Re: [rancid] Rancid - keep backup/config files/SVN revisions no older than X days

[john heasley]

Fri, Jan 17, 2020 at 09:47:56AM -0800, Dragan Vucanovic:
> I'm new to Rancid, just started playing with it.
> 
> Is somehow possible, when newer config file of same device exist, to keep 
> only newest version, or it's already configured by default ? 

not really - saving the config history is part of the majick.  one (you)
could write a script to periodically look at the CVS or SVN history and
delete all revisions besides the latest.  this would not work with git,
afaik.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Adding devices manually

[Heasley]

> Am 15.01.2020 um 07:17 schrieb Wiethoff, Helge :
> 
> Hi,
> 
> is there a way to add configurations of devices manually?
> 
> I have some devices that cannot be queried with the existing rancid-
> scripts. This is not necessarily a bad thing either, as changes are
> rarely made here. But since I'd like to have the configurations in the
> repository as well, I'd like to add them manually via svn.
> 
> cd configs
> svn add config.txt
> svn commit
> 
> That's not good enough at this point, is it?

Add them to the router.db as state ˋdownˋ

> 
> regards
> Helge
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Aruba 2930M

[john heasley]

Sat, Dec 21, 2019 at 08:30:39AM +1100, Dale Shaw:
> On Thu, 19 Dec 2019 at 1:02 am, Guisepp Rodriguez 
> > What version of Rancid I need? I use rancid 3.7 and for Aruba 2930M I use
> > hlogin, hrancid. This is the output error:
> >
> > [rancid@rancid rancid]$ ./bin/hrancid -t hp -d xx.xx.xx.xx
> > executing hlogin -t 90 -c"show version;show flash;show
> > system-information;show system information;show module;show stack;show tech
> > transceivers;show config files;show config status;write term" xx.xx.xx.xx
> > sh: hlogin: command not found
> >
> 
> ^^ do you have a $PATH environment variable problem? It seems hrancid can’t
> execute hlogin. From memory, this can be set in rancid.conf.

To clarify; the scripts inherit PATH from their parent, expect rancid-run and
control_rancid which include rancid.conf.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme EXOS switches - what model?

[john heasley]

Tue, Dec 03, 2019 at 08:49:12PM +, Adam Thompson:
> I’m somewhat confused here; I have some Extreme X620 switches (that’s the 
> Summit / EX-OS line) that I’m trying to add into RANCID.
> However, my v3.9 installation, upon seeing “extreme” in router.db, still 
> tries to run the “enable” command after logging in, which is wrong – VERY 
> wrong, and tells me the wrong device type in is use.
> Yet when I manually run “xlogin” to one of these devices, it still fails 
> because it treats it like a Cisco-ish device, not like an EXOS device.
> 
> What device type am I supposed to put in router.db?  Why doesn’t xlogin 
> successfully log in??
> 
> I feel like I’m missing something here…

clogin(5)
...
CAVEATS
...
   The Extreme is supported by clogin, but it has no concept of an
   "enabled" privilege level.  You must set autoenable for these devices
   in your .cloginrc.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Merge OpenGear vendor-provided rancid scripts with official RANCID release for future?

[john heasley]

Tue, Nov 26, 2019 at 08:53:02PM +, Ni Ne:
> OpenGear has published rancid and login files that work with their console 
> servers.
> 
> The page describing it is here:
> 
> https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support
> 
> The direct link to their code is:
> 
> https://opengear.zendesk.com/hc/en-us/article_attachments/209925523/opengear-rancid-v2.1.zip
> 
> I just implemented their scripts, replacing very old custom hack-jobs I put 
> together years ago, using some other existing login scripts as a base. Their 
> scripts handle the prompts better than my legacy code.
> 
> I have successfully tested their code on ~150 OpenGear console servers of 
> various models (IM7200, IM4xxx, CMx) and on various software versions - 3.16 
> through 4.5
> 
> There are some tweaks I made, like running their show version code first. And 
> that line is not commented out in the resulting output file. But beyond that, 
> it works fine.
> 
> Would it be possible for their code to be reviewed and merged with official 
> rancid source for easier future use?
> 

sure.  I've asked them for permission.

It will have to be brought up to date with the current code and I will need
your (and/or other's) help to test those changes.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Cisco 3650 IOS-XE active VLAN port state changes

[john heasley]

Sat, Nov 23, 2019 at 09:50:06PM +, Piegorsch, Weylin William:
> You can also develop a custom type that doesn't call "show vlan".

please do this, rather than change ios.pm.  This makes it easier for you
to upgrade rancid, both of which i prefer because it is easier to support
you.

> Also, I've had this occur twice in the past.
> - One time was happening campus-wide. I dug into it hard, and after a good 
> amount of effort found out there was something actually happening based on a 
> misunderstanding I had about native VLANs work in IOS.  In other words: (a) I 
> learned something, and (b) I found I had an actual misconfiguration.
> - The other time it turned out that there was a hardware fault on the ASIC 
> (we're actually still using that particular Catalyst 3508).

I would like to understand why this occurs for some folks and change
the code to automatically ignore show vlan output when the switch is
configured in a manner that would lead to it.  I know that VTP does
this and sometimes 802.1x and the current code tries to recognize
both of these.  tia for any help here.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] moving rancid to new server

[john heasley]

Mon, Nov 18, 2019 at 10:40:22PM +, Wayne Eisenberg:
> Hi,
> 
> I need to move my rancid (3.8) setup to a new server. Is it ok to tar/gzip 
> the entire directory and copy it or just do a bulk copy via scp of the entire 
> /usr/local/rancid directory from the old to new server (and the .cloginrc 
> file, of course)? Or should I re-install and re-configure from scratch on the 
> new server? It's not the same distro, but as long as the other packages (like 
> expect) are installed, it should be pretty portable, yes?

in theory, yes.  rsync/tar/whatever.  there are only 2 C programs in the
package; as long as their libraries are satisfied (ldd ) and there
are no path changes, it should work.  YMMV

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Dell EMC OS10 switch

[john heasley]

Tue, Nov 05, 2019 at 09:02:19AM +0100, Bjørn Skobba:
> It looks like Dell S3048-ON can use either the “old” Force10 FTOS(OS9) or 
> Dell’s OS10 (aka (D)NOS10). As you are running the latter, the dnos10 type 
> John mention should work. It is also based on a modified version of the 
> f10rancid script. From a quick browse of the diff, I think they are pretty 
> much doing the same thing. I’m using the dnos10 for our Dell S5296F-ON 
> switches running OS10 (version 10.4.x)

FWIW, I expect that these modules will diverge as DNOS evolves, as it
seems to be Dell's goal.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] web frontend for git based rancid

[john heasley]

Tue, Nov 05, 2019 at 11:34:05AM +, shouldbe q931:
> On Wed, Oct 30, 2019 at 11:14 PM Andreas Ott  wrote:
> >
> > Hello,
> >
> > we have recently uplifted a server from the stoneage to a current version of
> > rancid, also now using git as the version control system.
> >
> > In previous generations we used cvsweb (cvs backend) and WebSVN (svn
> > backend) to provide at least read-only view for our operations/support
> > team into the different devices. For the git backend we installed gitlist
> > but find it lacking, especially when it comes to a very common need
> > "display diff between version X and version Y".
> >
> > Has anyone solved this problem in gitlist, or what other web frontend
> > are you using to display data from the git repository that can do this?
> >
> > Thanks, andreas
> > --
> > Andreas Ott   andr...@naund.org
> >
> 
> My solution for this was to use a commit hook to push to an instance
> of gitlab ce.

Not know the exact nature of your hack, but if using git, there is a simple
method to have a remote without hacking.  See the rancid FAQ S2Q8.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Dell EMC OS10 switch

[john heasley]

Mon, Nov 04, 2019 at 04:51:23PM +, Howard Jones:
> I made a slightly-tweaked version of the Force10 type for our Dell 
> S3048-ON switches.
> 
> In etc/rancid.types.conf:
> 
> dell10;script;dell10rancid
> dell10;login;clogin
> 
> And then these are the differences from f10rancid:
> 
> A few commands don't exist - removed those. The switch likes to beep 
> (send ctrl-G) in responses, so I strip control chars out. It also 
> doesn't have 'end' at the end of the config, so the default 'saw all 
> commands' stuff didn't work.
> 
> Patch is for RANCID 3.7, but hopefully the gist is clear.
> 

I haven't looked at Howard's, but will.  However, I am assuming that this
is Dell NOS 10; maybe there is a difference from OS10 - i do not know, but
maybe someone will enlighten me.  rancid 3.10 has a dnos10 type that is
new from another user; maybe the two should be merged.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] web frontend for git based rancid

[john heasley]

Wed, Oct 30, 2019 at 04:13:57PM -0700, Andreas Ott:
> we have recently uplifted a server from the stoneage to a current version of
> rancid, also now using git as the version control system.
> 
> In previous generations we used cvsweb (cvs backend) and WebSVN (svn
> backend) to provide at least read-only view for our operations/support
> team into the different devices. For the git backend we installed gitlist
> but find it lacking, especially when it comes to a very common need
> "display diff between version X and version Y". 
> 
> Has anyone solved this problem in gitlist, or what other web frontend
> are you using to display data from the git repository that can do this?

we use gitweb.  doesnt seem to have what you seek, but does have a
"commit-to-current" diff button.  if one knows the commits, they can
enter those manually in the url to achieve what you want - or hack
that to do what you want.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Aruba - Wireless Controllers

[john heasley]

Fri, Oct 25, 2019 at 09:26:44AM -0700, reza:
> I’m using Mike32’s Aruba module which was recommended from the Shrubbery FTP, 
> https://github.com/miken32/rancid-aruba/. 
> 
> When I run rancid in debug mode against one of my device it failed in “End of 
> run not found”. I manually logged in with clogin to the device and ran “write 
> term” and verified the last line is end. Which is was is expected on line 546 
> of the Aruba.pm file, 
> https://github.com/miken32/rancid-aruba/blob/master/aruba.pm#L546. 
> 
> I’m hoping someone else has had some luck with this module and can provide 
> some help.

I do not have any of these, but note the README in the github repo and
the existence of arubalogin in the older version in
ftp://ftp.shrubbery.net/pub/rancid/contrib/aruba.tgz

maybe its hitting the pager.  look at the end of the site2-wc2.raw file
left by the -d in your test:

> rancid@rancid:~$ rancid -d -t aruba site2-wc2
> loadtype: device type aruba
> loadtype: found device type aruba at /etc/rancid/rancid.types.conf:115
> executing clogin -t 90 -c"no paging;show version;show master-redundancy;show 
> boot;show image version;dir;show interface transceivers;show 
> packet-capture;show inventory;show vlan;write term" site2-wc2
>     In aruba::inloop: PROMPT MATCH: \(site2-wc2\) >
> HIT COMMAND:(site2-wc2) >no paging
>     In RunCommand: (site2-wc2) >no paging
> HIT COMMAND:(site2-wc2) >show version
>     In aruba::ShowVersion: (site2-wc2) >show version
> HIT COMMAND:(site2-wc2) >show master-redundancy
>     In aruba::ShowMasterRedundancy: (site2-wc2) >show master-redundancy
> HIT COMMAND:(site2-wc2) >show boot
>     In aruba::ShowBoot: (site2-wc2) >show boot
> HIT COMMAND:(site2-wc2) >show image version
>     In aruba::ShowImageVersion: (site2-wc2) >show image version
> HIT COMMAND:(site2-wc2) >dir
>     In aruba::Dir: (site2-wc2) >dir
> HIT COMMAND:(site2-wc2) >show interface transceivers
>     In aruba::ShowInterfaceTransceivers: (site2-wc2) >show interface 
> transceivers
> HIT COMMAND:(site2-wc2) >show packet-capture
>     In aruba::ShowPacketCapture: (site2-wc2) >show packet-capture
> HIT COMMAND:(site2-wc2) >show inventory
>     In aruba::ShowInventory: (site2-wc2) >show inventory
> HIT COMMAND:(site2-wc2) >show vlan
>     In aruba::ShowVLAN: (site2-wc2) >show vlan
> HIT COMMAND:(site2-wc2) >write term
>     In aruba::WriteTerm: (site2-wc2) >write term
> site2-wc2: End of run not found
> site2-wc2: found_end is false
> !
> rancid@rancid:~$

> aruba;script;rancid -t aruba
> aruba;login;clogin
> aruba;module;aruba
> aruba;inloop;aruba::inloop
> aruba;command;aruba::RunCommand;no paging
> #aruba;command;aruba::RunCommand;encrypt disable
> aruba;command;aruba::ShowVersion;show version
> aruba;command;aruba::ShowMasterRedundancy;show master-redundancy
> aruba;command;aruba::ShowBoot;show boot
> aruba;command;aruba::ShowImageVersion;show image version
> aruba;command;aruba::Dir;dir
> aruba;command;aruba::ShowInterfaceTransceivers;show interface transceivers
> aruba;command;aruba::ShowPacketCapture;show packet-capture
> aruba;command;aruba::ShowInventory;show inventory
> aruba;command;aruba::ShowVLAN;show vlan
> aruba;command;aruba::WriteTerm;write term

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Fwd: Rancid - cmwlogin - HPE switches

[john heasley]

Fri, Oct 25, 2019 at 02:27:52PM +0200, Kevin Olbrich:
> Hi Henri,
> 
> ok, old releases are a no-go for me, as I have HP devices with recent FW
> that would loop (find diff on every refresh) as HP introduced a timestamp
> for some commands.
> I would like to see CMW work in 3.9+ but I was unable to get this working
> on my own (I have no perl skills and don't plan to extend them).

Assuming code quality, old scripts ought to work to with rancid 3.9/3.10.
See the FAQ S4 Q1.  The shebang of the script may need to be updated for
your environment.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] patch suggestion for Cisco Mobile Express

[john heasley]

Sun, Oct 13, 2019 at 09:53:21AM +, Piegorsch, Weylin William:
> Should an autonomous Aeronet AP have its config in rancid through wlc8?  I'd 
> had success (years ago, on older version of rancid and AeroOS) with type 
> cisco.  If this is a Aeronet AP on a WLC, then wouldn’t simply backing up the 
> WLC be sufficient?
> weylin

I can not answer that, but I am curious to see the diff that was produced
prior to this change.  Is it possible that it was terminal control characters
causing the changes?

> On 10/8/19, 7:51 AM, "Bjarne Saltbæk"  wrote:
> 
> Hi again.
> 
> I just realized that a patch in ciscowlc.pm would make more sense:
> 
> --- cut ---
> --- /usr/share/perl5/vendor_perl/rancid/ciscowlc.pm.org 2019-10-08 
> 13:30:29.894650701 +0200
> +++ /usr/share/perl5/vendor_perl/rancid/ciscowlc.pm 2019-10-08 
> 13:48:38.125686723 +0200
> @@ -137,6 +137,9 @@
> next if (/^\s*rogue ap classify/);
> next if (/^\s*rogue (adhoc|client) (alert|unknown)/i);
> next if (/^\s*interface nat-address management set 
> -?[0-9]{4,}\./);
> +   next if (/^\s*Config generation may take some time .../);
> +   next if (/^\s*# WLC Config Begin/);
> +   next if (/^\s*# WLC Config End/);
> 
> $linecnt++;
> 
> --- cut ---
> 
> 
> -- 
> Bjarne Saltbæk
> System Administrator
> Sinch Denmark
> 
> > -Original Message-
> > From: Bjarne Saltbæk
> > Sent: Tuesday, 8 October 2019 13.12
> > To: rancid-discuss@shrubbery.net
> > Subject: patch suggestion for Cisco Mobile Express
> > 
> > Hi
> > 
> > I am using the 3.9 version for backing up Cisco Mobility Express config 
> on a
> > Cisco Aironet 1830.
> > 
> > I was getting random garbage in the config by using
> > 
> > /etc/rancid/rancid.types.base
> > cisco-wlc8;script;rancid -t cisco-wlc8
> > cisco-wlc8;login;wlogin
> > cisco-wlc8;timeout;120
> > cisco-wlc8;module;ciscowlc
> > cisco-wlc8;inloop;ciscowlc::inloop
> > cisco-wlc8;command;ciscowlc::ShowUdi;show udi cisco-
> > wlc8;command;ciscowlc::ShowSysinfo;show sysinfo cisco-
> > wlc8;command;ciscowlc::ShowConfig;show run-config commands
> > 
> > changed ShowConfig from run-config commands to
> > 
> > cisco-wlc8;command;ciscowlc::ShowConfig;show run-config startup-
> > commands
> > 
> > But then ended up with new dates on every diff.
> > Fixed it by patching wlogin
> > --- cut ---
> > --- wlogin.bak  2019-10-08 12:14:31.085325057 +0200
> > +++ wlogin  2019-10-08 12:58:13.325178327 +0200
> > @@ -684,6 +684,8 @@
> >  for {set i 0} {$i < $num_commands} { incr i} {
> > send -- "[subst -nocommands [lindex $commands $i]]\r"
> > expect {
> > +   -re "^# WLC Config Begin.*\r\n" { exp_continue }
> > +   -re "^# WLC Config End.*\r\n"   { exp_continue }
> > -re "\b+"   { exp_continue }
> > -re "^\[^\n\r *]*$reprompt" { send_user -- 
> "$expect_out(buffer)"
> > }
> > --- cut ---
> > 
> > Feel free to add this to the upstream code.
> > 
> > BR,
> > Bjarne
> > 
> > 
> > 
> > --
> > Bjarne Saltbæk
> > System Administrator
> > Sinch Denmark
> 
> 
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme switch policy backup.

[john heasley]

Fri, Jul 12, 2019 at 08:05:30PM +, john heasley:
> Fri, Jul 12, 2019 at 08:30:28PM +0100, Paul Thornton:
> > Hi
> > 
> > We had a patch to 2.3's xrancid which we were running at some stage in 
> > the past N years that did this already - but can't I find it, and we 
> > aren't running it on our current rancid system either.  Thanks to Chris' 
> > E-mail at least I've been reminded of that.
> > 
> > It wasn't a hard thing to add.
> > 
> > On 12/07/2019 20:15, john heasley wrote:
> > > Tue, Jul 09, 2019 at 09:55:56PM +, Chris Davis:
> > >> We've just gotten a few Extreme switches (model X440-G2) and I've gotten 
> > >> them set up in Rancid.  But while I get the configs, I have a few 
> > >> policies as well.  They're kept as .pol files on the switch.  Is there a 
> > >> way to include the policy files in the backup that Rancid takes?  It 
> > >> would be particularly helpful.  I've done some searching, and seen folks 
> > >> ask about it.  But no real answers.  Lots of modifications to commands 
> > >> from 4 years ago but nothing current.  There's a command that will print 
> > >> it all out, just not sure how to add it into the mix.  Don't like to 
> > >> modify something like Rancid if there's already a way within the system 
> > >> to make it happen.
> > >
> > > what is the command to display the policy?  can you provide an example of
> > > the command and output, from prompt to the next prompt?  is the output
> > > format and order stable?
> > >
> > > i see an incomplete example here;
> > > http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html
> > 
> > The format isn't great.  The switch basically outputs
> > Policies at Policy Server:
> > Policy: 
> > 
> > Number of clients bound to policy: 
> > Client: 
> > 
> > My hunch would be not to try and parse this lot at all, but just execute 
> > the 'show policy detail' and wait for the prompt to come back.  I'm 
> > pretty sure that's all we did; I remember it just diffed everything and 
> > you saw quickly if a policy was added/removed just as easily.
> > It is theoretically possible for someone to have a prompt matching 
> > string in the policy file as a comment, but lets ignore that madness for 
> > now.
> > 
> > This example shows three policies as an example:
> > 
> > * ag1.hbr.2 # dis clip
> > * ag1.hbr.3 # show policy detail
> > Policies at Policy Server:
> > Policy: as65001-in-v4
> > entry term10 {
> 
> Cool.  Could you test this?

ping.  I'd be grateful if someone would test this change for policy
backup on extreme.

