looks like you are using a
> >> older version of rancid or have a custom module?
> >>
> >

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] router config diffs

2018-10-25 Thread heasley
Thu, Oct 25, 2018 at 04:33:45PM -0400, Lee:
> On 10/25/18, heasley  wrote:
> > Thu, Oct 25, 2018 at 04:46:48AM +, Wayne Eisenberg:
> >> > I'd go with changing control_rancid.  Search for
> >> >
> >> > # Mail out the diffs (if there are any).
> >> > if [ -s $TMP.diff ] ; then
> >>
> >> Bingo. I found my tweak. Thanks, Lee! Instead of actually sending the
> >> email, I had just redirected it to /dev/null.
> >>
> >> -) | $SENDMAIL -t $MAILOPTS
> >> +   ) > /dev/null
> >>
> >> Maybe that could be a config choice in rancid.conf (if it were a global
> >> switch) or .cloginrc (if you wanted to turn off mail for specific devices
> >> or groups)?
> >>
> >>
> >> -Original Message-
> >> From: Lee [mailto:ler...@gmail.com]
> >> Sent: Sunday, October 21, 2018 5:46 PM
> >> To: Wayne Eisenberg 
> >> Cc: rancid-discuss@shrubbery.net
> >> Subject: Re: [rancid] router config diffs
> >>
> >> On 10/21/18, Wayne Eisenberg  wrote:
>   <.. snip ..>
> >> > I probably didn't do a good job of explaining. I'm not getting the
> >> > same diff over and over. They are new versions, valid diffs. I don't
> >> > see how svn could get out of sync, when the crontab was inactive
> >> > (everything rem'ed out) so there was no activity during the upgrade.
> >> > Before the upgrade, I know there were router config changes taking
> >> > place and I did not get an email about them. Now I do. So I'm hunting
> >> > for how to turn the notifications off.
> >>
> >> I'd go with changing control_rancid.  Search for
> >
> > why?  there are 3 manners of affecting the same result, but without
> > modifying the installed base and without needing to remember that
> > change following the next upgrade.  embrace the unix
> > methodology - assemble (pipe) simple tools for complex results.
> 
> I haven't tried this, but it sure looks like one could build rancid with
> export SENDMAIL=/usr/local/bin/sendmail_alt
> ./configure --prefix= ..etc..
> 
> and have /usr/local/bin/sendmail_alt be just
> exit

youre making that more difficult than necessary,

export SENDMAIL="dd of=/dev/null bs=32k"

but, you still want the admin email, imiho, and that will break it.

> and that would take care of not sending emails or doing something
> other than sending mail.  Yes?   but that means you'd have to build
> rancid instead of just installing from some repository..
> 
> In any case, I went with changing control_rancid because there were a
> few other things I wanted to do like filtering out passwords, keys,
> hashes, etc. from the mail msg before sending it. So right after the
>   # Diff the directory and then checkin.
> section I added
> 
> # -LR- begin: remove passwords, etc. from diff listing
> /usr/local/bin/sanitize.sh $TMP.diff >$TMP.diff2
> /bin/mv  $TMP.diff2 $TMP.diff
> # -LR- end  : remove passwords etc. from diff listing

this too is possible without changing control_rancid; see rancid.conf(5)
for FILTER_PWDS & DIFFSCRIPT.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] clogin commenting script commands following multiple blanks lines

2018-10-25 Thread Heasley



> Am 25.10.2018 um 12:53 schrieb Erik Muller :
> 
>> On 10/24/18 18:32 , heasley wrote:
>> Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
>>> I missed that in your example, but noticed it in testing...after I sent that
>>> patch.  This is my final patch, i think.  I havent committed it yet, as I
>>> want to review it once more.
>> 
>> ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
>> esp for palo alto, of which I have none.
> 
> That one was really close, but still didn't pass through ^; from command 
> files properly.
> After a bit more tweaking, the following change seems to get it to handle all 
> my test cases correctly.
> 

You have to escape the ; in the file (\;). The An argument could be made either 
way, i leN toward not altering the behavior of -x. 

