headers
Johan Bergström | 1 Jun 2005 14:08

Problem with catalyst 5500

Hello.

I'm having problems getting all info needed from a bunch of catalyst
5500 switches. In my logs I see,

Trying to get all of the configs.
bf-5505-02: missed cmd(s): write term
ad-5505-01: missed cmd(s): write term
ab-5505-01: missed cmd(s): write term

and so on for each switch.

When I'm trying to run the cat5rancid command manually it gives me the
same errormessage, but if I do:

clogin -c "write term all; write term" bf-5505-01

(as the cat5rancid -d output showed me) it outputs everything as it
should. So there is no problem with promptcapture or communication, or
authentication.

Is there a timeout on each command or something? Because write term all
takes like 5-6 seconds on these old 5500's.

I'm running on old CatOS software, 5.5.19, if that has anything to do
with it, and upgrading is not an option at this time unfortunately,
since we're going to exchange the 5500's for 4500's later this year, or
early 2006.

I've tried everything I can think of for now. So appriciate ideas, or
(Continue reading)

Permalink | Reply | 5 comments |
headers
john heasley | 1 Jun 2005 21:58

Re: Problem with catalyst 5500

Wed, Jun 01, 2005 at 02:08:53PM +0200, Johan Bergstr?m:
> Hello.
> 
> I'm having problems getting all info needed from a bunch of catalyst
> 5500 switches. In my logs I see,
> 
> Trying to get all of the configs.
> bf-5505-02: missed cmd(s): write term
> ad-5505-01: missed cmd(s): write term
> ab-5505-01: missed cmd(s): write term
> 
> and so on for each switch.
> 
> When I'm trying to run the cat5rancid command manually it gives me the
> same errormessage, but if I do:
> 
> clogin -c "write term all; write term" bf-5505-01
> 
> (as the cat5rancid -d output showed me) it outputs everything as it
> should. So there is no problem with promptcapture or communication, or
> authentication.

there must be something in the configuration that cat5rancid is erroneously
considering a prompt.  run
	% setenv NOPIPE YES
	% cat5rancid -d bf-5505-01

and compare the files bf-5505-01.raw and bf-5505-01.new to see where in the
output cat5rancid stopped processing.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ed Ravin | 3 Jun 2005 07:34
Picon
Favicon

adding new devices and other features to rancid

On Mon, May 16, 2005 at 07:02:29PM -0400, Ed Ravin wrote:
> I just stumbled over a Perl/Expect.pm script that fetches the config
> file from an HP2424m/4000m/8000m - with a little bit of work it could
> be brought into rancid.

I've made lots of progress with this.  I'll be ready soon to post my
changes to the list, but some of them are big enough that I thought
they merit discussion first:

* support for login scripts written in Perl instead of TCL/Expect: I don't
see any major dependencies on TCL/Expect in Rancid - except for parsing
cloginrc and the "-s scriptfile" option to run your own code.  Writing
parsing code in Perl isn't a problem, but external scripts are a bit
of a dilemma.  External scripts don't seem to be needed by the core
functionality of Rancid (fetching and archiving the config), so I don't
think it breaks anything if the login script for a new device doesn't
support it.  I suppose it's possible for a Perl login script to call
a TCL/Expect program that then calls the .exp script.  Or have the Perl
login script source external Perl scripts: since the Perl/Expect.pm
combination uses similar syntax for the all-important "expect"
command, all of the same functionality is available.

The important thing is that the existing TCL/Expect login scripts will
exist side by side with the Perl login scripts, as described below.

* add an external configuration file to rancid-fe: it is cumbersome to
patch the if/else statement in rancid-fe when it could all be moved
into a table somewhere like "/etc/rancidexec.conf".  This would allow
end users to easily add device types or to use a different xxlogin or
xxrancid script for an existing device.  I haven't though much about
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ed Ravin | 4 Jun 2005 08:14
Picon
Favicon

things deleted from the stored Cisco config

In the "rancid" script, we have:

 /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ &&
       ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n")

Which deletes the "seq NN" portion of an ip prefix list.  So a prefix
list that looks like this:

  ip prefix-list my-nets seq 20 permit blah

is changed to:

  ip prefix-list my-nets permit blah

What's the reasoning behind this?

Also, at the top of the "show running-config" output from most of my
Ciscos, are these two handy lines:

! Last configuration change at 14:33:32 edt Wed Jun 1 2005 by eravin
! NVRAM config last updated at 14:35:18 edt Wed Jun 1 2005 by eravin

Why does rancid also delete these?  We depend on those lines to tell
who last modified the config and when they did it.
Permalink | Reply | 1 comment |
headers
Jon Lewis | 4 Jun 2005 14:46

rancid email Precedence

A coworker recently moved our internal mailing lists from majordomo to
ezmlm, and we stopped seeing our rancid email.  It turns out, this is
because ezmlm-weed /dev/null's messages with Precedence: (junk|bulk) in
the header.  Rancid puts Precedence: bulk in all its emails.  Is there a
reason it does that?

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Permalink | Reply | 5 comments |
headers
Andrew Partan | 4 Jun 2005 18:10

Re: things deleted from the stored Cisco config

On Sat, Jun 04, 2005 at 02:14:39AM -0400, Ed Ravin wrote:
> Which deletes the "seq NN" portion of an ip prefix list.  So a prefix
> list that looks like this:
>   ip prefix-list my-nets seq 20 permit blah
> is changed to:
>   ip prefix-list my-nets permit blah
> What's the reasoning behind this?