> diff --git a/etc/rancid.types.base b/etc/rancid.types.base
> index 18139479..6c3a80aa 100644
> --- a/etc/rancid.types.base
> +++ b/etc/rancid.types.base
> @@ -381,6 +381,7 @@ extreme;command;exos::ShowMemory;show memory
>  extreme;command;exos::ShowDiag;show diag
>  extreme;command;exos::ShowSwitch;show switch
>  extreme;command;exos::ShowSlot;show slot
> +extreme;command;exos::ShowPolicy;show policy detail
>  extreme;command;exos::WriteTerm;show configuration detail
>  extreme;command;exos::WriteTerm;show configuration
>  #
> diff --git a/lib/exos.pm.in b/lib/exos.pm.in
> index fd7d1482..710a5c0f 100644
> --- a/lib/exos.pm.in
> +++ b/lib/exos.pm.in
> @@ -1,7 +1,5 @@
>  package exos;
>  ##
> -## $Id$
> -##
>  ## @PACKAGE@ @VERSION@
>  @copyright@
>  #
> @@ -161,6 +159,21 @@ sub ShowDiag {
>  return(0);
>  }
>  
> +# This routine parses "show policy detail"
> +sub ShowPolicy {
> +my($INPUT, $OUTPUT, $cmd) = @_;
> +print STDERR "In ShowPolicy: $_" if ($debug);
> +
> +while (<$INPUT>) {
> + tr/\015//d;
> + last if (/^$prompt/);
> + next if (/^(\s*|\s*$cmd\s*)$/);
> +
> + ProcessHistory("POLICY","","","# $_");
> +}
> +return(0);
> +}
> +
>  # This routine parses "show slot"
>  sub ShowSlot {
>  my($INPUT, $OUTPUT, $cmd) = @_;
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Tellabs equipment

[john heasley]

Mon, Aug 26, 2019 at 06:57:27PM +, Luke Smith:
> I'm new to configuring Rancid, so forgive me if I'm not asking the right 
> questions. I've turned up a rancid server, I can get Cisco, Adtran, and 
> Foundry no issues. I'm moving over to my Tellabs now and I've found a 
> rancid-ssi github that I was able to find a tlrancid.in file on the commands 
> needed and clogin works fine to get me into the device, but when I actually 
> start a run, it doesn't get into the device, what happens in the logs I get 
> the following error:
> 
> Trying to get all of the configs.
> exec(tlrancid) failed router manufacturer tellabs: No such file or directory
> 
> I went ahead and in the rancid.types.base I added the following:

I recommend using rancid.types.conf instead; see the comment at the
top of .base.

> # Tellabs
> tellabs;script;tlrancid
> tellabs;login;clogin
> 
> If I manually run the tlrancid or clogin command, it gets in just fine. 
> However, I don't actually get the scripts to run ... so I'm assuming I'm 
> missing a correlation between files. Any help would be appreciated.
> 

make sure that tlrancid is executable, has the correct interpretter as
its first line and it in rancid's path according to rancid.conf:PATH
or make it a FQPN in the rancid.types.conf entry.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] RANCID 3.8 and Git - sync to remote repo instead of or in addition to local repo?

[john heasley]

Wed, Aug 21, 2019 at 09:10:04PM +, Ni Ne:
> Running rancid 3.8 and I would like to (re-)publish the rancid config files 
> (for devices themselves) to a gitlab server we have internally.
> 
> I am still learning about Git and not very familiar with rancid's interaction 
> with it.
> 
> Is it feasible to have rancid update both repo's simultaneously? The local 
> one on the server, and a remote repo?

this is covered in the rancid FAQ.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid issues

[john heasley]

Wed, Aug 21, 2019 at 12:10:35PM +0200, Chris Knipe:
> Hi All,
> 
> Rancid setup and everything's fine form what I can tell.  I'm getting a
> strange error I haven't seen before:
> 
> router.db:
> za-ctn-pe01;mikrotik;up
> 
> bash-4.2$ ./bin/rancid -d -t mikrotik za-ctn-pe01
> loadtype: device type mikrotik
> loadtype: found device type mikrotik in /srv/rancid/etc/rancid.types.base
> executing mtlogin -t 90 -c"" za-ctn-pe01
> inloop is not configured for device type mikrotik at ./bin/rancid line 130.
> 
> Not quite sure what is happening at this stage...

bin/rancid does not work this way with scripts that have not been converted
to modules.  It could be made to work, I just had not anticipated it.  you
must run the script itself.

mtrancid [opts] hostname

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Improving Rancid's processing speed when having 1k+ devices

[john heasley]

Fri, Jul 26, 2019 at 02:34:49AM -0700, Florin Vlad Olariu:
> On 25 July 2019 at 18:16:48, Scott Granados
> (scott.grana...@gmail.com(mailto:scott.grana...@gmail.com)) wrote:
> 
> > I would also recommend running multiple rancid servers maybe scatter them 
> >geographically so it’s not a single machine pulling all the weight. Break 
> >the work loads up among them.
> 
> Great advice which didn't cross my mind. Might have to resort to this
> if I want ~ 1m poll times.

topologically close servers can help, but I would just run more processes
instead.  less mgmt overhead.

> > - make sure that the rancid user is not process rlimited to less than ~605
> processes; or PAR_COUNT * 2 + 5 or so.
> 
> My `ulimit -u` gives "4096". I don't this this is a factor?

unlikely.  make sure its not others; -n -d.  you'd see processes being
killed in the logs

...

Are your configs very large?  I have one group of 252 devices that are
scattered around the global totaling 1.2G of on-disk rancid output which
takes about 28m to collect with 16 processes.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Adjust Rancid-Run Default Run Location

[john heasley]

Fri, Jul 26, 2019 at 09:37:36AM +, Sheeter, Kyle:
> Hey guys,
> 
> I have been trying to figure out what happened to my RANCID install after a 
> linux upgrade, and it looks like it adjusted some parameters that my 
> predecessor setup when he built the machine.  He used a subdirectory 
> (/home/rancid/rancid/) to store all of our RANCID files, but when I did the 
> ubuntu upgrade now rancid-run just runs from the default directory.
> 
> I looked over the man page but didn't see anything on how to change that.  
> Anyone have some good documentation on how to change that?

etc/rancid.conf:BASEDIR see rancid.conf(5); presumably the upgrade saved a
copy of the old file as etc/rancid.conf..

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Possible bug

[john heasley]

Fri, Jul 26, 2019 at 08:24:35AM -0400, Ugo Bellavance:
> Hi,
> 
> I think that there might be a problem with the fnlogin script. It may
> because I'm attempting to execute it on a Fortiweb system (not Fortigate),
> but there is one last ' "send "end\r" ' that shouldn't be there.
> 
> Sample of ssh session with the unit, doing the same thing as the fnolgin
> script:
> 
> [rancid@server bin]$ ssh -l ranciduser fortiweb.example.com
> rancidu...@fortiweb.example.com's password:
> fortiweb $ config system console
> 
> fortiweb (console) $ set output standard
> 
> fortiweb (console) $ end
> 
> fortiweb $ end
> Command fail. CLI parsing error.

it should be sending 'config global' first.  Have you altered the script?

> I'm using the fnlogin script "3915 2018-10-29 21:05:01Z"

This part of the script has not changed since then.

> I don't have a Fortigate unit to test, so I do not know if it's OS-related
> or not.


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Fortinet private key problem

[john heasley]

Thu, Jul 25, 2019 at 02:52:42PM -0400, Ugo Bellavance:
> Hi,
> 
> I'm trying to get rancid to work with my Fortinet device.  It seems to work
> OK, except for the fact that it doesn't collect the whole config. It looks
> like it's stuck in the removal of the private key.  It stops like this:
> 
> #set private-key "-BEGIN ENCRYPTED PRIVATE KEY-
> # 
> Connection to server.xxx.xxx closed.
> 
> I checked the code for filter cycling RSA private keys, but I don't know
> where would be the problem.
> 
> Any help or suggestion would be appreciated.

what version of rancid?  show us example input.  test that you can run the
command with the login script and receive the full output.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Improving Rancid's processing speed when having 1k+ devices

[john heasley]

Thu, Jul 25, 2019 at 08:14:28AM -0700, Emille Blanc:
> I've seen/heard stories of people pre-empting rancid with an snmp-get of the 
> config-last-changed / last committed OID, to generate a list of devices to 
> run against.

a building block for that is in the FAQ S3 Q10; using syslog 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid and the Cisco 5000 Nexus Platform

[john heasley]

Tue, Jul 23, 2019 at 01:29:01AM -0700, Florin Vlad Olariu:
> I am running version 3.9 [2] and the logs looks like in [1]. I tried
> un-commenting the line that states
> "#cisco-nx;command;rancid::RunCommand;term no monitor-force" but it doesn't
> work anyway.

keep that; it prevents logs/etc from mangling prompts and commands that
rancid wants to match.

> Reading about your comment on "show version" made me try and un-comment
> that line... (and only that line) and after that it worked!. But why do I
> need to have show version in there at all for this to properly work?
> 
> An alternative solution I had was to put variables "$clean_run" and
> "$found_end" to 1 in the /usr/local/rancid/bin/rancid file, but of course
> this is not ideal as it applies to all types of routers.
> 
> Any idea how can I gather config _without_ needing "show version" also?

As I mentioned, the model sometimes affects the handling of the config.
I do not remember off the top why this is so in nxos.  i'll try to look
later.  its not that much extra data and it should all be commented.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid with Dell PowerConnect M8024-k

[john heasley]

Tue, Jul 23, 2019 at 03:53:39AM +, Dennis Jasch:
> Hi,
> 
> I have been Googleing a lot on how to get this to work, but had no luck yet.
> 
> Observium version: 19.7.9977
> Rancid version: 3.9
> Device: Dell PowerConnect M8024-k
> 
> The Observium PHP script to generate the rancid router.db classifies the 
> switch as "dell" - is this correct? I'm lead to believe it may have to be 
> "smc".

I can not say, I do not know this device and dell OEMs all of their
switch h/w, except perhaps white box h/w.  If the cli and config look
like another device type in rancid, then that type will likely work.
Else, perhaps show an example of the cli and config to the list.

smc would be my guess as well.  so, maybe show us the errors and try
the debug procedure from the FAQ S3 Q2.

If you discover one, please lmk and I will document it in rancid.types.base
along with the others.

> I have tried both, but neither seems to successfully pull the config. The 
> process seems to just hang indefinitely.
> 
> Testing using: /opt/rancid/bin/clogin -c"show version;" 10.x.x.x seems to 
> work correctly.
> 
> Logs seem to suggest:
> 10.x.x.x: End of run not found
> 
> Any suggestions would be greatly appreciated.
> 
> Regards,
> Dennis.
> 
> 

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid and the Cisco 5000 Nexus Platform

[john heasley]

Mon, Jul 22, 2019 at 08:51:09AM -0700, Florin Vlad Olariu:
> Hello,
> 
> I have some cisco Nexus 5k and I'm having some trouble grabbing the "show
> run" through rancid. In my setup I commented out most commands in the
> "rancid.types.base" file except for the "show run" section. The problem is
> that with the file commented, rancid can't manage to grab the output
> because, according to the logs, "End of run not found". Is this message
> based on finding the word "end" in the configuration? Because if that's the
> requirement, then even when manually doing "show run" it's not there.

please show us the error from the log file and tell us what version of
rancid.  also, please follow the test in the FAQ S3 Q2.

Also, for some devices show version is required; as the device type can
affect other parsing.  I doubt that is the problem for nxos, but you
also commented this:

> #cisco-nx;command;rancid::RunCommand;term no monitor-force

which i suspect is the problem, having now seen the errors.

> The curious thing is that if I un-comment all the other show commands, then
> rancid does manage to grab the router config, although of course that is
> not ideal. Below [1] you can find the "rancid.types.base" config.
> 
> cisco-nx;script;rancid -t cisco-nx

please read the warning at the top of etc/rancid.types.base

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[john heasley]

Sat, Jul 20, 2019 at 12:29:19AM +0200, Erik Muller:
> On 7/19/19 22:32 , john heasley wrote:
> > Mon, Jul 15, 2019 at 10:30:42PM +, Gauthier, Chris:
> >> The only way in CLI to do a "show run" type of output in XML format is to 
> >> execute the following commands.  This holds true for both Panorama and 
> >> Pan-OS (not managed by Panorama):
> >>
> >> User@Palo-Alto-FW> set cli config-output-format xml
> >> User@Palo-Alto-FW> configure
> >> Entering configuration mode
> >> [edit]
> >> User@Palo-Alto-FW# show
> >> 
> >>
> >>  
> >> Truncated to hide my config
> >>
> >> --Chris
> > 
> > I am confused; please help me understand so that we wrap-up this issue.
> > 
> > There are two configs, the normal one in show config run, and one that
> > comes from panorama config (if in use) that is visible on the "panorama
> > clients" (my term) with show config merged.
> 
> Correct.  Each PANOS device that's managed via Panorama has a local 
> persistent configuration that includes device-specific things like local 
> management address, HA-pair, user accounts...
> Panorama stores in it's config a bunch of rulesets and templates that can 
> be applied to the managed devices; when it pushes those to a managed device 
> they're merged at runtime into that device's live config, but not part of 
> that box's actual local config.
> 
> > the panorama (master) offers a cli, just like a panorama client, where
> > the panorama configuration can be viewed with 'show config run'.
> > 
> > these configs can be dumped as xml or text.  only xml can be loaded.
> > 
> > Do i have all of this correct?  I did not glean much useful info from the
> > palo alto website.
> 
> all correct, TTBOMK.
> -e
> 

Super; thanks.

Is it sensible to collect all three?  ie: the xml of the base, the base,
and the merged.

> > 
> >> -Original Message-
> >> From: Rancid-discuss  on behalf of 
> >> john heasley 
> >> Date: Monday, July 15, 2019 at 3:00 PM
> >> To: Erik Muller 
> >> Cc: "rancid-discuss@shrubbery.net" 
> >> Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup
> >>
> >> Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> >>> On 7/12/19 14:15 , Gauthier, Chris wrote:
> >>>> Rancid configs for PAN can NOT be used to restore the config, unless you
> >>>> cut and paste the configuration. This is because the native config files
> >>>> are stored in XML format and that is the format the Palo Alto utilities
> >>>> expect when performing restorations.
> >>>
> >>> Having recently needed to deal with a bunch of PAs, I ran into that same
> >>> issue and ended up writing a tool (https://github.com/ermuller/bracematch)
> >>> to simplify the process.
> >>>
> >>> RE the other question about Panorama vs device configs, if you're backing
> >>> up your Panorama configuration (which has been fine via Rancid in my
> >>
> >> How are you backing the Panorama configuration?  is that just another
> >> rancid 'paloalto' target?
> >>
> >>> experience) as well as the base config on the device, you don't need to
> >>> backup the merged configuration.  And you probably shouldn't pull the
> >>> merged config, for restore purposes, as anything other than the local
> >>> device configuration will come from the Panorama templates once the device
> >>> is replaced.  Of course, the merged config might still be convenient to
> >>> save to easily see the complete policy set active on a given box.
> >>>
> >>> -e
> > 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[john heasley]

Mon, Jul 15, 2019 at 10:30:42PM +, Gauthier, Chris:
> The only way in CLI to do a "show run" type of output in XML format is to 
> execute the following commands.  This holds true for both Panorama and Pan-OS 
> (not managed by Panorama):
> 
> User@Palo-Alto-FW> set cli config-output-format xml
> User@Palo-Alto-FW> configure
> Entering configuration mode
> [edit]
> User@Palo-Alto-FW# show
> 
>   
> 
> Truncated to hide my config
> 
> --Chris

I am confused; please help me understand so that we wrap-up this issue.

There are two configs, the normal one in show config run, and one that
comes from panorama config (if in use) that is visible on the "panorama
clients" (my term) with show config merged.

the panorama (master) offers a cli, just like a panorama client, where
the panorama configuration can be viewed with 'show config run'.

these configs can be dumped as xml or text.  only xml can be loaded.

Do i have all of this correct?  I did not glean much useful info from the
palo alto website.

thanks

> -Original Message-
> From: Rancid-discuss  on behalf of john 
> heasley 
> Date: Monday, July 15, 2019 at 3:00 PM
> To: Erik Muller 
> Cc: "rancid-discuss@shrubbery.net" 
> Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup
> 
> Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> > On 7/12/19 14:15 , Gauthier, Chris wrote:
> > > Rancid configs for PAN can NOT be used to restore the config, unless you
> > > cut and paste the configuration. This is because the native config files
> > > are stored in XML format and that is the format the Palo Alto utilities
> > > expect when performing restorations.
> >
> > Having recently needed to deal with a bunch of PAs, I ran into that same
> > issue and ended up writing a tool (https://github.com/ermuller/bracematch)
> > to simplify the process.
> >
> > RE the other question about Panorama vs device configs, if you're backing
> > up your Panorama configuration (which has been fine via Rancid in my
> 
> How are you backing the Panorama configuration?  is that just another
> rancid 'paloalto' target?
> 
> > experience) as well as the base config on the device, you don't need to
> > backup the merged configuration.  And you probably shouldn't pull the
> > merged config, for restore purposes, as anything other than the local
> > device configuration will come from the Panorama templates once the device
> > is replaced.  Of course, the merged config might still be convenient to
> > save to easily see the complete policy set active on a given box.
> >
> > -e

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Getting a lot of noise related to ce_switch.log and ce_switch.log.bak

[john heasley]

Wed, Jul 17, 2019 at 12:36:04AM +, heasley:
> Wed, Jul 10, 2019 at 01:39:34AM -0700, Dan Mahoney (Gushi):
> > On Tue, 11 Sep 2018, heasley wrote:
> > 
> > > Mon, Sep 10, 2018 at 01:45:42AM -0700, Dan Mahoney (Gushi):
> > >> Hey all,
> > >>
> > >> I'm running Rancid built from freebsd packages, rancid3-3.7
> > >>
> > >> Periodically, my ASR9K's log something like this:
> > >>
> > >>   !Flash: harddisk: 24753   -rwx  800470016   Wed Sep 10 20:00:00 
> > >> 2014
> > >> VM-ASR9K-px-4.3.4.tar
> > >> - !Flash: harddisk: 24623   -rw-
> > >> ce_switch.log
> > >> + !Flash: harddisk: 24781   -rw-  8192017 Mon Sep 10 05:10:03 
> > >> 2018
> > >> ce_switch.log.bak
> > >>   !Flash: harddisk: 24688   -rw-  1048576 Thu Sep 11 02:08:46 
> > >> 2014
> > >> kd.bin_0_RSP0_CPU0
> > >>   !Flash: harddisk: 24625   drwx  4096Thu Sep 11 01:38:55 
> > >> 2014
> > >> idiags
> > >>   !Flash: harddisk: 24626   -rw-  0   Thu Sep 11 01:40:24 
> > >> 2014
> > >> ahci.log
> > >>   !Flash: harddisk: 24627   drwx  4096Thu Sep 11 02:20:32 
> > >> 2014
> > >> np
> > >> - !Flash: harddisk: 24783   -rw-  8192017 Fri Sep  7 08:18:57 
> > >> 2018
> > >> ce_switch.log.bak
> > >> + !Flash: harddisk: 24628   -rw-
> > >> ce_switch.log
> > >>   !Flash: harddisk: 6442434560 bytes total (4 GB free)
> > >>
> > >> I thought I saw something on the mailing lists that this was fixed in a
> > >> prior version, but I guess not.  How would I go about tweaking rancid so
> > >> these bits are ignored?
> > >
> > > add a filter to DirSlotN().  i see that your device is renaming files,
> > > causing the fileno to change.  I'll add that filter for 3.9.
> > 
> > Sorry to revive an old thread.
> > 
> > I've upgraded to 3.9, but this doesn't seem to have been fixed:
> 
> My mistake; I made this change to ios.pm, but did not also change iosxr.pm.
> I'll work on that change.

ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.9.99.tar.gz

or

diff --git a/CHANGES b/CHANGES
index fbf20763..4139a17a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,4 @@
 3.9.99
-   iosxr.pm: DirSlotN(): drop the file number from all files.
-
Missing Arista documentation - github.com/inphobia
 
GC "procket" from manpages & README
diff --git a/lib/iosxr.pm.in b/lib/iosxr.pm.in
index 5c2e7008..1af4fd8e 100644
--- a/lib/iosxr.pm.in
+++ b/lib/iosxr.pm.in
@@ -555,7 +555,7 @@ sub DirSlotN {
}
# filter frequently changing files from IOX bootflash, hardiska,
# and nvram
-   if ($dev =~ /(bootflash|disk[012]|harddisk|nvram)/) {
+   if ($dev =~ /(bootflash|disk0|harddisk|nvram)/) {
if (/\s(\.python-history|aaa|\.bash_history)\s*$/ ||
/\s(ce_switch.log\S*|cisco_support|errmsg_cont)\s*$/ ||
/\s(genstr_cont|temp_cont|temp_cont|temp_static_data)\s*$/ ||
@@ -564,47 +564,50 @@ sub DirSlotN {
# 57  -rw-  23100 volt_cont
# 614788  drwx  4096Fri Aug 20 12:06:25 2010  
temp_cont
# to
-   # -rw-volt_cont
-   # drwxtemp_cont
-   if (/\s*\d+\s+(\S+\s+)(\d+)(\s+)()(\s+)/) {
+   # 57  -rw-volt_cont
+   # 614788  drwx
temp_cont
+   if (/(\s*\d+\s+\S+\s+)(\d+)(\s+)()(\s+)/) {
my($a, $sz, $c, $dt, $d, $rem) = ($1, $2, $3, $4, $5, $');
my($szl) = length($sz);
my($fmt) = "%s%-". $szl ."s%s%s%s%s";
-   $_ = sprintf($fmt, $c, $dt, $d, $rem);
+   $_ = sprintf($fmt, $a, "", $c, $dt, $d, $rem);
ProcessHistory("FLASH","keysort",$rem,"!Flash: $dev: $_");
next;
-   } elsif (/\s*\d+\s+(\S+\s+\d+\s+)(\d+\s+\w+\s+\d+\s+\d+:\d+)/) {
+   } elsif 
(/(\s*\d+)(\s+\S+\s+\d+\s+)(\d+\s+\w+\s+\d+\s+\d+:\d+)/) {
# XR >= 6.3; dir disk0:, but harddisk: is diff format.  wtf
# drop fileno size, & date.
# " 8002 drwxr-xr-x 2 4096 Jan 17 15:27 np"
-   my($perm, $dt, $rem) = ($1, $2, $');
-   my($dtl) = length($dt);
- 

Re: [rancid] Dell EMC S5200-ON series switches running OS10

[john heasley]

Thu, Jul 18, 2019 at 12:25:30PM +0200, Bjørn Skobba:
> Hi,
> first of all, I'm new to rancid and the list, so please bear with me :)
> 
> I have a question regarding devices (in this case a S5296F-ON switch)
> running OS10 Network Operating System.
> 
> We have quite a few Force10 S-series switches running FTOS which rancid
> happily pulls config from. The new S5200-series switches support only OS10
> (and some 3rd party OS'es), and I have been struggling with getting rancid
> to pull config.
> 
> I have tried different device types like dell, force10 and smc.
> 
> Before digging deeper into the fine details; has anyone successfully gotten
> rancid to work with OS10 and can point me in the right direction?