> erikm@vpn41:~/ports-dev [15:21 - 1497]$ diff -Naur 
> /opt/local/libexec/rancid/clogin-3.99.99.bak 
> /opt/local/libexec/rancid/clogin-3.99.99
> --- /opt/local/libexec/rancid/clogin-3.99.99.bak2018-10-24 
> 19:46:30.0 -0400
> +++ /opt/local/libexec/rancid/clogin-3.99.992018-10-25 15:21:18.0 
> -0400
> @@ -253,7 +253,8 @@
>}
>set cmd_text [read $cmd_fd]
>close $cmd_fd
> -set command [join [split $cmd_text \n] \;]
> +regsub -all {;} $cmd_text "\\;" cmd_text
> +set command [join [split $cmd_text \n] \u002;]
>set do_command 1
># 'ssh -c' cypher type
>} -y* {
> @@ -444,13 +445,8 @@
>continue;
>}
> 
> -# handle escaped ;s in commands, and ;; and ^;
> -regsub -all {([^\\]);} $command "\\1\u002;" esccommand
> -regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
> -regsub {^;} $command "\u002;" esccommand
> -regsub -all {[\\];} $esccommand ";" command
> -regsub -all {\u002;} $command "\u002" esccommand
> -set sep "\u002;"
> +set esccommand [escapecommandlist $command]
> +set sep "\u002"
>set commands [split $esccommand $sep]
>set num_commands [llength $commands]
>set rshfail 0
> @@ -724,6 +720,21 @@
> return 0
> }
> 
> +# handle escaped ;s in commands, and ;; and ^;
> +proc escapecommandlist {command} {
> +# \; should be passed through as a ;
> +# ^; should be treated as a comment (when coming from a command file)
> +# ;; represents a literal ; before a subsequent command (?)
> +# other ;s are separators between items in a sequence of commands
> +# note this is processed as one big multiline text blob, so ^ anchors may
> +# not work as expected
> +regsub -all {([^\\\u002]);} $command "\\1\u002;" esccommand
> +regsub -all {([^\\\u00a\u00d\u002]);;} $esccommand "\\1;\u002;" command
> +regsub -all {\u002;} $command "\u002" esccommand
> +regsub -all {[\\];} $esccommand ";" command
> +return $command
> +}
> +
> # Run commands given on the command line.
> proc run_commands { prompt command } {
> global do_interact do_saveconfig in_proc platform
> @@ -742,12 +753,7 @@
> # this is the only way i see to get rid of more prompts in o/p..gr
> log_user 0
> 
> -# handle escaped ;s in commands, and ;; and ^;
> -regsub -all {([^\\]);} $command "\\1\u002;" esccommand
> -regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
> -regsub {^;} $command "\u002;" esccommand
> -regsub -all {[\\];} $esccommand ";" command
> -regsub -all {\u002;} $command "\u002" esccommand
> +set esccommand [escapecommandlist $command]
> set sep "\u002"
> set commands [split $esccommand $sep]
> set num_commands [llength $commands]
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] paloalto feedback in current alpha [was: Re: clogin commenting script commands following multiple blanks lines]

2018-11-05 Thread heasley
Fri, Oct 26, 2018 at 06:24:10PM -0400, Erik Muller:
> On 10/24/18 18:32 , heasley wrote:
> > Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
> > ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
> > esp for palo alto, of which I have none.
> 
> At least on 8.1.4 on my 3250s, the cli is a little bit busted until you get 
> out of interactive mode - for every space you enter between words in the 
> command, it redraws the current line, which was messing up the prompt 
> matching as below.  Fix for that attached at end of message.
> -e

super; committed.  thanks.

> diff -ur rancid-3.99.99/etc/rancid.types.base 
> rancid-3.99.99-em/etc/rancid.types.base
> --- rancid-3.99.99/etc/rancid.types.base  2018-10-24 11:13:49.0 
> -0400
> +++ rancid-3.99.99-em/etc/rancid.types.base   2018-10-26 17:16:53.950868707 
> -0400
> @@ -607,9 +607,8 @@
>  paloalto;login;panlogin
>  paloalto;module;panos
>  paloalto;inloop;panos::inloop
> -paloalto;command;rancid::RunCommand;set cli scripting-mode on
> -paloalto;command;rancid::RunCommand;set cli pager off
>  paloalto;command;panos::ShowInfo;show system info
> +paloalto;command;panos::ShowInventory;show chassis inventory
>  paloalto;command;panos::ShowConfig;show config running
>  #
>  procket;script;prancid
> diff -ur rancid-3.99.99/lib/panos.pm.in rancid-3.99.99-em/lib/panos.pm.in
> --- rancid-3.99.99/lib/panos.pm.in2016-02-16 07:28:46.0 -0500
> +++ rancid-3.99.99-em/lib/panos.pm.in 2018-10-26 17:19:11.552895792 -0400
> @@ -119,6 +119,23 @@
>  return(0);
>  }
> 
> +# This routine parses "show chassis inventory"
> +sub ShowInventory {
> +my($INPUT, $OUTPUT, $cmd) = @_;
> +my($slot);
> +
> +print STDERR "In ShowInventory:: $_" if ($debug);
> +
> +while (<$INPUT>) {
> + tr/\015//d;
> + last if (/^$prompt/);
> +
> + ProcessHistory("INV","","","#$_");
> +}
> +ProcessHistory("INV","","","#\n");
> +return(0);
> +}
> +
> 
>  # This routine parses "show config running"
>  sub ShowConfig {