That way one can add something to the middle of an ip prefix list,
let the cisco automatically renumber the list, and not have a huge
diff output - you will only see the line that was added.

> Also, at the top of the "show running-config" output from most of my
> Ciscos, are these two handy lines:
> 
> ! Last configuration change at 14:33:32 edt Wed Jun 1 2005 by eravin
> ! NVRAM config last updated at 14:35:18 edt Wed Jun 1 2005 by eravin
> 
> Why does rancid also delete these?  We depend on those lines to tell
> who last modified the config and when they did it.

Too many erroneous diffs.  If you reboot a cisco, this output will
change, but the config is the same, so rancid should not show any
diffs.  Also if you go into config, make no changes, and then exit,
these lines will change; more erroneous diffs.

Also note that if you have 3 changes to the config between rancid
runs, these lines would only tell you about the last one.  If you
really want to tell who is changing the config & what they did,
turn on the command logging stuff in radius or tacacs, or watch
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Partan | 4 Jun 2005 18:16

Re: rancid email Precedence

On Sat, Jun 04, 2005 at 08:46:02AM -0400, Jon Lewis wrote:
> A coworker recently moved our internal mailing lists from majordomo to
> ezmlm, and we stopped seeing our rancid email.  It turns out, this is
> because ezmlm-weed /dev/null's messages with Precedence: (junk|bulk) in
> the header.  Rancid puts Precedence: bulk in all its emails.  Is there a
> reason it does that?

Rancid mail is not mail generated by a human, thus the Precedence
should be lower.  I would change ezmlm's config or modify your copy
of rancid.
	--asp <at> partan.com (Andrew Partan)
Permalink | Reply | 4 comments |
headers
Ed Ravin | 6 Jun 2005 17:51
Picon
Favicon

rancid - "show running-config" and "write term"

Both "show running-config" and "write term" are in Rancid's command
list for things to execute on Ciscos.  How old does your IOS have to
be for "show running-config" not to be supported?

I'm asking because on a 7200 with a complex ATM config, "show running-config"
can take 30 seconds or more to complete.  It seems like a waste of the
poor little router's CPU to do that twice, and then throw away the results
of the second config dump.

Any thoughts on how we could tell Rancid not to use both commands?  I can
think of two possibilities:

* add an option to cloginrc for hosts that need "write term", since I
suspect that they are few and far between these days.  clogin would
otherwise ignore "write term" in the command list.

* teach clogin how to parse the output of "show running-config" to detect
that it produced enough output to be considered successful.  Then ignore
"write term" and provide fake output for it back to Rancid since Rancid
will just ignore it anyway.
Permalink | Reply | 0 comments |
headers
Ed Ravin | 6 Jun 2005 23:59
Picon
Favicon

patches to rancid to allow rsh with Cisco gear

Attached are some patches and additions to Rancid to allow management
of a Cisco router via rsh (i.e. one-shot "rsh" commands, not interactive
rlogin).  The nice thing about using "rsh" is that you don't need to
supply a password.

For starters, install something like this in your router config:

 ip rcmd remote-host rancid <trusted-IP-address> rancid enable

If necessary, replace "rancid" with the username that Rancid runs
as on your system.

Then, replace your rancid-fe with the one attached.  This version of
rancid-fe includes the ability to configure a clogin command that will
be passed in via the RANCID_CLOGIN environment variable.  A bonus is
that you can add your own device types or update existing device types
by creating a file in /etc or wherever and then defining it in
/etc/rancid.conf with the RANCID_EXECCONF variable.  A sample
"rancidexec.conf" is attached.

Then, apply the attached patch to "rancid".  This tells rancid to use
the value of RANCID_CLOGIN if available instead of calling 'clogin".

Finally, install the attached "rsh.clogin" in rancid's PATH.  This is
a clogin-like program (though it only supports the -t and -c options
so far) that talks to the router via rsh, by breaking up the command list
into individual calls to the "rsh" command.

If these changes are acceptable to the Rancid maintainers, I will write
up full documentation and extend rsh.clogin to support the rest of the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Johan Bergström | 7 Jun 2005 08:52

Re: Problem with catalyst 5500

Problem solved by upgrading rancid to 2.3.2a.

Johan

On Wed, 2005-06-01 at 12:58 -0700, john heasley wrote:
> Wed, Jun 01, 2005 at 02:08:53PM +0200, Johan Bergstr?m:
> > Hello.
> > 
> > I'm having problems getting all info needed from a bunch of catalyst
> > 5500 switches. In my logs I see,
> > 
> > Trying to get all of the configs.
> > bf-5505-02: missed cmd(s): write term
> > ad-5505-01: missed cmd(s): write term
> > ab-5505-01: missed cmd(s): write term
> > 
> > and so on for each switch.
> > 
> > When I'm trying to run the cat5rancid command manually it gives me the
> > same errormessage, but if I do:
> > 
> > clogin -c "write term all; write term" bf-5505-01
> > 
> > (as the cat5rancid -d output showed me) it outputs everything as it
> > should. So there is no problem with promptcapture or communication, or
> > authentication.
> 
> there must be something in the configuration that cat5rancid is erroneously
> considering a prompt.  run
> 	% setenv NOPIPE YES
(Continue reading)

Permalink | Reply | 0 comments |

Gmane