I haven't seen one myself; but from the limited info I find on dell.com,
it looks similar to the Fujitsu, with a different vocabulary.  Perhaps
try that, else contact me off list and I'll try to help.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Getting a lot of noise related to ce_switch.log and ce_switch.log.bak

[heasley]

Wed, Jul 10, 2019 at 01:39:34AM -0700, Dan Mahoney (Gushi):
> On Tue, 11 Sep 2018, heasley wrote:
> 
> > Mon, Sep 10, 2018 at 01:45:42AM -0700, Dan Mahoney (Gushi):
> >> Hey all,
> >>
> >> I'm running Rancid built from freebsd packages, rancid3-3.7
> >>
> >> Periodically, my ASR9K's log something like this:
> >>
> >>   !Flash: harddisk: 24753   -rwx  800470016   Wed Sep 10 20:00:00 2014
> >> VM-ASR9K-px-4.3.4.tar
> >> - !Flash: harddisk: 24623   -rw-
> >> ce_switch.log
> >> + !Flash: harddisk: 24781   -rw-  8192017 Mon Sep 10 05:10:03 2018
> >> ce_switch.log.bak
> >>   !Flash: harddisk: 24688   -rw-  1048576 Thu Sep 11 02:08:46 2014
> >> kd.bin_0_RSP0_CPU0
> >>   !Flash: harddisk: 24625   drwx  4096Thu Sep 11 01:38:55 2014
> >> idiags
> >>   !Flash: harddisk: 24626   -rw-  0   Thu Sep 11 01:40:24 2014
> >> ahci.log
> >>   !Flash: harddisk: 24627   drwx  4096Thu Sep 11 02:20:32 2014
> >> np
> >> - !Flash: harddisk: 24783   -rw-  8192017 Fri Sep  7 08:18:57 2018
> >> ce_switch.log.bak
> >> + !Flash: harddisk: 24628   -rw-
> >> ce_switch.log
> >>   !Flash: harddisk: 6442434560 bytes total (4 GB free)
> >>
> >> I thought I saw something on the mailing lists that this was fixed in a
> >> prior version, but I guess not.  How would I go about tweaking rancid so
> >> these bits are ignored?
> >
> > add a filter to DirSlotN().  i see that your device is renaming files,
> > causing the fileno to change.  I'll add that filter for 3.9.
> 
> Sorry to revive an old thread.
> 
> I've upgraded to 3.9, but this doesn't seem to have been fixed:

My mistake; I made this change to ios.pm, but did not also change iosxr.pm.
I'll work on that change.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[john heasley]

Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> On 7/12/19 14:15 , Gauthier, Chris wrote:
> > Rancid configs for PAN can NOT be used to restore the config, unless you 
> > cut and paste the configuration. This is because the native config files 
> > are stored in XML format and that is the format the Palo Alto utilities 
> > expect when performing restorations.
> 
> Having recently needed to deal with a bunch of PAs, I ran into that same 
> issue and ended up writing a tool (https://github.com/ermuller/bracematch) 
> to simplify the process.
> 
> RE the other question about Panorama vs device configs, if you're backing 
> up your Panorama configuration (which has been fine via Rancid in my 

How are you backing the Panorama configuration?  is that just another
rancid 'paloalto' target?

> experience) as well as the base config on the device, you don't need to 
> backup the merged configuration.  And you probably shouldn't pull the 
> merged config, for restore purposes, as anything other than the local 
> device configuration will come from the Panorama templates once the device 
> is replaced.  Of course, the merged config might still be convenient to 
> save to easily see the complete policy set active on a given box.
> 
> -e
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme switch policy backup.

[john heasley]

Fri, Jul 12, 2019 at 08:30:28PM +0100, Paul Thornton:
> Hi
> 
> We had a patch to 2.3's xrancid which we were running at some stage in 
> the past N years that did this already - but can't I find it, and we 
> aren't running it on our current rancid system either.  Thanks to Chris' 
> E-mail at least I've been reminded of that.
> 
> It wasn't a hard thing to add.
> 
> On 12/07/2019 20:15, john heasley wrote:
> > Tue, Jul 09, 2019 at 09:55:56PM +, Chris Davis:
> >> We've just gotten a few Extreme switches (model X440-G2) and I've gotten 
> >> them set up in Rancid.  But while I get the configs, I have a few policies 
> >> as well.  They're kept as .pol files on the switch.  Is there a way to 
> >> include the policy files in the backup that Rancid takes?  It would be 
> >> particularly helpful.  I've done some searching, and seen folks ask about 
> >> it.  But no real answers.  Lots of modifications to commands from 4 years 
> >> ago but nothing current.  There's a command that will print it all out, 
> >> just not sure how to add it into the mix.  Don't like to modify something 
> >> like Rancid if there's already a way within the system to make it happen.
> >
> > what is the command to display the policy?  can you provide an example of
> > the command and output, from prompt to the next prompt?  is the output
> > format and order stable?
> >
> > i see an incomplete example here;
> > http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html
> 
> The format isn't great.  The switch basically outputs
> Policies at Policy Server:
> Policy: 
> 
> Number of clients bound to policy: 
> Client: 
> 
> My hunch would be not to try and parse this lot at all, but just execute 
> the 'show policy detail' and wait for the prompt to come back.  I'm 
> pretty sure that's all we did; I remember it just diffed everything and 
> you saw quickly if a policy was added/removed just as easily.
> It is theoretically possible for someone to have a prompt matching 
> string in the policy file as a comment, but lets ignore that madness for 
> now.
> 
> This example shows three policies as an example:
> 
> * ag1.hbr.2 # dis clip
> * ag1.hbr.3 # show policy detail
> Policies at Policy Server:
> Policy: as65001-in-v4
> entry term10 {

Cool.  Could you test this?

diff --git a/etc/rancid.types.base b/etc/rancid.types.base
index 18139479..6c3a80aa 100644
--- a/etc/rancid.types.base
+++ b/etc/rancid.types.base
@@ -381,6 +381,7 @@ extreme;command;exos::ShowMemory;show memory
 extreme;command;exos::ShowDiag;show diag
 extreme;command;exos::ShowSwitch;show switch
 extreme;command;exos::ShowSlot;show slot
+extreme;command;exos::ShowPolicy;show policy detail
 extreme;command;exos::WriteTerm;show configuration detail
 extreme;command;exos::WriteTerm;show configuration
 #
diff --git a/lib/exos.pm.in b/lib/exos.pm.in
index fd7d1482..710a5c0f 100644
--- a/lib/exos.pm.in
+++ b/lib/exos.pm.in
@@ -1,7 +1,5 @@
 package exos;
 ##
-## $Id$
-##
 ## @PACKAGE@ @VERSION@
 @copyright@
 #
@@ -161,6 +159,21 @@ sub ShowDiag {
 return(0);
 }
 
+# This routine parses "show policy detail"
+sub ShowPolicy {
+my($INPUT, $OUTPUT, $cmd) = @_;
+print STDERR "In ShowPolicy: $_" if ($debug);
+
+while (<$INPUT>) {
+   tr/\015//d;
+   last if (/^$prompt/);
+   next if (/^(\s*|\s*$cmd\s*)$/);
+
+   ProcessHistory("POLICY","","","# $_");
+}
+return(0);
+}
+
 # This routine parses "show slot"
 sub ShowSlot {
 my($INPUT, $OUTPUT, $cmd) = @_;

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme switch policy backup.

[john heasley]

Tue, Jul 09, 2019 at 09:55:56PM +, Chris Davis:
> We've just gotten a few Extreme switches (model X440-G2) and I've gotten them 
> set up in Rancid.  But while I get the configs, I have a few policies as 
> well.  They're kept as .pol files on the switch.  Is there a way to include 
> the policy files in the backup that Rancid takes?  It would be particularly 
> helpful.  I've done some searching, and seen folks ask about it.  But no real 
> answers.  Lots of modifications to commands from 4 years ago but nothing 
> current.  There's a command that will print it all out, just not sure how to 
> add it into the mix.  Don't like to modify something like Rancid if there's 
> already a way within the system to make it happen.

what is the command to display the policy?  can you provide an example of
the command and output, from prompt to the next prompt?  is the output
format and order stable?

i see an incomplete example here;
http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[john heasley]

Thu, Jul 11, 2019 at 02:37:51PM +, Anderson, Charles R:
> You can use "show config merged" to see the local device's config merged with 
> the templates from Panorama.

Does this work with "non-managed" (better term?) configs?  And, was this
command introduced recently?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[john heasley]

Thu, Jul 11, 2019 at 02:19:00PM +, Gauthier, Chris:
> I have run into the issues seen below, as we migrated to a fully-managed 
> Panorama ecosystem in recent months.  The output of the “show configuration 
> running” (or whatever it is) is more limited on the managed device because (I 
> believe) what is being shown is only the locally-managed configuration.  I 
> haven’t looked yet to see if there is a workaround.
> 
> --Chris

I have no experience with these.  If more commands are necessary, lmk.

> Chris Gauthier Senior Network Engineer | Comscore
> t +1 (503) 331-2704 |
> cgauth...@comscore.com
> comscore.com
> ​​​This e-mail (including any attachments) may contain information that is 
> private, confidential, or protected by attorney-client or other privilege. If 
> you received this e-mail in error, please delete it from your system and 
> notify sender.
> From: Rancid-discuss  on behalf of 
> annie lee 
> Date: Wednesday, July 10, 2019 at 6:02 PM
> To: john heasley 
> Cc: "rancid-discuss@shrubbery.net" 
> Subject: Re: [rancid] Palo Alto (Panorama) configuration
> 
> i tried to grab the configs from the panorama and it's what i wanted :-)
> apology, im pretty new to the paloalto and panorama device/setup.
> 
> thanks and glad i can backup the palo/panorama configs without any tweaking.
> 
> On Thu, Jul 11, 2019 at 9:23 AM annie lee 
> mailto:lsy.an...@gmail.com>> wrote:
> Hi John,
> 
> Thanks for your reply and apology for the typo on the paloalto type.  
> (1.1.1.1;paloalto;up)
> Below are the sample config for one of the firewall configs (removed all the 
> ip addresses).
> Basically there are heaps more configs (routing, policy, NAT, virtual router 
> and etc...) i can see from the Panorama.
> Not sure its similar to F5 tweak that we need to add the partition to grab 
> the full configs.
> 
> Rgds
> 
> On Thu, Jul 11, 2019 at 7:42 AM john heasley 
> mailto:h...@shrubbery.net>> wrote:
> Wed, Jul 10, 2019 at 11:53:42AM +1000, annie lee:
> > Hi All,
> >
> > Another question, just added a new PaloAlto to rancid (3.9) but not much
> > configurations being backup (not even interfaces addresses)
> > Anything need to be changed/added to backup the entire configuration ?
> >
> > 1.1.1.1;palo-alto;up
> 
> Please use the built-in type for PAN: paloalto.  if that is still lacking,
> please be more specific about what commands are missing.  it collects
> 
> show system info;show chassis inventory;show config running

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[john heasley]

Wed, Jul 10, 2019 at 11:53:42AM +1000, annie lee:
> Hi All,
> 
> Another question, just added a new PaloAlto to rancid (3.9) but not much
> configurations being backup (not even interfaces addresses)
> Anything need to be changed/added to backup the entire configuration ?
> 
> 1.1.1.1;palo-alto;up

Please use the built-in type for PAN: paloalto.  if that is still lacking,
please be more specific about what commands are missing.  it collects

show system info;show chassis inventory;show config running

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Watchguard xml file

['john heasley']

Wed, Jul 03, 2019 at 06:49:20PM +, Wayne Eisenberg:
> -Original Message-
> From: 'john heasley'  
> Sent: Wednesday, July 03, 2019 1:41 PM
> To: Wayne Eisenberg 
> Cc: 'john heasley' ; 'rancid-discuss@shrubbery.net' 
> 
> Subject: Re: [rancid] Watchguard xml file
> 
> 
> >> However, in the xtm.pm module, line 102 defines it again. 
> 
> >i'm not familiar with this device, but redefining (or refining) the prompt 
> >is normal.  the filter functions and login scripts begin with something 
> >loose, and once it sees the prompt, it can be refined to be more precise, 
> >and >may later further refine it (eg: in run_commands) to match the prompt 
> >when/if it changes in config or other modes that are platform dependent.
> 
> Ah, if I only had that skill.
> 
> >> ---
> >> while (/\s*($cmds_regexp)\s*$/) {
> >>$cmd = $1;
> >>$prompt = ">>";
> this is probably a mistake; should be part of the 
> while() regex.  I suspect it might be here because the author could not make 
> the regex below match correctly.
> 
> >>if (!defined($prompt)) {
> >>$prompt = ($_ =~ /^([^>]+>)/)[0];
> >>$prompt =~ s/([][}{)(\\])/\\$1/g;
> >>print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
> >>}
> >> ---
> >> Once you get to the sub ShowConfiguration section, on line 199 if it sees 
> >> the prompt, end. Guess what? The "#" character is inside the config (there 
> >> is some html code in one of the xml sections) and that is where the config 
> >> ends.
> 
> >seems that the prompt is ">>".
> 
> Yes, in this example. I wanted to show the original file, not something that 
> I modded. In my current version, the line is
> $prompt = ">>|#"
> which works, but causes the problem of the config getting truncated because 
> it sees "#" as the prompt. The $prompt should either be the entire thing or 
> some string that ends in #.

yes, this is why it refines the prompt match to be the complete thing, but
it has to see one before it can extract it.  and your inloop set is at the
top of the loop, so it never refines it to be the whole prompt.

> >> ---
> >> sub ShowConfiguration {
> >> my($INPUT, $OUTPUT, $cmd) = @_;
> >> my($lines) = 0;
> >> my($snmp) = 0;
> >> print STDERR "In ShowConfiguration: $_" if ($debug);
> >> # We don't care about password filtering as passwords are hashed
> >> # So don't use this if you need it (or develop the functionality).
> >> if ($filter_pwds >= 1){
> >> print STDERR "WARNING: Password filtering isn't implemented 
> >> yet!\n";
> >> print STDERR "Either disable password filtering in rancid.conf";
> >> print STDERR " or don't use this plugin.\n";
> >> }
> >> s/^[a-z]+@//;
> >> ProcessHistory("","","","# $_");
> >> while (<$INPUT>) {
> >>tr/\015//d;
> >>next if (/^\s*$/);
> >># end of config - hopefully.
> >># end-of-config tag.  appears to end with "\nPROMPT:~$".
> >>if (/$prompt/) {
> >>$found_end++;
> >>last;
> >>}
> >> ---
> >> 
> >> So I'm thinking if I can figure out a different way to define the prompt 
> >> to be more than just the # sign (at least in the xtm.pm), that should do 
> >> the trick? Can you do something like $prompt = "#$" ?

it has to be as a set (regex or glob), like; [#$].  but that is a single
atom; if your prompt is or may be ">>", then you likely need to use a
group atom, like (>>|#).

> >its better to anchor it and have it be as complete as reasonable.  eg:
> >not #
> >not hostname#
> >but ^hostname#
> 
> >look at ios.pm.
> 
> Looking, but I don't see anywhere that it defines the prompt. It uses it a 
> lot, but doesn't define it.

its starts with [>#] in the while() (and exit match); then refines it to be
a match the entire prompt with regex atoms escaped in the
if(!defined($prompt)).  after that, it anchors the prompt match when
appropiate; /^$prompt/.

you should do similarly for this watchguard device.  I suspect that you can
just steal the ios.pm inloop() and modify the initial prompt matching.  It
could be kinkier, but it is a good starting point.

i think i;ve answered everything.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

[john heasley]

Fri, Jul 05, 2019 at 07:16:35AM -0600, Kevin Morales:
> Thanks John!
> 
> The configuration finish in some case with:
> 
> !
> ZXR10-01#
> 
> $
> !
> ZXR10-02#
> 
> $
> !
> ZXR10-03#
> 
> and sorry, I don't have experience with programation..,

it would need to handle the check like exos.pm; by counting valid output.
Maybe try just using that module with a private device type like:

zte;script;rancid -t zte
zte;login;xlogin
zte;module;exos
zte;inloop;exos::inloop  
zte;command;exos::ShowVersion;show version
zte;command;exos::WriteTerm;show configuration

> Thanks!
> 
> On Wed, Jul 3, 2019 at 6:10 PM john heasley  wrote:
> 
> > Wed, Jul 03, 2019 at 02:53:14PM -0600, Kevin Morales:
> > > Yes, my Router is ZTE and I am using CISCO type, because the command is
> > the
> > > same to see the configuration..show running-config
> >
> > I have no idea what ZTE is; does it behave *exactly* the same as IOS?
> > It seems not.
> >
> > > > > > found end means that it found the end of the config; for type
> > cisco,
> > > > > > that means "^end".
> >
> > Does it's config end with:
> >
> > "
> > end
> > "?
> >
> > > > > > clean run means that it found the cli logout; for type cisco, that
> > > > > > means "prompt[>#] exit$"
> >
> > in your .raw file, does the last prompt where clogin exited the cli, match
> > the regex
> >
> > "prompt[>#] exit$"
> > ?
> >
> > clearly these sanity checks are not working with your ZTE device.  You
> > need to figure-out why and correct it, likely by creating your own
> > rancid module for ZTE with a customized inloop() function.  you can
> > probably use the parsing functions from the ios module, like the
> > 'ciscoshtech' example that comes with rancid uses 2 modules.
> >
> > > On Wed, Jul 3, 2019 at 2:52 PM Piegorsch, Weylin William 
> > > wrote:
> > >
> > > > Hi Kevin,
> > > >
> > > > I think you said this is a ZTE device, but that you’re using -t cisco.
> > is
> > > > ZTE a cisco device?
> > > >
> > > > weylin
> > > >
> > > >
> > > >
> > > > *From: *Kevin Morales 
> > > > *Date: *Wednesday, July 3, 2019 at 3:18 PM
> > > > *To: *john heasley 
> > > > *Cc: *Weylin Piegorsch , Nick Nauwelaerts <
> > > > nick.nauwelae...@aquafin.be>, "rancid-discuss@shrubbery.net" <
> > > > rancid-discuss@shrubbery.net>
> > > > *Subject: *Re: [rancid] Unable to figure out "end of run not found"
> > > >
> > > >
> > > >
> > > > I am sorry, I dont get you, What do you want I do?
> > > >
> > > >
> > > >
> > > > on my Rancid Server I execute:
> > > >
> > > > [rancid@localhost bin]$ NOPIPE=yes ./rancid -d -t  cisco 172.17.1.6
> > > >
> > > >
> > > >
> > > > On Wed, Jul 3, 2019 at 12:43 PM john heasley 
> > wrote:
> > > >
> > > > Wed, Jul 03, 2019 at 11:33:08AM -0600, Kevin Morales:
> > > > > Thanks Piegorsh,
> > > > >
> > > > > I did it..
> > > > >
> > > > > NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> > > > >
> > > > > but in the two file 172.17.1.6.new and 172.17.1.6.raw don't see
> > anything
> > > > > about this error. both show the correct command output.
> > > >
> > > > correct command output and matching the criteria that i described below
> > > > for type cisco are not necessarily the same thing.  read it again.
> > > >
> > > > > On Wed, Jul 3, 2019 at 11:29 AM Piegorsch, Weylin William <
> > wey...@bu.edu
> > > > >
> > > > > wrote:
> > > > > > > *172.17.1.6 <http://172.17.1.6>: End of run not found*
> > > > > > > 172.17.1.6: clean_run is false
> > > > > > > 172.17.1.6: found_end is false
> > > > > > > !
> > > > > >
> > > > > > found end means that it found the end of the config; for type
> > cisco,
> > > > > > that means "^end".
> > > > > >
> > > > > > clean run means that it found the cli logout; for type cisco, that
> > > > > > means "prompt[>#] exit$"
> >
> 
> 
> -- 
> *Kevin Morales*

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[john heasley]

Thu, Jul 04, 2019 at 08:23:51AM +, STUART WALTON:
> Hi
> 
> Has anyone used a backup from Rancid to restore a Palo Alto Firewall?
> 
> If so how have you done it?  (I have the backup but it does not appear to be 
> in the correct format)
> 
> I have searched the discussion but cannot seem to find the answer. Any help 
> would be appreciated.