Is this a new command or specific to larger platforms?  What is the error
if the command is unknown?

> diff -ur rancid-3.99.99/lib/nxos.pm.in rancid-3.99.99-em/lib/nxos.pm.in
> --- rancid-3.99.99/lib/nxos.pm.in 2018-09-19 18:02:44.0 -0400
> +++ rancid-3.99.99-em/lib/nxos.pm.in  2018-10-26 17:58:51.611639817 -0400
> @@ -494,9 +494,12 @@
>   # Drop vtp_debug.log and vtp_debug_old.log CDETS bug CSCuy87611
>   /\s+vtp_debug(_old)?\.log$/ && next;
> 
> + # Drop bcm_mem_locl_trace.log
> + /\s+bcm_mem_lock_trace\.log$/ && next;
> +
>   next if (/BufferMonitor-1HourData/);
> 
> - if (/( debug_logs| log)\/$/) {
> + if (/( debug_logs| log| vdc_\d+)\/$/) {
>   # change
>   # 8192Jan 08 14:05:05 2015  log/
>   # to

did I miss an explaination of this patch?  I see what it does, but ...

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Ubiquiti edgeswitch (edgemax) script?

2018-11-06 Thread heasley
Tue, Nov 06, 2018 at 06:13:18PM +, Kevin Geil:
> Hi, I'm trying to get RANCID to poll my ubiquiti edge switches, and am a bit 
> perplexed.  From what I've found online in other mailing lists, it is 
> possible to use RANCID to poll these, using the edgemax script. So far, I've 
> set up the router.db with  edgemax.  When I invoke rancid-run, 
> nothing much happens, and when I look in the log, I see:
> =
> Getting missed routers: round 2.
> myEdgeSwitch: End of run not found
> !
> =
> 
> So far, I have tried adding my own device type by copying the "EdgeMax" 
> device config in rancid.types.base to rancid.types.conf, and calling it 
> EdgeSwitch (which is the right thing to do right? Despite the dire warnings 
> at the top of each file, it's not entirely clear how to do this, as they both 
> warn against editing the file).  I tried to use ulogin instead of clogin, 
> with the same result.
> I can successfully  authenticate to the switches by using both clogin and 
> ulogin.

unless you are changing the device spec somehow, there is no need to copy
it.  just use the edgemax spec.  otherwise, yes, copy the spec to the .conf
file with a different name.

> 
> What is now really confusing is that I don't know what script RANCID should 
> be running.  In rancid.types.base, the edgemax config looks like this:
> 
> ## UBNT EdgeMAX
> edgemax;script;rancid -t edgemax
> edgemax;login;clogin
> edgemax;module;edgemax
> ...more commands...

the script is rancid, which imports the named modules, edgemax{.pm} in
this case.  also see rancid.types.conf(5)

> What confuses me is that there isn't a script in the bin directory called 
> edgemax, so I'm not sure what script it should be running.  There IS a file 
> in lib/rancid called edgemax.pm, but that doesn't get referenced by the 
> config in rancid.types.base.
> 
> If someone could help clarify
> 
> 1. What "end of run not found" means to me, and

it means that it did not find the end of the config or possibly no config.
S3 Q2 of the FAQ has a good test outline.

> 2. What script the edgemax config should be running, I might be able to 
> figure this all out.
> 
> Thank you.
> 
> Kevin

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Simple web-frontend for rancid files?