I do not know much of anything about PAN devices.  However, be aware that,
depending upon your rancid configuration, passwords may be removed.  Also,
see the FAQ S1 Q5 for another caveat that may apply to PAN.

Also, include the error you received when attempting to load the config.
It might provide clue to someone with more experience with PAN.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

[john heasley]

Wed, Jul 03, 2019 at 02:53:14PM -0600, Kevin Morales:
> Yes, my Router is ZTE and I am using CISCO type, because the command is the
> same to see the configuration..show running-config

I have no idea what ZTE is; does it behave *exactly* the same as IOS?
It seems not.

> > > > found end means that it found the end of the config; for type cisco,
> > > > that means "^end".

Does it's config end with:

"
end
"?

> > > > clean run means that it found the cli logout; for type cisco, that
> > > > means "prompt[>#] exit$"

in your .raw file, does the last prompt where clogin exited the cli, match
the regex

"prompt[>#] exit$"
?

clearly these sanity checks are not working with your ZTE device.  You
need to figure-out why and correct it, likely by creating your own
rancid module for ZTE with a customized inloop() function.  you can
probably use the parsing functions from the ios module, like the
'ciscoshtech' example that comes with rancid uses 2 modules.

> On Wed, Jul 3, 2019 at 2:52 PM Piegorsch, Weylin William 
> wrote:
> 
> > Hi Kevin,
> >
> > I think you said this is a ZTE device, but that you’re using -t cisco. is
> > ZTE a cisco device?
> >
> > weylin
> >
> >
> >
> > *From: *Kevin Morales 
> > *Date: *Wednesday, July 3, 2019 at 3:18 PM
> > *To: *john heasley 
> > *Cc: *Weylin Piegorsch , Nick Nauwelaerts <
> > nick.nauwelae...@aquafin.be>, "rancid-discuss@shrubbery.net" <
> > rancid-discuss@shrubbery.net>
> > *Subject: *Re: [rancid] Unable to figure out "end of run not found"
> >
> >
> >
> > I am sorry, I dont get you, What do you want I do?
> >
> >
> >
> > on my Rancid Server I execute:
> >
> > [rancid@localhost bin]$ NOPIPE=yes ./rancid -d -t  cisco 172.17.1.6
> >
> >
> >
> > On Wed, Jul 3, 2019 at 12:43 PM john heasley  wrote:
> >
> > Wed, Jul 03, 2019 at 11:33:08AM -0600, Kevin Morales:
> > > Thanks Piegorsh,
> > >
> > > I did it..
> > >
> > > NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> > >
> > > but in the two file 172.17.1.6.new and 172.17.1.6.raw don't see anything
> > > about this error. both show the correct command output.
> >
> > correct command output and matching the criteria that i described below
> > for type cisco are not necessarily the same thing.  read it again.
> >
> > > On Wed, Jul 3, 2019 at 11:29 AM Piegorsch, Weylin William  > >
> > > wrote:
> > > > > *172.17.1.6 <http://172.17.1.6>: End of run not found*
> > > > > 172.17.1.6: clean_run is false
> > > > > 172.17.1.6: found_end is false
> > > > > !
> > > >
> > > > found end means that it found the end of the config; for type cisco,
> > > > that means "^end".
> > > >
> > > > clean run means that it found the cli logout; for type cisco, that
> > > > means "prompt[>#] exit$"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

[john heasley]

Wed, Jul 03, 2019 at 11:33:08AM -0600, Kevin Morales:
> Thanks Piegorsh,
> 
> I did it..
> 
> NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> 
> but in the two file 172.17.1.6.new and 172.17.1.6.raw don't see anything
> about this error. both show the correct command output.

correct command output and matching the criteria that i described below
for type cisco are not necessarily the same thing.  read it again.

> On Wed, Jul 3, 2019 at 11:29 AM Piegorsch, Weylin William 
> wrote:
> > > *172.17.1.6 : End of run not found*
> > > 172.17.1.6: clean_run is false
> > > 172.17.1.6: found_end is false
> > > !
> >
> > found end means that it found the end of the config; for type cisco,
> > that means "^end".
> >
> > clean run means that it found the cli logout; for type cisco, that
> > means "prompt[>#] exit$"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Watchguard xml file

['john heasley']

Wed, Jul 03, 2019 at 04:18:25PM +, Wayne Eisenberg:
> If I run the export command manually, it just dumps the whole thing to the 
> screen without any breaks or requests to 'hit space to continue' or things 
> like that, so I don't *think* it's a page length type setting?
> 
> Actually, I just did another review and I'm thinking that it has something to 
> do with the prompt definition. Just so we're looking at the same thing, the 
> files are here: https://github.com/hillscott/rancid-watchguard. Forked from 
> https://bitbucket.org/aquerubin/rancid-vyatta. 
> 
> In the xtmlogin file, it sets the prompt (line 436) to something I don't see. 
> In this original state, xtmlogin never recognized it finished the login. When 
> I changed that line to
> set prompt ">>|#"
> then xtmlogin completes successfully. (The prompt for this watchguard 
> firewall is "WG#")
> 

> However, in the xtm.pm module, line 102 defines it again. 

i'm not familiar with this device, but redefining (or refining) the
prompt is normal.  the filter functions and login scripts begin with
something loose, and once it sees the prompt, it can be refined to be
more precise, and may later further refine it (eg: in run_commands) to
match the prompt when/if it changes in config or other modes that are
platform dependent.

> ---
> while (/\s*($cmds_regexp)\s*$/) {
>   $cmd = $1;
>   $prompt = ">>";
    this is probably a mistake; should be part of
the while() regex.  I suspect it might be here because the author could
not make the regex below match correctly.

>   if (!defined($prompt)) {
>   $prompt = ($_ =~ /^([^>]+>)/)[0];
>   $prompt =~ s/([][}{)(\\])/\\$1/g;
>   print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
>   }
>   print STDERR ("HIT COMMAND:$_") if ($debug);
>   if (! defined($commands{$cmd})) {
>   print STDERR "$host: found unexpected command - \"$cmd\"\n";
>   $clean_run = 0;
>   last TOP;
>   }
>   $rval = &{$commands{$cmd}}($INPUT, $OUTPUT, $cmd);
>   delete($commands{$cmd});
>   if ($rval == -1) {
>   $clean_run = 0;
>   last TOP;
>   }
>   }
> ---
> Once you get to the sub ShowConfiguration section, on line 199 if it sees the 
> prompt, end. Guess what? The "#" character is inside the config (there is 
> some html code in one of the xml sections) and that is where the config ends.

seems that the prompt is ">>".

> ---
> sub ShowConfiguration {
> my($INPUT, $OUTPUT, $cmd) = @_;
> my($lines) = 0;
> my($snmp) = 0;
> print STDERR "In ShowConfiguration: $_" if ($debug);
> # We don't care about password filtering as passwords are hashed
> # So don't use this if you need it (or develop the functionality).
> if ($filter_pwds >= 1){
> print STDERR "WARNING: Password filtering isn't implemented yet!\n";
> print STDERR "Either disable password filtering in rancid.conf";
> print STDERR " or don't use this plugin.\n";
> }
> s/^[a-z]+@//;
> ProcessHistory("","","","# $_");
> while (<$INPUT>) {
>   tr/\015//d;
>   next if (/^\s*$/);
>   # end of config - hopefully.
>   # end-of-config tag.  appears to end with "\nPROMPT:~$".
>   if (/$prompt/) {
>   $found_end++;
>   last;
>   }
> ---
> 
> So I'm thinking if I can figure out a different way to define the prompt to 
> be more than just the # sign (at least in the xtm.pm), that should do the 
> trick? Can you do something like $prompt = "#$" ?

its better to anchor it and have it be as complete as reasonable.  eg:
not #
not hostname#
but ^hostname#

look at ios.pm.
.
> Wayne
> 
> 
> 
> -Original Message-
> From: john heasley  
> Sent: Tuesday, July 02, 2019 7:48 PM
> To: Wayne Eisenberg 
> Cc: 'rancid-discuss@shrubbery.net' 
> Subject: Re: [rancid] Watchguard xml file
> 
> Sat, Jun 29, 2019 at 11:46:23AM +, Wayne Eisenberg:
> > Hi,
> > 
> > OK, so I can get into the firewall and pull the config with "export config 
> > to console". However, the config file is a very large xml file, this one is 
> > about 2MB in size. However, it seems like it only recorded the first 388KB 
> > of data. Is there a size limit on what rancid can process, or maybe there 
> > was a character in the xml that rancid didn't like and it just aborted 
> > processing it? How would I go about troubleshooting this?
> > 
> 
> there is no such limit.  I would suspect a PAGER is involved, causing the 
> output to cease.
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

[john heasley]

Wed, Jul 03, 2019 at 07:48:09AM -0600, Kevin Morales:
> Hello!,
> 
> How I can fix the problem when I run rancid for ZTE Router?. I get this
> error: *End of run not found*
> 
> the two file 172.17.1.6.new and 172.17.1.6.raw don't show any error!.
> 
> NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> 
> loadtype: device type cisco
> loadtype: found device type cisco in /usr/local/rancid/etc/rancid.types.base
> executing clogin -t 90 -c"show version;show install active;show vlan;show
> running-config" 172.17.1.6
> PROMPT MATCH: RT-ZTE#
> HIT COMMAND: RT-ZTE  #show version
> In ShowVersion:  RT-ZTE  #show version
> HIT COMMAND: RT-ZTE  #show install active
> In ShowInstallActive:  RT-ZTE  #show install active
> HIT COMMAND: RT-ZTE  #show vlan
> In ShowVLAN:  RT-ZTE  #show vlan
> HIT COMMAND: RT-ZTE  #show running-config
> In WriteTerm:  RT-ZTE  #show running-config
> *172.17.1.6 : End of run not found*
> 172.17.1.6: clean_run is false
> 172.17.1.6: found_end is false
> !

found end means that it found the end of the config; for type cisco,
that means "^end".

clean run means that it found the cli logout; for type cisco, that
means "prompt[>#] exit$"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Watchguard xml file

[john heasley]

Sat, Jun 29, 2019 at 11:46:23AM +, Wayne Eisenberg:
> Hi,
> 
> OK, so I can get into the firewall and pull the config with "export config to 
> console". However, the config file is a very large xml file, this one is 
> about 2MB in size. However, it seems like it only recorded the first 388KB of 
> data. Is there a size limit on what rancid can process, or maybe there was a 
> character in the xml that rancid didn't like and it just aborted processing 
> it? How would I go about troubleshooting this?
> 

there is no such limit.  I would suspect a PAGER is involved, causing the
output to cease.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Notifications on Errors

[john heasley]

Wed, Jun 19, 2019 at 12:03:42PM +0100, Craig Hopkins:
> Each one has a specific role. They don't duplicate.

It is not the errors themselves that are sent to the admin list.  it
sends notification about devices added/removed (which is duplicated
to the diff list in diff form of router.db) and when the age of a
device's collection exceed rancid.conf(5):OLDTIME time.  Off the top,
that is all that goes to admin.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid running numerous times for each group? Getting ~40 config fetcher email alerts for same group in a night

[john heasley]

Fri, May 24, 2019 at 04:17:09PM +, Ni Ne:
> Running ranicd 3.8 on CentOS 6.10, using git as the repo type.
> 
> It appears rancid is running numerous times against the same group in a given 
> night - at least if config fetches fail.
> 
> For instance, I have one group with some problematic devices, and I got 39 
> "config fetcher" emails for that same group. Looking at logs, it appears 
> rancid is parsing every group approximately the same number of times.
> 
> There is only one cronjob that kicks off rancid on the entire system:
> 
> * 0 * * * /usr/local/rancid/bin/rancid-run

man 5 crontab

min hr dom mon dow cmd

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Entries disappear and re appear.

[heasley]

Fri, Apr 12, 2019 at 08:35:07AM -0700, Troy Beisigl:
> Thanks. We are seeing it happen randomly across 17 RB3011UiAS-RM. It only 
> happens every day or 2 and only happens to 1 or 2 units each time. The 
> version of Rancid we are running was a fresh install on a new machine about 
> 30 days ago, so wondering if it is something not setup correctly or if it is 
> a bug with the plugins. 
> 
> Best,
> 
> -Troy

Discussing this with another user (who can reveal themselves if they wish)
that had experienced this, it was discovered their devices suffer from memory
shortages.  When malloc failures occur, parts of the configuration may
disappear and reappear.  Furthermore, it seems that there is no error or
indication that the missing configuration was due to such a failure vs. a
real configuration change, and therefore no way for rancid to recognize it.

Can you check if you are having malloc failures?

> > On Apr 12, 2019, at 1:39 AM, Alex DEKKER  wrote:
> > 
> > On 11/04/2019 19:54, heasley wrote:
> >> Thu, Apr 11, 2019 at 09:51:20AM -0700, Emille Blanc:
> >>> 
> >>> Overall, our experience with Mikrotiks have been pretty poor.
> >>> They frequently drop their entire config from the output, or selectively 
> >>> random blocks of config (Interfaces, GPS, firmware and version stats), 
> >>> but we just summed that up as another of Mikrotik's long line of humble 
> >>> quirks.
> >>> 
> > I've never had any problems of this nature with Mikrotik devices, although 
> > I only have about 5 of them on RANCID.
> > 
> >> while i've heard similar comments and have none of these boxes myself, its
> >> possible that there is a problem with the rancid mikrotik support.  if
> >> someone wants to give me remote access to one, i can verify/improve the
> >> rancid support for it.
> > 
> > You can spin up a virtual one for free. It will be limited to 1Mbps but 
> > that is adequate for testing the RANCID module, I'm sure.
> > 
> > https://wiki.mikrotik.com/wiki/Manual:CHR
> > 
> > alexd
> > 
> > ___
> > Rancid-discuss mailing list
> > Rancid-discuss@shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Entries disappear and re appear.

[heasley]

Thu, Apr 11, 2019 at 09:51:20AM -0700, Emille Blanc:
> > For the Mikrotik, it shows that the console port name changed to nothing 
> > and then the next time shows that it came back as serial0.
> 
> Overall, our experience with Mikrotiks have been pretty poor.
> They frequently drop their entire config from the output, or selectively 
> random blocks of config (Interfaces, GPS, firmware and version stats), but we 
> just summed that up as another of Mikrotik's long line of humble quirks.
> 

while i've heard similar comments and have none of these boxes myself, its
possible that there is a problem with the rancid mikrotik support.  if
someone wants to give me remote access to one, i can verify/improve the
rancid support for it.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid - Changing Config Backup Directory

[heasley]

Thu, Apr 11, 2019 at 01:16:43PM -0400, Doug Hughes:
> Any reason you don't just have a regular process that clones your
> version control repository? (whether it's svn or cvs or git, it makes no
> difference, per se)
> 
> Once you set it up, you just automate the synchronization process.

only "clone"ing in git retains your history (ie: is complete).  which is
why i suggested switching.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Entries disappear and re appear.

[heasley]

Thu, Apr 11, 2019 at 09:31:05AM -0700, Troy Beisigl:
> Hello everyone,
> 
> We have an issue whereby rancid is pulling configs and showing that an entry 
> has disappeared and then the next config check the entry is back. This is 
> happening on a Cisco ASA and also on a Mikrotik. 
> 
> For the Mikrotik, it shows that the console port name changed to nothing and 
> then the next time shows that it came back as serial0. The name is not 
> actually changing. 
> 
> For the ASA, the entry !BootFlash: BOOT variable = disk0:/asa917-19-k8.bin 
> will show in one config and the next time it shows !BootFlash: BOOT variable 
> = 
> 
> The boot variable is not actually changing, so I have to wonder if this is a 
> bug.
> 
> We are running rancid version 3.8.
> 
> Has anyone run into these issues and is there a fix for them?

the ASA is probably a bug in the ASA.  I've seen it on IOSXE.

no idea about the microtik; possibly rancid isnt able to disable the
pager and thats causing some problem?

I'd manually collect the raw output repeatedly in an attempt to catch it
occuring.  See FAQ S3Q2.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Fortigate updates Antivirus db IPS db hogging rancid

[heasley]

Fri, Mar 29, 2019 at 01:45:26PM +0200, Linux Threads:
> Hi Rancid Community,
> 
> I am backing up Fortigate devices with the new Debian Rancid ver. 3.9.1,
> 
> but the updates for antivirus IPS are hogging rancid, I have commented out
> "get system status" as below however I am still getting system statuses
> 
> help would be apprenticed greatly
> 
> extract /etc/rancid/rancid.types.base
> 
> #
> fortigate-full;script;rancid -t fortigate
> fortigate-full;login;fnlogin
> fortigate-full;timeout;90
> fortigate-full;module;fortigate
> fortigate-full;inloop;fortigate::inloop
> #fortigate-full;command;fortigate::GetSystem;get system status
> fortigate-full;command;fortigate::GetConf;show full-configuration
> 
> eg: output in rancid update
> 
> retrieving revision 1.176
> diff -u -4 -r1.176 fortigate-fw
> @@ -1,9 +1,9 @@
>   #RANCID-CONTENT-TYPE: fortigate
>   #
>   #Version: FortiGate-100E v6.0.3,build0200,181009 (GA)
> - #Virus-DB: 67.00399(2019-03-29 23:15)
> - #Extended DB: 67.00399(2019-03-29 23:15)
> + #Virus-DB: 67.00401(2019-03-29 01:15)
> + #Extended DB: 67.00401(2019-03-29 01:15)

these will be filtered with rancid.conf:FILTER_OSC=ALL

>   #IPS-DB: 14.00582(2019-03-28 00:00)
>   #IPS-ETDB: 0.0(2001-01-01 00:00)
>   #APP-DB: 14.00582(2019-03-28 00:00)
>   #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
> 
> Regards
> 
> Juan

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] netscreen login script (nlogin)

[heasley]

A user is having trouble collecting a netscreen box from a centos7 host.
We've discovered that the following change fixes the problem, but the
cause is unclear.  So, I'm reluctant to commit this with knowing that it
does not break collection for some sample of users.

Could other netscreen owners try this patchi, please?

Index: bin/nlogin.in
===
--- bin/nlogin.in   (revision 3966)
+++ bin/nlogin.in   (working copy)
@@ -543,6 +543,15 @@
 source_password_file $password_file
 set in_proc 0
 set exitval 0
+# if we have dont have a tty, we need some additional terminal settings
+if [catch {open /dev/tty w} ttyid] {
+# no tty, ie: cron
+set spawnopts "-nottycopy"
+set stty_init "raw -echo cols 132"
+} else {
+set stty_init "raw -echo"
+catch {close ttyid} reason
+}
 foreach router [lrange $argv $i end] {
 set router [string tolower $router]
 send_user -- "$router\n"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] [PATCH] Nortel/Avaya BayStack/ERS support

[heasley]

Thu, Feb 21, 2019 at 06:53:07PM +, Anderson, Charles R:
> The attached files add support for Bay Networks/Nortel/Avaya BayStack/BPS/ERS 
> switches.  I based these changes on ones we've been running in production for 
> over a decade and I've tested this extensively on models BPS 2000, 470, and 
> ERS 25xx/45xx/55xx/56xx.
> 
> Initially I copied clogin to bslogin, but I've attached a diff from the 
> original clogin because I believe it should be safe to apply to the original 
> and eliminate the need for a separate login script.  I rearranged a few 
> conditionals related to Extreme support to make the logic easier for the 
> BayStack and other future differences.  
> 
> It was a PITA to get past the BayStack login banner, but I finally found a 
> workable solution that should hopefully not interfere with other device types 
> and should support BayStacks that have the stock banner, a custom banner, or 
> the banner turned off.  The only potential concern for impact to non-BayStack 
> devices is the matching on "##+" used to skip past the banner to avoid it 
> being interpreted as a "#" prompt character.  I'm now running this in 
> production as my "clogin" and so far there have been no impacts to Aruba 
> devices, the only other devices I have that use clogin.

Has, or can, anyone test this module to verify that it works well?  I have
none of these devices to test.

> rancid.types.conf entry:
> 
> # Nortel BayStack
> baystack;script;rancid -t baystack
> baystack;login;clogin
> baystack;module;baystack
> baystack;inloop;baystack::inloop
> baystack;command;baystack::ShowSysInfo;show sys-info
> baystack;command;baystack::ShowSysInfo;show stack-info
> baystack;command;baystack::ShowSysInfo;show system verbose
> baystack;command;baystack::ShowSysInfo;show interfaces gbic-info
> baystack;command;baystack::ShowConfig;show running-config

> --- /usr/libexec/rancid/clogin2019-02-06 02:03:27.0 -0500
> +++ /usr/local/libexec/rancid/bslogin 2019-02-20 15:40:04.747945375 -0500
> @@ -1,7 +1,5 @@
>  #! /usr/bin/expect --
>  ##
> -## $Id: clogin.in 3943 2019-01-18 16:18:34Z heas $
> -##
>  ## rancid 3.9
>  ## Copyright (c) 1997-2018 by Henry Kilmer and John Heasley
>  ## All rights reserved.
> @@ -46,7 +44,8 @@
>  #  The original looking glass software was written by Ed Kern, provided by
>  #  permission and modified beyond recognition.
>  #
> -# clogin - Cisco login
> +# bslogin - Bay Networks/Nortel/Avaya BayStack/BPS/ERS login script
> +#Supports models BPS 2000, 470, ERS 25xx/45xx/55xx/56xx.
>  #
>  # Most options are intuitive for logging into a Cisco router.
>  # The default is to enable (thus -noenable).  Some folks have
> @@ -646,6 +645,23 @@
>   -re "Press the  key \[^\r\n]+\[\r\n]+" {
> exp_continue
>   }
> + -re "##+"   {
> +   # BayStacks have a default banner that spells 
> out NORTEL or AVAYA in huge
> +   # letters made from ## that look like prompt 
> characters, so we need to skip
> +   # over them.
> +   exp_continue
> + }
> + -re "Enter Ctrl-Y to begin" {
> +   # After the default or custom banner, 
> BayStacks prompt for Ctrl-Y and
> +   # then display a static banner with model and 
> version info surrounded
> +   # by an asterisk border.  Discard the top and 
> bottom of the border and
> +   # send a Ctrl-Y and remember that this is a 
> baystack for logout procedure.
> +   set platform "baystack"
> +   expect -ex 
> "***" {}
> +   expect -ex 
> "***" {}
> +   send "\031"
> +   exp_continue
> +   }
>   -re "@\[^\r\n]+ $p_prompt"  {
> # ssh pwd prompt
> sleep 1
> @@ -803,10 +819,16 @@
>   return 0
>  }
>  
> -if { [string compare "extreme" "$platform"] } {
> - send -h "exit\r"
> -} else {
> +if { ![string compare "extreme" "$platform"] } {
>   send -h "quit\r"
> +} elseif { ![string compare "baystack"

Re: [rancid] issues with mail and aliases

[heasley]

Wed, Mar 20, 2019 at 08:58:36AM -0500, N. Max Pierson:
> Thanks for the replies. On all occasions, I have edited the /etc/aliases
> file and ran the newaliases command without any success.

- test mail to the alias manually
- make sure that you have the correct aliases file
- ask the postfix support mail list/forum

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] issues with mail and aliases

[heasley]

Wed, Mar 20, 2019 at 08:37:16AM -0500, N. Max Pierson:
> Hi List,
> 
> I have a new install on Centos 7 (supplied rpm rancid 3.2) and I am having
> issues with the regular emails that go out when rancid is run. I have
> installed sendmail and couldn't get it to work nor is postfix working. When
> I tail the maillog it shows the messages going to rancid-@
> mydomain.com and it seems as though the aliases that I have entered isn't
> being resolved. I'm ignorant when it comes to email so can anyone point me
> in the right direction that has seen this before?

newaliases(8).  use postfix.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme 200-series switches

[heasley]

Fri, Mar 01, 2019 at 06:29:23PM +0800, James Andrewartha:
> Hi,
> 
> These switches are Broadcom FASTPATH based, like Ubiquiti EdgeMAX
> switches, however using the edgemax config doesn't quite work. One thing
> is you need to use quit instead of exit in clogin - it seems to be
> detected as an Extreme switch, but it's not really. If I change this
> code (line 841 of clogin r3943 from Debian stretch backports 3.9-1~bpo9+1)
> 
> if { [string compare "extreme" "$platform"] } {
> send -h "exit\r"
> } else {
> send -h "quit\r"
> }
> 
> to send -h "quit\r" then it quits ok, although it then doesn't detect
> end of run. I don't really understand the Extreme platform detection,
> particularly since ExtremeXOS uses xlogin anyway. Any thoughts on how to
> get this model to work?

I can't seem to find an example of the config, just commands.  it does
not seem to be like an edgemax, but i could be wrong.  Perhaps show us
the equivalent of show config and a login/logout sequence.  it seem to
have netconf support too.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] [SPAM?] Cisco NX "chatty" with Power info

[heasley]

Fri, Mar 08, 2019 at 07:06:45PM +, Nick Nauwelaerts:
> what version of rancid & nx-os are you running?

good question.

if the answer is 3.9, please show us the complete output of show environment 
power

> i notice you only have 1 column less as me, you seem to miss "actual output".
> 
> 
> // nick
> 
> 
> 
> 
> From: Rancid-discuss [mailto:rancid-discuss-boun...@shrubbery.net] On Behalf 
> Of FF
> Sent: Friday, March 8, 2019 18:05
> To: rancid-discuss@shrubbery.net
> Subject: [SPAM?] [rancid] Cisco NX "chatty" with Power info
> 
> 
> !Env: Power  ActualTotal
> 
>   !Env: SupplyModelInput  Capacity   Status
> 
>   !Env:(Watts ) (Watts )
> 
>   !Env: ---  --  ---  --  --  
> 
> 
> - !Env: 1N9K-PAC-1200W-B 180 W  1200 W  Ok
> 
> + !Env: 1N9K-PAC-1200W-B 182 W  1200 W  Ok
> 
>   !Env: 2N9K-PAC-1200W-B 162 W  1200 W  Ok
> 
>   !Env: Power Usage Summary:
> 
> Every time Rancid runs, we get erroneous reports because the power usage 
> fluctuates by 1-2 watts per run. Any suggestions on how to keep the good 
> information (availability, etc) without getting this level of detail?
> 
> thanks in advance!
> 
> 
> --
> FF
> 
> 
> 
> Volg Aquafin op Facebook | 
> Twitter | 
> YouTube 
> | LinkedIN | 
> Instagram
> 
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin 
> persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de 
> betrokkenen zijn, kan je nalezen in onze privacy 
> policy.
> 
>   P Denk aan het milieu. Druk deze mail niet onnodig af.

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Fortigate VDOMs

[heasley]

Sat, Mar 09, 2019 at 08:29:01AM +0200, Adriaan Le Roux:
> I am busy inter grating rancid to backup Huawei devices.
> 
> Please can anyone shed some light as to where the best scripts are for these 
> devices OLT”s and switches.

There is support in rancid already for Hauwei VRP.  afaict, when i was writing
the module, VRP is the name of the O/S on the S5720.  maybe your devices also
runs VRP.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] 3.99.99 and Nokia/Alcatel/Alu/SROS

[Heasley]

Am 06.02.2019 um 19:12 schrieb rancid :
> 
> We've a number of SAR-8 SAR-AX SAS-S devices which I'm wanting to
> collect configs of.  My test device is "TiMOS-B-10.0.R6 both/hops
> Nokia SAS-S 24T4SFP+ 7210 Copyright (c) 2000-2018 Nokia"
> 
> I've run into a few minor issues which I've worked around.
> - extra calls to turn off the paging in addition to "environment no more"

What do you mean by this? What is the spurce of extra commands?

> - A few commands that I apparently don't have permissions to run e.g.
> I can't run "admin display-config index" but can run "admin
> display-config"

Fix the permissions! /-)

> - a few commands that don't seem to be present on this hardware/software 
> version

Thats does not matter.  That should be ignored; if not i‘d like to know so that 
it can be fixed. 

> 
> I've configured a new base type "ttsros" to work around these issues
> but (and this is the biggie) I seem to be hitting an "End of run not
> found" error
> 
> e.g.
> 
> rancid@dev-test:/usr/local/rancid/bin$ export PATH=$PATH:/usr/local/rancid/bin
> rancid@dev-test:/usr/local/rancid/bin$ ./rancid -d -t ttsros
> OBFUSCATED.domain.net
> loadtype: device type ttsros
> loadtype: found device type ttsros in /usr/local/rancid/etc/rancid.types.conf
> executing noklogin -t 90 -c"show system information;file type
> bootlog.txt;show redundancy synchronization;show chassis;show chassis
> power-supply;show chassis power-management;show card state;show card
> detail;show debug;show bof;admin display-config" OBFUSCATED.domain.net
> PROMPT MATCH: [*]?A:OBFUSCATED#
> HIT COMMAND:*A:OBFUSCATED#  show system information
>In ShowSystemInfo: A:OBFUSCATED#  show system information
> HIT COMMAND:*A:OBFUSCATED# file type bootlog.txt
>In BootLog: A:OBFUSCATED# file type bootlog.txt
> HIT COMMAND:*A:OBFUSCATED# show redundancy synchronization
>In ShowRedundancy: A:OBFUSCATED# show redundancy synchronization
> HIT COMMAND:*A:OBFUSCATED# show chassis
>In ShowChassis: A:OBFUSCATED# show chassis
> OBFUSCATED.domain.net: missed cmd(s): show chassis power-supply, show
> chassis power-management, show card state, show card detail, show
> debug, show bof
> OBFUSCATED.domain.net: End of run not found
> OBFUSCATED.domain.net: clean_run is false
> OBFUSCATED.domain.net: found_end is false
> # A:OBFUSCATED# show chassis
> 
> Questions:
> 
> Should I be using 3.99.99?

Shrug. 3.9 would be better

> Should it work on this device?

Afaik, yes.  Nokiafolks helped test on various timos devices, though i do not 
know if they tested your particular device. 

> Should it work on the other devices?

Yes, i expect all sros devices and srosmd. My nokia experience is limited 
though. 

> 
> Any suggestions on how to further debug this issue if the answers to
> the above are yes ?

The log looks weird; show chassis both found and missing.  Id ask that you use 
the sros type for testing, so i dont have to debug what youve changed

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Alcatel script, not parsing the commands and/or output well (/partially)

[heasley]

Thu, Jan 17, 2019 at 06:44:03PM +, heasley:
> Thu, Jan 17, 2019 at 08:07:02AM +0100, Remko Lodder:
> > Hi,
> > 
> > I also have “3.99.99” on the system to compare the output. The regular 
> > version on the system is 3.6 it seems.
> > But, the noklogin works after modifying the u_prompt and p_prompt. When 
> > running rancid -d -t sros 
> > it wants to execute commands that are not available at all on the Alcatel.
> > 
> > The ones that I use from Burgalio’s :
> > 
> > {'show chassis' => 'ShowChassis'},
> > {'show system'  => 'ShowSystem'},
> > {'show module'  => 'ShowModule'},
> > {'show stack topology'  => 'ShowStackTopolgy'},
> > {'show lanpower 1'  => 'ShowLanPower'},
> > {'show lanpower 2'  => 'ShowLanPower'},
> > {'show user'=> 'ShowUser'},
> > {'ls'   => 'GenericParse'},
> > {'ls certified/'=> 'GenericParse'},
> > {'ls working/'  => 'GenericParse'},
> > {'ls switch/'   => 'GenericParse'},
> > {'ls network/'  => 'GenericParse'},
> > {'show vlan'=> 'ShowVLAN'},
> > {'show interfaces status'   => 'ShowInterfaces'},
> > {'show running' => 'ShowConf'},
> > {'show configuration snapshot'  => 'ShowConf’},
> > 
> > which does not match:
> > 
> > xecuting noklogin -t 90 -c"show system information;file type 
> > bootlog.txt;show redundancy synchronization;show chassis;show chassis 
> > environment;show chassis power-supply;show chassis power-management;show 
> > card state;show card detail;show debug;show bof;admin display-config 
> > index;admin display-config” 
> > 
> > Do note that it seems that the SROS is on a very different architecture 
> > based then what my Omniswitches use. So it seems incompatible to start 
> > with, where the alu* scripts might not entirely work with every command on 
> > the OS6000 that I have, but most of them are accepted in older (legacy) 
> > components but also on the newer
> > versions.
> 
> testing & dev was done with 7750.  I will enquire with my nokia contact
> about the omniswitch.

I'm told that these are totally separate from the Nokia systems I know and
will never converge.  so, they should be handled separately, but I have
none to poke for debugging/testing.

> > Thanks
> > Remko
> > 
> > > On 16 Jan 2019, at 18:39, heasley  wrote:
> > > 
> > > Wed, Jan 16, 2019 at 12:02:14PM +0100, Remko Lodder:
> > >> Hi all,
> > >> 
> > >> First of all, thank you for Rancid, it’s a great tool to monitor 
> > >> configuration changes and pushing back changes.
> > >> 
> > >> Having Said that;
> > >> 
> > >> I fetched some alcatel switches which I modified a little to work on 
> > >> various types . These changes are trivial
> > >> changes from upstream so no real changes there actually.
> > >> 
> > >> It seems that most switches work just fine, but that one particular 
> > >> switch is not able to keep up  with the
> > >> requests. It seems that this specific switch misses commands (like ls 
> > >> and show interface status).
> > >> If I look back in the raw output it appears to miss characters:
> > >> 
> > >> # how interfaces status
> > >>  ^
> > >> ERROR: Invalid entry: “how”

I suspect that the login script it out of sync (ahead of) the cli.  possibly
due to incorrectly matching a rogue prompt in some output or banner.

> > >> The same goes for ls, where ’s' is the command being send. Or for exit 
> > >> at the end which is send as “xit”.
> > >> 
> > >> The scripts are from: https://github.com/buraglio/alurancid (Thanks 
> > >> buraglio) and apart from one switch work
> > >> fine it seems.
> > >>
> > >> Switching from SSH to Telnet does not make a difference.
> > >> Does someone have an suggestion on where to look?
> > > 
> > > can you try the sros support that is in rancid 3.8 or the current alpha?
> > 
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Ciena waveserver

[heasley]

Sun, Jan 27, 2019 at 06:03:29PM -0800, Azher:
> Hi ,
> 
> I am using tacacs for authentication and the priompt I am getting
> based on certain access level is "$"
> 
> Welcome to the Waveserver OS CLI!
> mcc-ws1$ file ls
> ^C[rancid@rancid ~]$
> 
> However it does not take any command and Ctrl C is the only way to quit.
> 
> I have used both clogin and hlogin but same result. Changing the
> access level to get the # prompt works fine.
> 
> Any thoughts ?

I cant confirm that you will not find other problems by changing the
access level, but for testing purposes, set prompt in your cloginrc.
see cloginrc(5).

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Upgrading rancid

[heasley]

Wed, Jan 30, 2019 at 08:32:25PM +, Pedrosi, Derek G.:
> Is there an accepted method for updating RANCID?
> I'm running Ubuntu 16.04 (with SVN), and I believe it only supports 3.3, 
> which I am running.
> 
> Is it best just to install a fresh 19.04 Ubuntu and copy the old repos over 
> the new server?
> If so, how is that best accomplished (I really have no clue)?
> 
> Or do an in-place upgrade of 16.04 to 19.04?

I presume any of the above would work.  backup your rancid.conf before
upgrading.

One could also use the source tarball; just use the same configure options
that ubuntu uses (I do not know what those are, but it is not the defaults)
and install over-top of the existing installation.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Arista Power supply timestamps

[heasley]

Wed, Jan 23, 2019 at 02:25:22PM +, Pedrosi, Derek G.:
> Hello,
> 
> I am backing up Arista devices using RANCID and works great, version
> 3.7. Is there a way to ignore the following timestamped lines for
> power supplies ?
> 
> - !Power Supply 1: PWR-460AC-R Ok 122 days, 21:25:53
> 
> + !Power Supply 1: PW-460AC-R  Ok 123 days, 21:25:51
> 
> There was a reply to this in Sept 2018, but the OP never followed up.
> 
> 
> heasly guessed it was the "sho env all" command and asked to see the output 
> of it...
> 
> Here is the pertinent part...
> 
> PowerInput  Output  Output
> Supply Model   Capacity Current Current  Power Status   Uptime
> -- ---  --- --- -- -- 
> 1  PWR-460AC-R 460W   0.00A   0.00A   91.0W Ok 124 days, 
> 21:06:11
> 2  PWR-460AC-R 460W   0.50A   7.75A  91.0W Ok 124 days, 
> 21:06:11
> Total  --  460W  --  --  91.0W --   --

i believe this was fixed in 3.8 when the format changed.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] mtrancid +- connection closed? Conf Diff

[heasley]

Wed, Jan 16, 2019 at 01:04:35PM -0800, Jason Wu:
> Thank you for your response
> 
> Yup, these routers are running on version 6.38.7 along side with routers
> that do not have this issue.
> There does not seem to be any regularity/pattern to this. As the dates are
> rather staggered apart. Some days it'll be continuous for a week other
> times it'll be a week before re-appearing.
> 
> I am unable to reproduce it running mtrancid at the shell.(No email for a
> configuration diff). Going through the different SVN diffs gives me
> 
> -Connection to  closed
> 
> +Connection to  closed
> 
> thanks for your time

Could you show me more context around this line from the file in the
configs/ directory?

How kinky are you willing to be to collect debug info?  If NOPIPE=YES is
set in rancid.conf and -d is added to the script line in rancid.types.base,
then .raw files will be left behind and the rancid-run cron can be altered
to collect those files, like so:

 ; ; D=`date +\%Y-\%m-\%d:\%H`; mkdir -p tmp/$D && cp 
-p /configs/*.raw tmp/$D

and when you next discover the change, we look at the input in detail.

> On Wed, Jan 16, 2019 at 9:51 AM heasley  wrote:
> 
> > Tue, Jan 15, 2019 at 03:06:31PM -0800, Jason Wu:
> > > Hello friends,
> > >
> > > Just have a question regarding mtrancid
> > > For some reason I have been getting router config diffs emails which
> > > contain only +- connection close, which doesn't reflect a config change
> > and
> > > is strange.
> > >
> > > This only occurs on 1-2 devices
> > >
> > > Rancid 3.6.1
> > > =
> > > Sample
> > >
> > > Revision 100
> > > - Connection to  closed.
> > >
> > > =
> > >
> > > Revision 98
> > >
> > > + Connection to  closed.
> > >
> > >
> > > =
> > >
> > > Mtrancid consists of
> > > systempackageprintdetail
> > > systemrouterboardprint
> > > export
> > >
> > > It seems that mtrancid is picking up the SSH session close
> > > Logs do not show any errors which means its reaching the end of run and
> > has
> > > a clean exit right?
> >
> > yes.
> >
> > are these running the same versoin as the routers that are not exibiting
> > the error?  does it occur with any regularity?  can you reproduce it
> > running mtrancid at the shell?
> >
> > > I am able to run all these commands with no problem and rancid-run gives
> > me
> > > no errors/hiccups.
> > > Execution is smooth and does not have any delays (<1minute)
> > >
> > > If there was a problem, the end-of-run detection would pick it up?
> > >
> > > Just going through the script and I can’t seem to identify where/why this
> > > would get picked up.
> > > I was wondering if anyone else has experienced this before. I could
> > always
> > > filter out the "connection closed" but I am curious why this is
> > happening.
> >
> >
> >

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Alcatel script, not parsing the commands and/or output well (/partially)

[heasley]

Thu, Jan 17, 2019 at 08:07:02AM +0100, Remko Lodder:
> Hi,
> 
> I also have “3.99.99” on the system to compare the output. The regular 
> version on the system is 3.6 it seems.
> But, the noklogin works after modifying the u_prompt and p_prompt. When 
> running rancid -d -t sros 
> it wants to execute commands that are not available at all on the Alcatel.
> 
> The ones that I use from Burgalio’s :
> 
> {'show chassis' => 'ShowChassis'},
> {'show system'  => 'ShowSystem'},
> {'show module'  => 'ShowModule'},
> {'show stack topology'  => 'ShowStackTopolgy'},
> {'show lanpower 1'  => 'ShowLanPower'},
> {'show lanpower 2'  => 'ShowLanPower'},
> {'show user'=> 'ShowUser'},
> {'ls'   => 'GenericParse'},
> {'ls certified/'=> 'GenericParse'},
> {'ls working/'  => 'GenericParse'},
> {'ls switch/'   => 'GenericParse'},
> {'ls network/'  => 'GenericParse'},
> {'show vlan'=> 'ShowVLAN'},
> {'show interfaces status'   => 'ShowInterfaces'},
> {'show running' => 'ShowConf'},
> {'show configuration snapshot'  => 'ShowConf’},
> 
> which does not match:
> 
> xecuting noklogin -t 90 -c"show system information;file type bootlog.txt;show 
> redundancy synchronization;show chassis;show chassis environment;show chassis 
> power-supply;show chassis power-management;show card state;show card 
> detail;show debug;show bof;admin display-config index;admin display-config” 
> 
> 
> Do note that it seems that the SROS is on a very different architecture based 
> then what my Omniswitches use. So it seems incompatible to start with, where 
> the alu* scripts might not entirely work with every command on the OS6000 
> that I have, but most of them are accepted in older (legacy) components but 
> also on the newer
> versions.

testing & dev was done with 7750.  I will enquire with my nokia contact
about the omniswitch.