2018-10-10 Thread heasley
Wed, Oct 10, 2018 at 11:30:54AM -0400, Eric W. Bates:
> - add a post-commit hook to the repository on RANCiD such that it pushes 
> to gitlab:

that should not be necessary, if the remote is added to the origin.

http://www.shrubbery.net/pipermail/rancid-discuss/2018-August/010348.html

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] RANCID and gitweb - preventing the CVS repo path from showing

2018-10-10 Thread heasley
Tue, Oct 02, 2018 at 12:04:01AM +, Aaron Wasserott:
> Upgraded my old RANCID software to the latest, and switched from CVS to git. 
> I also installed gitweb as the WebUI interface for browsing RANCID files.
> 
> One minor annoyance I ran into was not only was every group folder being 
> displayed (e.g, switches, routers, firewalls, etc) but the CVS path of each 
> was displayed as well.
> 
> So the gitweb page would show something like this:
> 
> firewall/.git
> router/.git
> switch/.git
> CVS/firewall
> CVS/router
> CVS/switch

The one that i have uses
our $projects_list = "/path/rancid/etc/gitweb.conf";
that is built hourly with a list of groups,
/.git
/.git
...

CVS/* do not appear.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Run secondary login / collection script for entries in router.db? Anyone doing something like this?

2018-10-06 Thread heasley
Tue, Oct 02, 2018 at 06:15:20PM +, Ni Ne:
> I am curious to see the effort behind having the default configuration backup 
> contain only the device configuration, and push other things like file 
> system, interface status, inventory, etc, into a separate file. The main 
> reason is I want to greatly increase the amount of ancillary data retrieved 
> for each device, but don't want to clutter the configuration file itself, so 
> disaster recovery is simpler.

my suggestion is that you do not alter the existing device types in rancid,
leave them as is and collect the additional information as separate device
types in a separate group to avoid the hostname collision.

group1/router.db: host.name.co;cisco;up

group2/router.db: host.name.co;cisco-expanded;up

define cisco-expanded in rancid.type.conf with your own perl module to
do whatever filtering/etc is needed.  I think I wrote an example of
this in the FAQ or perhaps in rancid.types.conf(5).

> Is anyone doing this in a stream-lined fashion, where secondary login scripts 
> are called for each device present in a router.db file? Ideally the 
> administrator would only need to add a device once, and then based on vendor 
> type that secondary login process would run transparently.
> 
> I am still digging (back) into the RANCID internals to see how easy this 
> would be to accomplish, so just curious if anyone is doing something like 
> this already.
> 
> Thanks!
> 
> -Aaron

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Need to Add "Show Version" CMD

2018-08-30 Thread heasley
Thu, Aug 30, 2018 at 04:54:52PM +0530, Devesh Singh:
> Hello team,
>   Can you please help/guide me to add "Show Version" CMD in rancid
> for Cisco ASA Firewall, while taking the backup.

show version is collected by default.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Re: [rancid] Backup Extreme switches

2018-08-31 Thread heasley
Fri, Aug 31, 2018 at 10:52:03AM +, Peltokangas Mikko:
> Well, I'm trying to log in via telnet.
> 
> I found this package, what gives some guidance for that:
> https://www.dropbox.com/s/tsqclfxg8c8p9n1/rancid-extreme-changes.tgz?dl=0_subpath=%2F.
> There's only one problem, it tells that I need to add that vendor-to-script 
> -translation to rancid-fe but when I'm looking my 
> rancid-fe, it look like this: https://pastebin.com/ptb5LZQ8
> 
> Do I have some wrong version or something else odd?

that is unsupported in 3.x.

> Should I add new type to /etc/rancid/rancid.types.base dispite the threat of 
> voodoo doll? ;)

you could add one to rancid.types.conf, but it should not be necessary.
please follow the debugging sets in the FAQ S3 Q2 to debug the reason
xlogin is failing or to help us help you by sharing that output.

> --
> -m
> 
> Lähettäjä: Nick Hilliard 
> Lähetetty: 28. elokuuta 2018 22:58
> Vastaanottaja: heasley
> Kopio: Peltokangas Mikko; rancid-discuss@shrubbery.net
> Aihe: Re: [rancid] Backup Extreme switches
> 
> heasley wrote on 28/08/2018 19:54:
> > it shouldnt.  please should me xlogin -d -c 'somecommand' output.
> 
> fake news.  This was a bug affecting older versions, but it seems to be
> fixed now.
> 
> Mikko, make sure you can log in to the switches using ssh from the
> rancid account, because the versions of XOS that are supported on these
> devices only allows deprecated crypto parameters.  You may need this in
> your ~rancid/.ssh/config file:
> 
> --
> Host *
> KexAlgorithms +diffie-hellman-group1-sha1
> HostkeyAlgorithms +ssh-dss
> --
> 
> Nick

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


  1   2   >