> Thanks
> Remko
> 
> > On 16 Jan 2019, at 18:39, heasley  wrote:
> > 
> > Wed, Jan 16, 2019 at 12:02:14PM +0100, Remko Lodder:
> >> Hi all,
> >> 
> >> First of all, thank you for Rancid, it’s a great tool to monitor 
> >> configuration changes and pushing back changes.
> >> 
> >> Having Said that;
> >> 
> >> I fetched some alcatel switches which I modified a little to work on 
> >> various types . These changes are trivial
> >> changes from upstream so no real changes there actually.
> >> 
> >> It seems that most switches work just fine, but that one particular switch 
> >> is not able to keep up  with the
> >> requests. It seems that this specific switch misses commands (like ls and 
> >> show interface status).
> >> If I look back in the raw output it appears to miss characters:
> >> 
> >> # how interfaces status
> >>  ^
> >> ERROR: Invalid entry: “how”
> >> 
> >> The same goes for ls, where ’s' is the command being send. Or for exit at 
> >> the end which is send as “xit”.
> >> 
> >> The scripts are from: https://github.com/buraglio/alurancid (Thanks 
> >> buraglio) and apart from one switch work
> >> fine it seems.
> >> 
> >> Switching from SSH to Telnet does not make a difference.
> >> Does someone have an suggestion on where to look?
> > 
> > can you try the sros support that is in rancid 3.8 or the current alpha?
> 


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] mtrancid +- connection closed? Conf Diff

[heasley]

Tue, Jan 15, 2019 at 03:06:31PM -0800, Jason Wu:
> Hello friends,
> 
> Just have a question regarding mtrancid
> For some reason I have been getting router config diffs emails which
> contain only +- connection close, which doesn't reflect a config change and
> is strange.
> 
> This only occurs on 1-2 devices
> 
> Rancid 3.6.1
> =
> Sample
> 
> Revision 100
> - Connection to  closed.
> 
> =
> 
> Revision 98
> 
> + Connection to  closed.
> 
> 
> =
> 
> Mtrancid consists of
> systempackageprintdetail
> systemrouterboardprint
> export
> 
> It seems that mtrancid is picking up the SSH session close
> Logs do not show any errors which means its reaching the end of run and has
> a clean exit right?

yes.

are these running the same versoin as the routers that are not exibiting
the error?  does it occur with any regularity?  can you reproduce it
running mtrancid at the shell?

> I am able to run all these commands with no problem and rancid-run gives me
> no errors/hiccups.
> Execution is smooth and does not have any delays (<1minute)
> 
> If there was a problem, the end-of-run detection would pick it up?
> 
> Just going through the script and I can’t seem to identify where/why this
> would get picked up.
> I was wondering if anyone else has experienced this before. I could always
> filter out the "connection closed" but I am curious why this is happening.


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] HiveosRe: 3.9 release?

[heasley]

Wed, Jan 09, 2019 at 03:21:39AM +, Nick Nauwelaerts:
> understandable. it's been tested on several os revisions & hardware versions 
> (and for around 150days + on 2 servers), but since they are all managed by 
> the same hivemanager the configs aren't that diverse. also i'm quite sure not 
> all config options which contain passwords are handled atm, since not all 
> possible items are in use by us, but what we do use honors filter_pwds, 
> nocommstr & filter_osc.
> the login script has also been tested interactively, with password saving 
> option, with shell scripts & expect scripts. man pages etc. have also been 
> updated.

I did notice your thoroughness!  That did not pass unappreciated.

> finally, i've also added my email address in the source files, but the 
> mailing list will be the first target still i think. looking at the github 
> stats it's been downloaded around 25 times in the last 30 days, which is a 
> small sample base. let's hope a few more aerohive users test & give feedback 
> here.

let me poke the original thread.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] 3.9 release?

[heasley]

Tue, Jan 08, 2019 at 01:24:42PM -0800, Dan Mahoney (Gushi):
> Hey All,
> 
> In looking at the official source repo, I'm seeing a lot of 3.9 changes. 
> I'm currently on 3.7, since that's what FreeBSD packages.
> 
> I've poked the maintainer for an update to 3.8, but it would be helpful to 
> know when 3.9 is due (roughly) to avoid duplication of effort.
> 
> I get that this is an annoying question, and "it'll be ready when it's 
> ready" but in the meantime, I may (or may not) want to manually patch 
> based on the expectations.

i was hoping to finish arrcus support and add some error checking.  I could
postpone the former for the next release and finish the latter by mid-next
week.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] HP 2620-24-PoEP Switch (J9625A)

[heasley]

Mon, Dec 31, 2018 at 10:43:35AM +, FESSARD, Rémi:
> Hello,
> 
> Forgot this mail, it was not a firmware upgrade issue but just because my 
> colleague add "-PoE+" in the hostname.
> Without the "+", it works fine now.


 + isnt a valid hostname character (rfc1123).  its also a regex operator.
please just dont use it.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Ubuntu with Rancid 3.7 - Comware (CMW)

[heasley]

Wed, Dec 19, 2018 at 06:12:56AM +, aaron.sut...@glencore.com.au:
> Hi All,
> 
> Seeking some assistance as I'm a RANCID noob. Have had no issues getting 
> Cisco devices to work, however no luck with HPE switches.
> 
> I have a large environment of HPE switches which run COMEWARE v7. I found the 
> following device scripts by JRBINKS at the following link: 
> https://sites.google.com/site/jrbinks/code/rancid/cmwrancid
> 
> When I attempt to run a test against my device, I get the following error:
> 
> rancid@testrancidserver:~/bin$ ./rancid -d -t cmw aubneleaf3a0508
> loadtype: device type cmw
> loadtype: found device type cmw in /etc/rancid/rancid.types.conf
> loadtype: loading cmw failed: Can't locate cmw.pm in @INC (you may need to 
> install the cmw module) (@INC contains: /etc/perl 
> /usr/local/lib/x86_64-linux-gnu/perl/5.26.1 /usr/local/share/perl/5.26.1 
> /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5 
> /usr/lib/x86_64-linux-gnu/perl/5.26 /usr/share/perl/5.26 
> /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base 
> /usr/share/perl5/rancid) at /usr/share/perl5/rancid/rancid.pm line 257.

cmw.pm must be found in the path of rancid.conf:PERL5LIB

> Couldn't load device type spec for cmw
> 
> Server: Ubuntu x64 18.04
> Rancid version 3.7
> 
> >From /etc/rancid/rancid.conf
> BASEDIR=/var/lib/rancid; export BASEDIR
> PATH=/usr/lib/rancid/bin:/usr/bin:/usr/sbin:/bin:/usr/local/bin; export PATH
> 
> I've copied cmwlogin to /var/lib/rancid/bin
> I've copied cmw.pm to /var/lib
> 
> rancid@aubnesrv7rancid1:~/bin$ pwd
> /var/lib/rancid/bin
> rancid@aubnesrv7rancid1:~/bin$ ls cmwlogin -l
> -rwxr-xr-x 1 root root 30304 Dec 19 15:18 cmwlogin
> 
> rancid@aubnesrv7rancid1:~$ pwd
> /var/lib/rancid
> rancid@aubnesrv7rancid1:~$ ls cmw.pm -l
> -rwxr-xr-x 1 rancid rancid 16533 Dec 19 15:21 cmw.pm
> 
> rancid@testrancidserver:~/bin$ export
> declare -x HOME="/var/lib/rancid"
> declare -x LANG="en_US.UTF-8"
> declare -x LOGNAME="rancid"
> declare -x MAIL="/var/mail/rancid"
> declare -x OLDPWD="/var/lib/rancid"
> declare -x 
> PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/snap/bin"
> declare -x PWD="/var/lib/rancid/bin"
> declare -x SHELL="/bin/bash"
> declare -x SHLVL="1"
> declare -x TERM="xterm"
> declare -x USER="rancid"
> declare -x XDG_DATA_DIRS="/usr/local/share:/usr/share:/var/lib/snapd/desktop"
> 
> Anyone able to assist?
> 
> Kind Regards
> Aaron
> 
> 
> *
> 
> LEGAL DISCLAIMER. The contents of this electronic communication and any 
> attached documents are strictly confidential and they may not be used or 
> disclosed by someone who is not a named recipient.
> 
> If you have received this electronic communication in error please notify the 
> sender by replying to this electronic communication inserting the word 
> "misdirected" as the subject and delete this communication from your system.
> 
> *

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] end of run not found

['heasley']

Thu, Dec 13, 2018 at 10:45:36PM +, Wayne Eisenberg:
> > -Original Message-
> > From: heasley [mailto:h...@shrubbery.net]
> > Sent: Thursday, December 13, 2018 12:06 PM
> > To: Wayne Eisenberg 
> > Cc: 'rancid-discuss@shrubbery.net' 
> > Subject: Re: [rancid] end of run not found
> > 
> > Thu, Dec 13, 2018 at 07:55:29AM +, Wayne Eisenberg:
> > > Regarding some PowerConnect N2000/3000/4000 series switches, I am
> > getting "End of run not found" errors. If I use the smc type that is
> > recommended in the rancid.types.base file, I have the added pleasure of
> > getting "missed cmd(s): show version, dir, show vlan". Trying cisco as a 
> > type
> > doesn't change the 'end of run' error, although I don't miss any commands.
> > Trying my powerconnect type that I made earlier also results in 'end of run
> > not found'.
> > >
> > > Running 'clogin -c"dir,show version,show running-config" switchname'
> > works perfectly and returns to the command prompt.
> > >
> > > How do I troubleshoot 'end of run not found'?
> > >
> > 
> > it means that it did not find the end of the config.  look at the raw 
> > output and
> > srancid -dl  for missed command matches.  I suspect that it
> > srancid is not recognizing the prompt due to mangled input or unexpected
> > characters in the prompt.
> 
> How does one look at raw output?
> 
> 
export NOPIPE YES ; srancid -dl 
leaves hostname.raw

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] cisco login prompt changes

[heasley]

Fri, Dec 07, 2018 at 10:08:50AM +, Wayne Eisenberg:
> Hi,
> 
> BTW, I've been seeing on a few cisco devices where the username prompt is now 
> 'User Name:' or 'User name:' instead of 'user name:'. Should the next rancid 
> version update the 'set u_prompt' line to something like
> set u_prompt "(\[Uu]sername|Login|login|\[Uu]ser \[Nn]ame|User):"
> to account for the possible case change?
> 
> Wayne

yes.

Dear Cisco,  Please stop making changes for the sake of change.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] FXOS debugging

[heasley]

Fri, Nov 30, 2018 at 03:47:23PM +, Ryan West:
> John,
> 
> Still hitting the same issue and replicated it on a fresh Ubuntu 18.04 LTS 
> with 8.6 expect/tcl loaded on it.
> 
> > invalid command name "^-"
> while executing
> "^-"
> invoked from within
> "expect {
> -re "\b+"   { exp_continue }
> -re "^\[^\n\r *]*$reprompt" { send_user -- 
> "$expect_out(buffer)"
> }
> -re "^\[^\n\r]*$reprom..."
> (procedure "run_commands" line 36)
> invoked from within
> "run_commands $prompt $command"
> ("foreach" body line 206)
> invoked from within
> "foreach router [lrange $argv $i end] {
> set router [string tolower $router]
> # attempt at platform switching.
> set platform ""
> send_user ..."
> (file "/home/rwest/bin/fxlogin" line 870)

I do not see the cause in the code or the debug output.  And, I do not
have a device to test against.  running fxlogin against an IOS device
works fine.

maybe start with making sure that you are using the most recent alpha
version of fxlogin.  diffs since rancid 3.7 are attached.

> Thanks,
> 
> -ryan
> 
> -Original Message-
> From: heasley  
> Sent: Wednesday, November 28, 2018 5:54 PM
> To: Ryan West 
> Cc: heasley ; Rancid-discuss@shrubbery.net
> Subject: Re: [rancid] FXOS debugging
> 
> Wed, Nov 28, 2018 at 04:09:40PM +, Ryan West:
> > Same error -
> > 
> > Here is the list of installed TCL packages:
> > 
> > libtcl8.5:amd64
> > libtcl8.6:amd64 
> > tcl 
> > tcl-expect:amd64
> > tcl8.5  
> > tcl8.6  
> > 
> > On a 9.6 Debian version.  It's just this script that this throwing errors 
> > as well.
> 
> Why (how) do you have tcl 8.5 and 8.6?  Please make sure that expect is 
> linked with 8.6.
Index: bin/fxlogin.in
===
--- bin/fxlogin.in	(revision 3835)
+++ bin/fxlogin.in	(working copy)
@@ -76,11 +76,12 @@
 	}
 
 	# handle escaped ;s in commands, and ;; and ^;
-	regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-	regsub {^;} $esccommand "\u002;" command
-	set sep "\\1\u001"
-	regsub -all {([^\\])\;} $command "$sep" esccommand
-	set sep "\u001"
+	regsub -all {([^\\]);} $command "\\1\u0002;" esccommand
+	regsub -all {([^\\]);;} $esccommand "\\1;\u0002;" command
+	regsub {^;} $command "\u0002;" esccommand
+	regsub -all {[\\];} $esccommand ";" command
+	regsub -all {\u0002;} $command "\u0002" esccommand
+	set sep "\u0002"
 	set commands [split $esccommand $sep]
 	set num_commands [llength $commands]
 	set rshfail 0
@@ -356,7 +357,7 @@
 
 # Run commands given on the command line.
 proc run_commands { prompt command } {
-global do_saveconfig in_proc platform
+global do_interact do_saveconfig in_proc platform
 set in_proc 1
 
 # leave the prompt alone for fxos
@@ -374,11 +375,12 @@
 log_user 0
 
 # handle escaped ;s in commands, and ;; and ^;
-regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-regsub {^;} $esccommand "\u002;" command
-set sep "\\1\u001"
-regsub -all {([^\\])\;} $command "$sep" esccommand
-set sep "\u001"
+regsub -all {([^\\]);} $command "\\1\u0002;" esccommand
+regsub -all {([^\\]);;} $esccommand "\\1;\u0002;" command
+regsub {^;} $command "\u0002;" esccommand
+regsub -all {[\\];} $esccommand ";" command
+regsub -all {\u0002;} $command "\u0002" esccommand
+set sep "\u0002"
 set commands [split $esccommand $sep]
 set num_commands [llength $commands]
 # the pager can not be turned off on the PIX, so we have to look
@@ -385,11 +387,7 @@
 # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,
 # with a global switch in the config.
 for {set i 0} {$i < $num_commands} { incr i} {
-	if { [lindex $commands $i] == "\u002" } {
-	send -- "\r"
-	} else {
-	send -- "[subst -nocommands [lindex $commands $i]]\r"
-	}
+	send -- "[subst -nocommands [lindex $commands $i]]\r"
 	expect {
 	-re "\b+"{ exp_continue }
 	-re "^\[^\n\r *]*$reprompt"		{ send_user -- "$expect_out(buffer)"
@@ -397,7 +395,7 @@
 	-re "^\[^\n\r]*$reprompt."		{ send_user -- "$expect_out(buffer)"
 		  exp_continue
 		}
-	-re "^[^-]*--More--\[^\r\n]*[\r\n]+"	{ # fxos FTP pager
+	-re "^\[^-]*--More--\[^\r\n]*\[\r\n]+"	{ # fxos FTP pager
 		  send " "
 		  exp_continue
 		}
@@ -428,6 +426,11 @@
 }
 log_user 1
 
+if { $do_interact == 1 } {
+	interact
+	return 0
+}
+
 if { [string compare "extreme" "$platform"] } {
 	send -h "exit\r"
 } else {
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] F5 'bigip' SNMP password hash changes every run

[heasley]

Fri, Nov 30, 2018 at 04:05:52PM +, Gauthier, Chris:
> Hello,
> 
> We are using rancid 3.7 here and it successfully is backing up our F5’s.  
> However, since I added SNMPv3 onto a new pair of F5’s, the password hash 
> changes every time rancid runs.  I don’t mind this, since the purpose is to 
> maintain a backup that I can straight-out deploy to the device, except that I 
> don’t want the email telling me that password changed every time (which is 
> hourly for us).
> 
> Is there a way to filter out this from the email but not from what is 
> actually committed into the repo?

well, some options:
- alter rancid/share/rtrfilter to instead filter by line regex;
  also see rancid.conf(5):DIFFSCRIPT
- have two collections; one which filters passwords/etc, another which
  does not, but which also has no diff-mail recipients.  also see
  rancid.conf(5):FILES section

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] how cisco nx-os switch work with rancid with read-only account

[heasley]

Fri, Nov 30, 2018 at 04:40:31PM +0800, yuan song:
> i have a read access account "RO" in nexus 3048, and i add it to
> .cloginrc file like that:
> add method 10.36.0.71 {ssh}
> add cyphertype * aes128-ctr,aes128-cbc,3des-cbc
> add user 10.36.0.71 ro
> add password 10.36.0.71 XXX
> add noenable 10.36.0.71 1
> 
> however, rancid log give me:
> 10.36.0.71: End of run not found
> Error: TIMEOUT reached
> 
> But, if i give my account full read permission, It works just fine.
> Hope someone could help me here, thx a lot
> 
> PS:nexus config
> role name rancid
> rule 1 permit read
> rule 2 permit command show *
> username ro password XXX role rancid

rancid must be able to alter some terminal settings; I do not know if the
role above allows this.  It must also be able to run dir.  see the full
command list in rancid.types.base.

also see the rancid FAQ; Section 3, Question 2.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] FXOS debugging

[heasley]

Wed, Nov 28, 2018 at 04:09:40PM +, Ryan West:
> Same error - 
> 
> Here is the list of installed TCL packages:
> 
> libtcl8.5:amd64 
> libtcl8.6:amd64 
> tcl 
> tcl-expect:amd64
> tcl8.5  
> tcl8.6  
> 
> On a 9.6 Debian version.  It's just this script that this throwing errors as 
> well.

Why (how) do you have tcl 8.5 and 8.6?  Please make sure that expect is
linked with 8.6.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Arista DCS-7150S-24-F

[heasley]

Wed, Nov 28, 2018 at 09:13:27AM +0100, Михаил:
> Hello. I have a lot of such messages:
> 
> - !Power Supply 1: PWR-460AC-F 460W Ok 4 days, 13:36:23
> - !Power Supply 2: PWR-460AC-F 460W Ok 4 days, 13:36:23
> + !Power Supply 1: PWR-460AC-F 460W Ok 4 days, 14:06:22
> + !Power Supply 2: PWR-460AC-F 460W Ok 4 days, 14:06:2
> 
> - !Power Supply 1: PWR-460AC-F 460W Ok 4 days, 13:06:24
> - !Power Supply 2: PWR-460AC-F 460W Ok 4 days, 13:06:24
> + !Power Supply 1: PWR-460AC-F 460W Ok 4 days, 13:36:23
> + !Power Supply 2: PWR-460AC-F 460W Ok 4 days, 13:36:23
> 
> Command that produce it is sh environment all, below is full output:
> 
> sh environment all
> System temperature status is: Ok
>  Alert  
> Critical
>TempSetpoint  Limit 
> Limit
> Sensor  Description (C) (C)(C)   
> (C)
> --- --- --- --- -- 
> -
> 1   Cpu temp sensor39.8   (N/A) N/A 95   
> 100
> 2   Rear temp sensor   32.8   (N/A) N/A 65
> 75
> 3   Board temp sensor  29.6   (N/A) N/A 55
> 65
> 4   Front-panel temp sensor27.5   (N/A) N/A 55
> 65
> 5   Board temp sensor  31.4   (N/A) N/A 75
> 85
> 6   FM6000 temp sensor 35.9   (N/A) N/A 92   
> 100
> 
> PowerSupply 1:
>  Alert  
> Critical
>TempSetpoint  Limit 
> Limit
> Sensor  Description (C) (C)(C)   
> (C)
> --- --- --- --- -- 
> -
> 1   Power supply sensor26.0   (N/A) N/A 60
> 70
> 
> PowerSupply 2:
>  Alert  
> Critical
>TempSetpoint  Limit 
> Limit
> Sensor  Description (C) (C)(C)   
> (C)
> --- --- --- --- -- 
> -
> 1   Power supply sensor29.0   (N/A) N/A 60
> 70
> 
> System cooling status is: Ok
> Ambient temperature: 27C
> Airflow: port-side intake
>   Config ActualSpeedStable
> FanStatus  Speed  Speed   Uptime Stability   
> Uptime
> -- -- -- --  - 
> 
> 1/1Ok90%88% 4 days, 16:44:35 Stable4 days, 
> 16:44:17
> 2/1Ok90%88% 4 days, 16:44:35 Stable4 days, 
> 16:44:17
> 3/1Ok90%90% 4 days, 16:44:35 Stable4 days, 
> 16:44:17
> 4/1Ok90%90% 4 days, 16:44:35 Stable4 days, 
> 16:44:15
> PowerSupply1/1 Ok90%89% 4 days, 16:44:13 Stable4 days, 
> 16:43:24
> PowerSupply2/1 Ok90%89% 4 days, 16:44:13 Stable4 days, 
> 16:43:24
> 
> PowerInput  Output  Output
> Supply Model   Capacity Current Current  Power Status   Uptime
> -- ---  --- --- -- -- 
> 1  PWR-460AC-F 460W   0.33A   4.75A  55.0W Ok 4 days, 16:44:13
> 2  PWR-460AC-F 460W   0.30A   4.62A  55.0W Ok 4 days, 16:44:13
> Total  --  920W  --  -- 110.0W --   --
> 
> How can i get rid of it? Thanks :)

please try rancid 3.8; i think it is fixed there.

> Mit freundlichen Grüßen, Mikhail.

Ebenso.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] FXOS debugging

[heasley]

Tue, Nov 27, 2018 at 04:34:22PM +, Ryan West:
> send: sending "show model\r" to { exp5 }
> invalid command name "^-"
> while executing
> "^-"
> invoked from within
> "expect {
> -re "\b+"   { exp_continue }
> -re "^\[^\n\r *]*$reprompt" { send_user -- 
> "$expect_out(buffer)"
> }
> -re "^\[^\n\r]*$reprom..."
> (procedure "run_commands" line 36)
> invoked from within
> "run_commands $prompt $command"
> ("foreach" body line 206)
> invoked from within
> "foreach router [lrange $argv $i end] {
> set router [string tolower $router]
> # attempt at platform switching.
> set platform ""
> send_user ..."
> (file "/usr/local/rancid/bin/fxlogin" line 870)

hmm, i suspect this is a tcl bug.  are you perhaps using some crusty
Centos with an old tcl?  you could try changing:

-re "^\[^-]*--More--\[^\r\n]*\[\r\n]+"  { # fxos FTP pager

to

-re -- "^\[^-]*--More--\[^\r\n]*\[\r\n]+"  { # fxos FTP pager

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] FXOS debugging

[heasley]

Tue, Nov 27, 2018 at 03:55:46PM +, Ryan West:
> Hello,
> 
> I've attempted to login via fxrancid, but I'm not entirely sure where it's 
> failing.  Here is the debug when trying to run one command with fxrancid -d 
> 
> 
> And here it fails when trying to run the same command but with a command 
> fxlogin -d -c 'show model' 

you have to include the information that preceeded this and i need to see
the complete and unaltered prompt.

> expect: does "> " (spawn_id exp5) match glob pattern "Login failed"? no
> "% (Bad passwords|Authentication failed)"? (No Gate, RE only) gate=yes re=no
> "Press any key to continue"? no
> "Enter Selection: "? Gate "Enter Selection: "? gate=no
> "Press the  key [^\r\n]+[\r\n]+"? Gate "Press the  key *"? gate=no
> "@[^\r\n]+ ([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE 
> only) gate=yes re=no
> "Enter passphrase.*: "? Gate "Enter passphrase*: "? gate=no
> "([Uu]sername|Login|login|user name|User):"? (No Gate, RE only) gate=yes re=no
> "([Pp]assword|passwd|Enter password for [^ :]+):"? (No Gate, RE only) 
> gate=yes re=no
> "^([^ >]*)(>|#)"? (No Gate, RE only) gate=yes re=yes
> expect: set expect_out(0,string) ">"
> expect: set expect_out(1,string) ""
> expect: set expect_out(2,string) ">"
> expect: set expect_out(spawn_id) "exp5"
> expect: set expect_out(buffer) ">"
> send: sending "show model\r" to { exp5 }
> invalid command name "^-"
> while executing
> "^-"
> invoked from within
> "expect {
> -re "\b+"   { exp_continue }
> -re "^\[^\n\r *]*$reprompt" { send_user -- 
> "$expect_out(buffer)"
> }
> -re "^\[^\n\r]*$reprom..."
> (procedure "run_commands" line 36)
> invoked from within
> "run_commands $prompt $command"
> ("foreach" body line 206)
> invoked from within
> "foreach router [lrange $argv $i end] {
> set router [string tolower $router]
> # attempt at platform switching.
> set platform ""
> send_user ..."
> (file "/usr/local/rancid/bin/fxlogin" line 870)

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Ubiquiti edgeswitch (edgemax) script?

[heasley]

Tue, Nov 06, 2018 at 06:13:18PM +, Kevin Geil:
> Hi, I'm trying to get RANCID to poll my ubiquiti edge switches, and am a bit 
> perplexed.  From what I've found online in other mailing lists, it is 
> possible to use RANCID to poll these, using the edgemax script. So far, I've 
> set up the router.db with  edgemax.  When I invoke rancid-run, 
> nothing much happens, and when I look in the log, I see:
> =
> Getting missed routers: round 2.
> myEdgeSwitch: End of run not found
> !
> =
> 
> So far, I have tried adding my own device type by copying the "EdgeMax" 
> device config in rancid.types.base to rancid.types.conf, and calling it 
> EdgeSwitch (which is the right thing to do right? Despite the dire warnings 
> at the top of each file, it's not entirely clear how to do this, as they both 
> warn against editing the file).  I tried to use ulogin instead of clogin, 
> with the same result.
> I can successfully  authenticate to the switches by using both clogin and 
> ulogin.

unless you are changing the device spec somehow, there is no need to copy
it.  just use the edgemax spec.  otherwise, yes, copy the spec to the .conf
file with a different name.

> 
> What is now really confusing is that I don't know what script RANCID should 
> be running.  In rancid.types.base, the edgemax config looks like this:
> 
> ## UBNT EdgeMAX
> edgemax;script;rancid -t edgemax
> edgemax;login;clogin
> edgemax;module;edgemax
> ...more commands...

the script is rancid, which imports the named modules, edgemax{.pm} in
this case.  also see rancid.types.conf(5)

> What confuses me is that there isn't a script in the bin directory called 
> edgemax, so I'm not sure what script it should be running.  There IS a file 
> in lib/rancid called edgemax.pm, but that doesn't get referenced by the 
> config in rancid.types.base.
> 
> If someone could help clarify
> 
> 1. What "end of run not found" means to me, and

it means that it did not find the end of the config or possibly no config.
S3 Q2 of the FAQ has a good test outline.

> 2. What script the edgemax config should be running, I might be able to 
> figure this all out.
> 
> Thank you.
> 
> Kevin

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] paloalto feedback in current alpha [was: Re: clogin commenting script commands following multiple blanks lines]

[heasley]

Fri, Oct 26, 2018 at 06:24:10PM -0400, Erik Muller:
> On 10/24/18 18:32 , heasley wrote:
> > Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
> > ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
> > esp for palo alto, of which I have none.
> 
> At least on 8.1.4 on my 3250s, the cli is a little bit busted until you get 
> out of interactive mode - for every space you enter between words in the 
> command, it redraws the current line, which was messing up the prompt 
> matching as below.  Fix for that attached at end of message.
> -e

super; committed.  thanks.

> diff -ur rancid-3.99.99/etc/rancid.types.base 
> rancid-3.99.99-em/etc/rancid.types.base
> --- rancid-3.99.99/etc/rancid.types.base  2018-10-24 11:13:49.0 
> -0400
> +++ rancid-3.99.99-em/etc/rancid.types.base   2018-10-26 17:16:53.950868707 
> -0400
> @@ -607,9 +607,8 @@
>  paloalto;login;panlogin
>  paloalto;module;panos
>  paloalto;inloop;panos::inloop
> -paloalto;command;rancid::RunCommand;set cli scripting-mode on
> -paloalto;command;rancid::RunCommand;set cli pager off
>  paloalto;command;panos::ShowInfo;show system info
> +paloalto;command;panos::ShowInventory;show chassis inventory
>  paloalto;command;panos::ShowConfig;show config running
>  #
>  procket;script;prancid
> diff -ur rancid-3.99.99/lib/panos.pm.in rancid-3.99.99-em/lib/panos.pm.in
> --- rancid-3.99.99/lib/panos.pm.in2016-02-16 07:28:46.0 -0500
> +++ rancid-3.99.99-em/lib/panos.pm.in 2018-10-26 17:19:11.552895792 -0400
> @@ -119,6 +119,23 @@
>  return(0);
>  }
> 
> +# This routine parses "show chassis inventory"
> +sub ShowInventory {
> +my($INPUT, $OUTPUT, $cmd) = @_;
> +my($slot);
> +
> +print STDERR "In ShowInventory:: $_" if ($debug);
> +
> +while (<$INPUT>) {
> + tr/\015//d;
> + last if (/^$prompt/);
> +
> + ProcessHistory("INV","","","#$_");
> +}
> +ProcessHistory("INV","","","#\n");
> +return(0);
> +}
> +
> 
>  # This routine parses "show config running"
>  sub ShowConfig {

Is this a new command or specific to larger platforms?  What is the error
if the command is unknown?

> diff -ur rancid-3.99.99/lib/nxos.pm.in rancid-3.99.99-em/lib/nxos.pm.in
> --- rancid-3.99.99/lib/nxos.pm.in 2018-09-19 18:02:44.0 -0400
> +++ rancid-3.99.99-em/lib/nxos.pm.in  2018-10-26 17:58:51.611639817 -0400
> @@ -494,9 +494,12 @@
>   # Drop vtp_debug.log and vtp_debug_old.log CDETS bug CSCuy87611
>   /\s+vtp_debug(_old)?\.log$/ && next;
> 
> + # Drop bcm_mem_locl_trace.log
> + /\s+bcm_mem_lock_trace\.log$/ && next;
> +
>   next if (/BufferMonitor-1HourData/);
> 
> - if (/( debug_logs| log)\/$/) {
> + if (/( debug_logs| log| vdc_\d+)\/$/) {
>   # change
>   # 8192Jan 08 14:05:05 2015  log/
>   # to

did I miss an explaination of this patch?  I see what it does, but ...

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Problem rancid 3.7 after cmw / hp 5130 routers 5130 firmware upgrade

[heasley]

Wed, Oct 31, 2018 at 09:10:27AM +0100, Service Informatique CH DECIZE:
> We have made a clogin test :
> "
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *rancid@SRV-TOOLS2:/usr/lib/rancid/bin$ ./clogin SWA22swa22spawn telnet -K
> swa22Trying 172.16.1.22...telnet: Unable to connect to remote host:
> Connection refusedspawn ssh -c aes128-cbc -x -l admin swa22admin@swa22's
> password: exitConnection to swa22
> closed.rancid@SRV-TOOLS2:/usr/lib/rancid/bin$ ./clogin SWA21swa21spawn
> telnet -K swa21Trying 172.16.1.21...Connected to swa21.ch-decize.fr
> <http://swa21.ch-decize.fr>.Escape character is '^]'.Login
> authenticationUsername:adminPassword:quitConnection closed by
> foreign host.rancid@SRV-TOOLS2:/usr/lib/rancid/bin$ *"
> 
> SWA22, as SWSR1, is a router for which we receive "config fetcher problems"
> mails...
> SWA21 is a router for which we have no problem.
> SWA22 clogin test shows a first telnet connexion refused. It's perhaps the
> origin of our problem ?

we do not support that module; ask whomever wrote it.  but, my guess
would be that the cause is that the device appears to not reliably
echo the  after 'exit' and the loop around input must be adjusted
to accept that, as the ios module does.

i do not know the hp 5130; you might try the hp, foundry, or smc device
types that rancid supports.

> Thanks for your help.
> 
> 
> Le mer. 31 oct. 2018 à 08:44, Service Informatique CH DECIZE <
> serv.informatique@gmail.com> a écrit :
> 
> > We use cmw device type (before and after upgrade)...
> > No modification in the rancid config. Just routers firmware upgrade.
> >
> >
> > Le mar. 30 oct. 2018 à 16:40, heasley  a écrit :
> >
> >> Tue, Oct 30, 2018 at 12:02:09PM +0100, Service Informatique CH DECIZE:
> >> > Hello,
> >> >
> >> > We have made a firmware update on our cwm / hp 5130 routers : upgrade
> >> from
> >> > 3115P05 release (7.1.045) to 3208P03 release (7.1.070).
> >> > Since upgrade, we receive "config fetcher problems" mails, that
> >> indicates " The
> >> > following routers have not been successfully contacted for more than 24
> >> > hours".
> >> > In the rancid logs, we can see for these routers :
> >> > " Trying to get all of the configs.
> >> > swsr1: End of run not found
> >> > return
> >> > =
> >> > Getting missed routers: round 1.
> >> > swsr1: End of run not found
> >> > return
> >> > ... "
> >> > Does anyone know where is the problem ?
> >> > Before upgrade, everything was ok with these routers in rancid.
> >>
> >> what device type are you using for these?  It looks like you are using a
> >> older version of rancid or have a custom module?
> >>
> >

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] router config diffs

[heasley]

Thu, Oct 25, 2018 at 04:33:45PM -0400, Lee:
> On 10/25/18, heasley  wrote:
> > Thu, Oct 25, 2018 at 04:46:48AM +, Wayne Eisenberg:
> >> > I'd go with changing control_rancid.  Search for
> >> >
> >> > # Mail out the diffs (if there are any).
> >> > if [ -s $TMP.diff ] ; then
> >>
> >> Bingo. I found my tweak. Thanks, Lee! Instead of actually sending the
> >> email, I had just redirected it to /dev/null.
> >>
> >> -) | $SENDMAIL -t $MAILOPTS
> >> +   ) > /dev/null
> >>
> >> Maybe that could be a config choice in rancid.conf (if it were a global
> >> switch) or .cloginrc (if you wanted to turn off mail for specific devices
> >> or groups)?
> >>
> >>
> >> -Original Message-
> >> From: Lee [mailto:ler...@gmail.com]
> >> Sent: Sunday, October 21, 2018 5:46 PM
> >> To: Wayne Eisenberg 
> >> Cc: rancid-discuss@shrubbery.net
> >> Subject: Re: [rancid] router config diffs
> >>
> >> On 10/21/18, Wayne Eisenberg  wrote:
>   <.. snip ..>
> >> > I probably didn't do a good job of explaining. I'm not getting the
> >> > same diff over and over. They are new versions, valid diffs. I don't
> >> > see how svn could get out of sync, when the crontab was inactive
> >> > (everything rem'ed out) so there was no activity during the upgrade.
> >> > Before the upgrade, I know there were router config changes taking
> >> > place and I did not get an email about them. Now I do. So I'm hunting
> >> > for how to turn the notifications off.
> >>
> >> I'd go with changing control_rancid.  Search for
> >
> > why?  there are 3 manners of affecting the same result, but without
> > modifying the installed base and without needing to remember that
> > change following the next upgrade.  embrace the unix
> > methodology - assemble (pipe) simple tools for complex results.
> 
> I haven't tried this, but it sure looks like one could build rancid with
> export SENDMAIL=/usr/local/bin/sendmail_alt
> ./configure --prefix= ..etc..
> 
> and have /usr/local/bin/sendmail_alt be just
> exit

youre making that more difficult than necessary,

export SENDMAIL="dd of=/dev/null bs=32k"

but, you still want the admin email, imiho, and that will break it.

> and that would take care of not sending emails or doing something
> other than sending mail.  Yes?   but that means you'd have to build
> rancid instead of just installing from some repository..
> 
> In any case, I went with changing control_rancid because there were a
> few other things I wanted to do like filtering out passwords, keys,
> hashes, etc. from the mail msg before sending it. So right after the
>   # Diff the directory and then checkin.
> section I added
> 
> # -LR- begin: remove passwords, etc. from diff listing
> /usr/local/bin/sanitize.sh $TMP.diff >$TMP.diff2
> /bin/mv  $TMP.diff2 $TMP.diff
> # -LR- end  : remove passwords etc. from diff listing

this too is possible without changing control_rancid; see rancid.conf(5)
for FILTER_PWDS & DIFFSCRIPT.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] clogin commenting script commands following multiple blanks lines

[Heasley]

> Am 25.10.2018 um 12:53 schrieb Erik Muller :
> 
>> On 10/24/18 18:32 , heasley wrote:
>> Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
>>> I missed that in your example, but noticed it in testing...after I sent that
>>> patch.  This is my final patch, i think.  I havent committed it yet, as I
>>> want to review it once more.
>> 
>> ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
>> esp for palo alto, of which I have none.
> 
> That one was really close, but still didn't pass through ^; from command 
> files properly.
> After a bit more tweaking, the following change seems to get it to handle all 
> my test cases correctly.
> 

You have to escape the ; in the file (\;). The An argument could be made either 
way, i leN toward not altering the behavior of -x. 

> erikm@vpn41:~/ports-dev [15:21 - 1497]$ diff -Naur 
> /opt/local/libexec/rancid/clogin-3.99.99.bak 
> /opt/local/libexec/rancid/clogin-3.99.99
> --- /opt/local/libexec/rancid/clogin-3.99.99.bak2018-10-24 
> 19:46:30.0 -0400
> +++ /opt/local/libexec/rancid/clogin-3.99.992018-10-25 15:21:18.0 
> -0400
> @@ -253,7 +253,8 @@
>}
>set cmd_text [read $cmd_fd]
>close $cmd_fd
> -set command [join [split $cmd_text \n] \;]
> +regsub -all {;} $cmd_text "\\;" cmd_text
> +set command [join [split $cmd_text \n] \u002;]
>set do_command 1
># 'ssh -c' cypher type
>} -y* {
> @@ -444,13 +445,8 @@
>continue;
>}
> 
> -# handle escaped ;s in commands, and ;; and ^;
> -regsub -all {([^\\]);} $command "\\1\u002;" esccommand
> -regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
> -regsub {^;} $command "\u002;" esccommand
> -regsub -all {[\\];} $esccommand ";" command
> -regsub -all {\u002;} $command "\u002" esccommand
> -set sep "\u002;"
> +set esccommand [escapecommandlist $command]
> +set sep "\u002"
>set commands [split $esccommand $sep]
>set num_commands [llength $commands]
>set rshfail 0
> @@ -724,6 +720,21 @@
> return 0
> }
> 
> +# handle escaped ;s in commands, and ;; and ^;
> +proc escapecommandlist {command} {
> +# \; should be passed through as a ;
> +# ^; should be treated as a comment (when coming from a command file)
> +# ;; represents a literal ; before a subsequent command (?)
> +# other ;s are separators between items in a sequence of commands
> +# note this is processed as one big multiline text blob, so ^ anchors may
> +# not work as expected
> +regsub -all {([^\\\u002]);} $command "\\1\u002;" esccommand
> +regsub -all {([^\\\u00a\u00d\u002]);;} $esccommand "\\1;\u002;" command
> +regsub -all {\u002;} $command "\u002" esccommand
> +regsub -all {[\\];} $esccommand ";" command
> +return $command
> +}
> +
> # Run commands given on the command line.
> proc run_commands { prompt command } {
> global do_interact do_saveconfig in_proc platform
> @@ -742,12 +753,7 @@
> # this is the only way i see to get rid of more prompts in o/p..gr
> log_user 0
> 
> -# handle escaped ;s in commands, and ;; and ^;
> -regsub -all {([^\\]);} $command "\\1\u002;" esccommand
> -regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
> -regsub {^;} $command "\u002;" esccommand
> -regsub -all {[\\];} $esccommand ";" command
> -regsub -all {\u002;} $command "\u002" esccommand
> +set esccommand [escapecommandlist $command]
> set sep "\u002"
> set commands [split $esccommand $sep]
> set num_commands [llength $commands]
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] clogin commenting script commands following multiple blanks lines

[heasley]

Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
> I missed that in your example, but noticed it in testing...after I sent that
> patch.  This is my final patch, i think.  I havent committed it yet, as I
> want to review it once more.

ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
esp for palo alto, of which I have none.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] clogin commenting script commands following multiple blanks lines

[heasley]

Wed, Oct 24, 2018 at 04:43:41PM -0400, Erik Muller:
> On 10/24/18 13:28 , heasley wrote:
> > Sat, Sep 29, 2018 at 03:19:00PM -0700, Erik Muller:
> >> So here's an odd thing I just ran across.  Running clogin with a script 
> >> with multiple blank lines has some very unexpected behaviour.  It looks 
> >> like it's turning \n\n into \n;, with the net effect of commenting out any 
> >> command that follows two blank lines.  Reproducible on ubuntu 12.04 and 
> >> OSX 10.13 with stock 3.8 source.  Works as expected in 2.3.8 ubuntu 
> >> packages.
> >>
> >> The culprit is definitely in the "# handle escaped ;s in commands, and ;; 
> >> and ^;" section of clogin (rolling that block back to what was in 2.3.8 
> >> fixes it), but trying to grok that in expect language to provide a real 
> >> fix makes my head hurt, so I'll leave this as a bug report.  Examples 
> >> below.
> >>
> >> thanks,
> >> -e
> > 
> > I believe that patch addresses this bug.
> 
> 
> That definitely fixes the blanks-may-comment-the-next-line issue, though it 
> looks like it also breaks handling of escaped ;s as well.
> 
> before:
> $ clogin-3.8 -c 'sh ip bgp nei | inc 1\; ; show ver | inc ^Model Num' fl1-as01
> ...
> fl1-as01#sh ip bgp nei | inc 1;
>   Route to peer address reachability Up: 1; Down: 0
>   Connections established 1; dropped 0
> 
> 
> with patch:
> $ clogin -c 'sh ip bgp nei | inc 1\; ; show ver | inc ^Model Num' fl1-as01
> ...
> fl1-as01#sh ip bgp nei | inc 1
> BGP neighbor is x.x.x.x,  remote AS 42, external link
> 
> 
> 
> And it seems to eat leading semicolon comments as well:
> 
> $ cat ~/clogin-blanks-test2
> show bridge
> ; just a comment
> $ clogin -x ~/clogin-blanks-test2 fl1-as01.polaris.corp
> ...
> fl1-as01#show bridge
> fl1-as01#
> fl1-as01#
> fl1-as01#
> fl1-as01# just a comment
>   ^
> % Invalid input detected at '^' marker.
> 

I missed that in your example, but noticed it in testing...after I sent that
patch.  This is my final patch, i think.  I havent committed it yet, as I
want to review it once more.

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3909)
+++ bin/clogin.in   (working copy)
@@ -76,11 +76,12 @@
}
 
# handle escaped ;s in commands, and ;; and ^;
-   regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-   regsub {^;} $esccommand "\u002;" command
-   set sep "\\1\u001"
-   regsub -all {([^\\])\;} $command "$sep" esccommand
-   set sep "\u001"
+   regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+   regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+   regsub {^;} $command "\u002;" esccommand
+   regsub -all {[\\];} $esccommand ";" command
+   regsub -all {\u002;} $command "\u002" esccommand
+   set sep "\u002;"
set commands [split $esccommand $sep]
set num_commands [llength $commands]
set rshfail 0
@@ -373,11 +374,12 @@
 log_user 0
 
 # handle escaped ;s in commands, and ;; and ^;
-regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-regsub {^;} $esccommand "\u002;" command
-set sep "\\1\u001"
-regsub -all {([^\\])\;} $command "$sep" esccommand
-set sep "\u001"
+regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+regsub {^;} $command "\u002;" esccommand
+regsub -all {[\\];} $esccommand ";" command
+regsub -all {\u002;} $command "\u002" esccommand
+set sep "\u002"
 set commands [split $esccommand $sep]
 set num_commands [llength $commands]
 # the pager can not be turned off on the PIX, so we have to look
@@ -384,11 +386,7 @@
 # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,
 # with a global switch in the config.
 for {set i 0} {$i < $num_commands} { incr i} {
-   if { [lindex $commands $i] == "\u002" } {
-   send -- "\r"
-   } else {
-   send -- "[subst -nocommands [lindex $commands $i]]\r"
-   }
+   send -h -- "[subst -nocommands [lindex $commands $i]]\r"
expect {
-re "^\b+"  { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user -- 
"$expect_out(buffer)"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] clogin commenting script commands following multiple blanks lines

[heasley]

Sat, Sep 29, 2018 at 03:19:00PM -0700, Erik Muller:
> So here's an odd thing I just ran across.  Running clogin with a script with 
> multiple blank lines has some very unexpected behaviour.  It looks like it's 
> turning \n\n into \n;, with the net effect of commenting out any command that 
> follows two blank lines.  Reproducible on ubuntu 12.04 and OSX 10.13 with 
> stock 3.8 source.  Works as expected in 2.3.8 ubuntu packages.
> 
> The culprit is definitely in the "# handle escaped ;s in commands, and ;; and 
> ^;" section of clogin (rolling that block back to what was in 2.3.8 fixes 
> it), but trying to grok that in expect language to provide a real fix makes 
> my head hurt, so I'll leave this as a bug report.  Examples below.
> 
> thanks,
> -e

I believe that patch addresses this bug.

Index: bin/clogin.in
===
--- bin/clogin.in   (revision 3909)
+++ bin/clogin.in   (working copy)
@@ -76,12 +76,12 @@
}
 
# handle escaped ;s in commands, and ;; and ^;
-   regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-   regsub {^;} $esccommand "\u002;" command
-   set sep "\\1\u001"
-   regsub -all {([^\\])\;} $command "$sep" esccommand
-   set sep "\u001"
-   set commands [split $esccommand $sep]
+   regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+   regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+   regsub {^;} $command "\u002;" esccommand
+   regsub -all {[\\];} $esccommand ";" command
+   set sep "\u002;"
+   set commands [split $command $sep]
set num_commands [llength $commands]
set rshfail 0
for {set i 0} {$i < $num_commands && !$rshfail} { incr i} {
@@ -373,12 +373,12 @@
 log_user 0
 
 # handle escaped ;s in commands, and ;; and ^;
-regsub -all {([^\\]);;} $command "\\1;\u002;" esccommand
-regsub {^;} $esccommand "\u002;" command
-set sep "\\1\u001"
-regsub -all {([^\\])\;} $command "$sep" esccommand
-set sep "\u001"
-set commands [split $esccommand $sep]
+regsub -all {([^\\]);} $command "\\1\u002;" esccommand
+regsub -all {([^\\]);;} $esccommand "\\1;\u002;" command
+regsub {^;} $command "\u002;" esccommand
+regsub -all {[\\];} $esccommand ";" command
+set sep "\u002;"
+set commands [split $command $sep]
 set num_commands [llength $commands]
 # the pager can not be turned off on the PIX, so we have to look
 # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] router config diffs

[heasley]

Sun, Oct 21, 2018 at 05:45:41PM -0400, Lee:
> On 10/21/18, Wayne Eisenberg  wrote:
> > Hi,
> >
> > I'm using SVN, not CVS.
> >
> > I probably didn't do a good job of explaining. I'm not getting the same diff
> > over and over. They are new versions, valid diffs. I don't see how svn could
> > get out of sync, when the crontab was inactive (everything rem'ed out) so
> > there was no activity during the upgrade. Before the upgrade, I know there
> > were router config changes taking place and I did not get an email about
> > them. Now I do. So I'm hunting for how to turn the notifications off.
> 
> I'd go with changing control_rancid.  Search for
> 
> # Mail out the diffs (if there are any).
> if [ -s $TMP.diff ] ; then
> 
> which looks like the line to change to turn notifications off.  Or
> check the FAQ:
> Q. I just want to store configrurations, I do not want to receive diffs.  How
>can I accomplish this?
> A. Use procmail to filter them out of your inbox.
>OR, redirect the mail aliases in your MTA's aliases file or database to a
>mailman list with no subscribers.
>OR, redirect the mail aliases to /dev/null.
>OR, set DIFFSCRIPT in rancid.conf to something that eats it's input, such
>as "dd of=/dev/null bs=16k".

Ja.  or if it is a diff repeatedly of something that ought to be ignored,
share examples.

> Regards,
> Lee
> >
> > I'm also noticing a .cvsignore file in the 'configs' folder in WebSVN. Not
> > sure why that is there or if I should care. It wasn't there before the
> > upgrade.

its also used for svn

> > Thanks,
> > Wayne
> >
> >
> > -Original Message-
> > From: heasley [mailto:h...@shrubbery.net]
> > Sent: Friday, October 19, 2018 11:47 AM
> > To: Wayne Eisenberg 
> > Cc: 'rancid-discuss@shrubbery.net' 
> > Subject: Re: [rancid] router config diffs
> >
> > Fri, Oct 19, 2018 at 05:54:48AM +, Wayne Eisenberg:
> >> I just upgraded from 3.1 to 3.8, and all of a sudden I am getting emails
> >> every time there is a change in the config - 'router config diff' emails.
> >> I must have tweaked something in the previous version so that I wasn't
> >> getting them for every change in config, but I don't remember what. Is
> >> there a switch or conf variable that can turn it off? I just want to be
> >> notified if rancid can't contact a device.
> >>
> >
> > please see the FAQ S2 Q4.  your cvs working directory is most likely out of
> > sync somehow.
> >
> >
> > 
> >
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] router config diffs

[heasley]

Fri, Oct 19, 2018 at 05:54:48AM +, Wayne Eisenberg:
> I just upgraded from 3.1 to 3.8, and all of a sudden I am getting emails 
> every time there is a change in the config - 'router config diff' emails. I 
> must have tweaked something in the previous version so that I wasn't getting 
> them for every change in config, but I don't remember what. Is there a switch 
> or conf variable that can turn it off? I just want to be notified if rancid 
> can't contact a device.
> 

please see the FAQ S2 Q4.  your cvs working directory is most likely out
of sync somehow.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] FortiGate - config fetch ends prematurely - hash-mark in config file

[heasley]

Wed, Oct 17, 2018 at 04:36:35AM +, Ni Ne:
> Noticed that a full config backup of some of our FortiGates have been failing 
> due to a hash-mark (#) present in the configuration itself. FortiGates let 
> you add comments to nearly any objects. The comment field is free-form, best 
> I can tell, and lets you insert hash-mark characters. For example a service 
> object had this configuration causing the rancid run to fail at the offending 
> line of "set comment":
> 
> --
> config firewall service custom
> edit "TCP/UDP-4118-4122"
> set proxy disable
> set category ''
> set protocol TCP/UDP/SCTP
> set helper auto
> set check-reset-range default
> set comment "Ticket # 123456"
> set color 1
> set visibility enable
> set iprange 0.0.0.0
> set fqdn ''
> set tcp-portrange 4118-4122
> set udp-portrange 4118-4122
> unset sctp-portrange
> set tcp-halfclose-timer 0
> set tcp-halfopen-timer 0
> set tcp-timewait-timer 0
> set udp-idle-timer 0
> set session-ttl 0
> next
> end
> --
> 
> After removing all offending characters from the firewall config the 
> rancid-run completed fully and normally.
> 
> I've been playing around with fnrancid (3.8, build 3763) to try to find a way 
> to accommodate this happening again, but with only partial success.
> 
> I changed the prompt setting code to the following:
> 
> --
> # - FortiGate prompts end with either '#' or '$'. Further, they may
> # be prepended with a '~' if the hostname is too long. Therefore,
> # we need to figure out what our prompt really is.
> if (!defined($prompt)) {
> if ($_ =~ '^(.*) # ') {
> $prompt = "$1 # ";
> --
> 
> The above works great when the rancid user has root/super_admin permissions 
> (hash-mark (#) prompt). Adjusting rancid to have non-root permissions with a 
> dollar-sign ($) prompt and tacking on some additional code, rancid fails due 
> to end of run not found.
> 
> --
> # - FortiGate prompts end with either '#' or '$'. Further, they may
> # be prepended with a '~' if the hostname is too long. Therefore,
> # we need to figure out what our prompt really is.
> if (!defined($prompt)) {
> if ($_ =~ '^(.*) # ') {
> $prompt = "$1 # ";
> } else {
> if ($_ =~ '^(.*) \$ ') {
> $prompt = "$1 \$ ";
> }
> }
> }
> --
> 
> I tried some variations and either get the same error (end of run not found) 
> or every config line is pre-pended with #. I even tried explicitly defining 
> the firewall name inside $prompt against the firewall I am testing to bypass 
> $1 expansion.
> 
> Anyone have ideas why this is failing? I added some debug statements and my 
> regex matches and $prompt is being set as I would expect, but for some reason 
> it's not matching when rancid runs.
> 
> Doing some testing, when the hostname in the prompt does get truncated, it 
> stays the same regardless of what config level you enter.
> 
> Here is example of setting a 25-character hostname and then entering a few 
> levels of config:

is the content before the '~' consistent?  ie: the first 20 characters?
and its always followed by a space?  and possibly a sub-level in
parentheses?

IOS does similar junk, so we have an art for this that just needs to be
tailored.

> --
> fortigate-firewall # config system global
> fortigate-firewall (global) # set hostname 1234567890123456789012345
> fortigate-firewall (global) # end
> 12345678901234567890~345 #
> 12345678901234567890~345 # config firewall service group
> 12345678901234567890~345 (group) # edit JD_TEST_GROUP
> 12345678901234567890~345 (JD_TEST_GROUP) # set comment "coding is fun"
> 12345678901234567890~345 (JD_TEST_GROUP) # end
> 12345678901234567890~345 #
> --
> 
> 
> Thanks,
> 
> -Aaron
> 

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

[heasley]

Thu, Oct 18, 2018 at 03:17:56AM +, Piegorsch, Weylin William:
> Thanks.  I just tried, and got the same "end of run not found."  Then I 
> realized I wasn’t merely cutting/pasting from one location to another, but 
> also the specific logout text test changed; once I updated to what you 
> showed, it worked perfectly.  Also - the lines I had were at different 
> indexes, and different offsets between old/new locations where the commands 
> moved.  For reference, diff below not to my .in file (I don’t have the 
> original install makefiles), but against the production library file.

super.  these changes have been committed, so you can have the full file
from the alpha tarball or the svn repo at 
http://rancid.shrubbery.net/rancid/svn/rancid/trunk/rancid .

> Lest I forget – Muchos mahalo for the help on this the past few months 
> working through things.

thank you! for being responsive & helping.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] rancid - show password in configs

[heasley]

Thu, Oct 18, 2018 at 07:55:19AM +, Ra'ed Habib | TAWASOL:
> Hello there,
> 
> We have been using rancid to backup our switches and it has been amazing so 
> far, but the issue is that anywhere a password or a smtp community it appears 
> as "", is there anyway to show the actual password in plain text ?
> 

see rancid.conf(5).

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid not updating

[heasley]

Wed, Oct 17, 2018 at 02:40:50PM +, Larry Larsen:
> I agree with your analysis on refused, host key and time outs.  I was going 
> to work on them one by one as it went along.  Hopefully someone knows 
> something about CVS.

that is addressed in the rancid FAQ.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] error after migrating to new server

[heasley]

Tue, Oct 16, 2018 at 03:06:53PM +, Andrew Meyer:
> Is this a perl/python or something else command?  I think I found the package 
> in Amazon Linux. 

its a command that comes with rancid.  my guess is one of

- you copied rancid from another machine and missed it
- the pre-built package you installed is broken
- you copied rancid.conf from another machine and its PATH doesnt match,
  so it cant find par.
- you deleted it somehow
- you're using an old version of rancid, when par was a perl script, and
  the interpretter line is wrong
- par lacks executable mode bits

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

[heasley]

Fri, Oct 12, 2018 at 03:36:20PM +, Piegorsch, Weylin William:
> ...with the exception of “if (!$clean_run || !$found_end)”.  For some reason 
> I don’t understand, I keep getting “End of run not found”. I’ve attached .raw 
> and .new files following an execution of “NOPIPE=YES rancid -d -t cisco-wlc5 
> ”.  I’m guessing it’s somehow related to how the session closes, but 
> that’s a 100% guess. Any idea how I can resolve?

the device isnt echoing the \r\n at the logout.  i think this will fix it:

Index: lib/ciscowlc.pm.in
===
--- lib/ciscowlc.pm.in  (revision 3875)
+++ lib/ciscowlc.pm.in  (working copy)
@@ -42,10 +42,6 @@
 
 TOP: while(<$INPUT>) {
tr/\015//d;
-   if (/^.*logout(\s*Connection.*closed.*)?$/)  {
-   $clean_run = 1;
-   last;
-   }
if (/^Error:/) {
print STDOUT ("$host wlogin error: $_");
print STDERR ("$host wlogin error: $_") if ($debug);
@@ -78,6 +74,10 @@
last TOP;
}
}
+   if (/^.*logout(\s*connection.*closed.*)?$/i) {
+   $clean_run = 1;
+   last;
+   }
 }
 }
 
@@ -91,6 +91,7 @@
 while (<$INPUT>) {
 tr/\015//d;
 tr/\020//d;
+   last if (/^$prompt/);
 
next if (/^\s*rogue ap classify/);
next if (/^\s*rogue (adhoc|client) (alert|unknown)/i);
@@ -118,7 +119,6 @@
ProcessHistory("","","","!$1 \n"); next;
}
 
-   last if (/^$prompt/);
next if (/^(\s*|\s*$cmd\s*)$/);
 
$linecnt++;

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to Conduct Cisco Wireless Controller Backup

[heasley]

Fri, Oct 12, 2018 at 03:36:20PM +, Piegorsch, Weylin William:
> send -h "exit\r"
> 
> I changed that line to '   send -h "logout\r"   ', and now I'm getting a 
> clean logout.  Wlogin from 3.8 seems to fix this from reading through 
> wlogin.in (I couldn't fudge things to get wlogin-3.8 to work and still use 
> the rest of the 3.4.1 files).

that is right.  if you installed 3.4.1 from source, you can probably just
copy wlogin.in from 3.8 over that of 3.4.1, build and install.

> In addition to catching these two -re match blocks in run_commands (I 
> actually need both, it wouldn't work at all when I tried to combine them), 
> that seems to have cleared up all the issues I have
> 
>-re "^--More or .*" { send " "
>   exp_continue
> }
> -re "^--More-- .*"  { send " "
>   exp_continue
> }

3.8 has versions of these; it is not clear to me if you are saying that
you added these to 3.8, or if you needed them in addition to what is in
3.8.

> ...with the exception of “if (!$clean_run || !$found_end)”.  For some reason 
> I don’t understand, I keep getting “End of run not found”. I’ve attached .raw 
> and .new files following an execution of “NOPIPE=YES rancid -d -t cisco-wlc5 
> ”.  I’m guessing it’s somehow related to how the session closes, but 
> that’s a 100% guess. Any idea how I can resolve?
> 

i'll look.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Simple web-frontend for rancid files?

[heasley]

Wed, Oct 10, 2018 at 11:30:54AM -0400, Eric W. Bates:
> - add a post-commit hook to the repository on RANCiD such that it pushes 
> to gitlab:

that should not be necessary, if the remote is added to the origin.

http://www.shrubbery.net/pipermail/rancid-discuss/2018-August/010348.html

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] RANCID and gitweb - preventing the CVS repo path from showing

[heasley]

Tue, Oct 02, 2018 at 12:04:01AM +, Aaron Wasserott:
> Upgraded my old RANCID software to the latest, and switched from CVS to git. 
> I also installed gitweb as the WebUI interface for browsing RANCID files.
> 
> One minor annoyance I ran into was not only was every group folder being 
> displayed (e.g, switches, routers, firewalls, etc) but the CVS path of each 
> was displayed as well.
> 
> So the gitweb page would show something like this:
> 
> firewall/.git
> router/.git
> switch/.git
> CVS/firewall
> CVS/router
> CVS/switch

The one that i have uses
our $projects_list = "/path/rancid/etc/gitweb.conf";
that is built hourly with a list of groups,
/.git
/.git
...

CVS/* do not appear.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Run secondary login / collection script for entries in router.db? Anyone doing something like this?

[heasley]

Tue, Oct 02, 2018 at 06:15:20PM +, Ni Ne:
> I am curious to see the effort behind having the default configuration backup 
> contain only the device configuration, and push other things like file 
> system, interface status, inventory, etc, into a separate file. The main 
> reason is I want to greatly increase the amount of ancillary data retrieved 
> for each device, but don't want to clutter the configuration file itself, so 
> disaster recovery is simpler.

my suggestion is that you do not alter the existing device types in rancid,
leave them as is and collect the additional information as separate device
types in a separate group to avoid the hostname collision.

group1/router.db: host.name.co;cisco;up

group2/router.db: host.name.co;cisco-expanded;up

define cisco-expanded in rancid.type.conf with your own perl module to
do whatever filtering/etc is needed.  I think I wrote an example of
this in the FAQ or perhaps in rancid.types.conf(5).

> Is anyone doing this in a stream-lined fashion, where secondary login scripts 
> are called for each device present in a router.db file? Ideally the 
> administrator would only need to add a device once, and then based on vendor 
> type that secondary login process would run transparently.
> 
> I am still digging (back) into the RANCID internals to see how easy this 
> would be to accomplish, so just curious if anyone is doing something like 
> this already.
> 
> Thanks!
> 
> -Aaron

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss