headers
Michael Stefaniuc | 4 May 2006 17:55
Picon
Favicon

[rancid] race condition in ssh on CatOS

Hello,

in october 2004 there was a small thread about this problem "Bug when 
using SSH on CatOS devices" 
(http://www.shrubbery.net/pipermail/rancid-discuss/2004-October/000891.html) 
but it ended with a quick hack that worked for the older Extreme's but 
dosn't for CatOS 
(http://www.shrubbery.net/pipermail/rancid-discuss/2004-November/000898.html)
The problem with CatOS ssh is that it eats _sometimes_ the echoing of 
the last packet that made the connection to terminate unlike the Extreme 
that accordingly to the above was eating only the \n\r. As clogin does a
send "exit\r"
and that fits in one packet the CatOS ssh will forget to echo that back 
before terminating the connection. So one gets _sometimes_
Switch> (enable)Connection to switch.foo.bar closed by remote host.
Connection to switch.foo.bar closed.
I get that not only with cat5rancid but also directly with ssh.

Now adapting the proposed patch/hack:
   TOP: while(<INPUT>) {
        tr/\015//d;
        if (/> \(enable\) ?exit$/) {
              $clean_run=1;
              last;
        }
        # Check and see if it was a "less clean" run.
        elsif (/> \(enable\) ?exitConnection to (\S+) closed by remote 
host\./){
              $clean_run=1;
              last;
(Continue reading)

Permalink | Reply | 2 comments |
headers
Sutherland, James | 5 May 2006 18:39

[rancid] Infinate loop on clogin

Interestingly we managed to accidentally get rancid set so that an
Efficient 5871 was set as a cisco.

What resulted was an infinite loop that causes rancid to hang forever
until the telnet to that device is killed.

I wasn't sure if this would be considered a bug, but I thought I'd send
it to this list as an example of this problem, which we've seen several
times.

Example:
Fri 8:58am {rancid <at> prometheus:[~/bin]} ./clogin 172.28.41.69
172.28.41.69
spawn telnet 172.28.41.69
Trying 172.28.41.69...
Connected to 172.28.41.69.
Escape character is '^]'.

Efficient 5871 IDSL Router (5871-001/2) v5.3.80 Ready
Login: ******
Wrong password!   Try logging in again.
Login: ******
Wrong password!   Try logging in again.
Login: ******
Wrong password!   Try logging in again.
Login: ******
Wrong password!   Try logging in again.
Login: ******
Wrong password!   Try logging in again.
Login: ******
(Continue reading)

Permalink | Reply | 2 comments |
headers
Michael Stefaniuc | 5 May 2006 18:44
Picon
Favicon

[rancid] Re: Infinate loop on clogin

Sutherland, James wrote:
> Interestingly we managed to accidentally get rancid set so that an
> Efficient 5871 was set as a cisco.
> 
> What resulted was an infinite loop that causes rancid to hang forever
> until the telnet to that device is killed.
> 
> I wasn't sure if this would be considered a bug, but I thought I'd send
> it to this list as an example of this problem, which we've seen several
> times.
Call clogin with -t to give it a timeout. rancid uses clogin -t 90 to 
prevent such loops being to disastrous.

bye
	michael

> 
> Example:
> Fri 8:58am {rancid <at> prometheus:[~/bin]} ./clogin 172.28.41.69
> 172.28.41.69
> spawn telnet 172.28.41.69
> Trying 172.28.41.69...
> Connected to 172.28.41.69.
> Escape character is '^]'.
> 
> Efficient 5871 IDSL Router (5871-001/2) v5.3.80 Ready
> Login: ******
> Wrong password!   Try logging in again.
> Login: ******
> Wrong password!   Try logging in again.
(Continue reading)

Permalink | Reply | 1 comment |
headers
john heasley | 5 May 2006 18:47

[rancid] Re: Infinate loop on clogin

Fri, May 05, 2006 at 06:44:29PM +0200, Michael Stefaniuc:
> Sutherland, James wrote:
> > Interestingly we managed to accidentally get rancid set so that an
> > Efficient 5871 was set as a cisco.
> > 
> > What resulted was an infinite loop that causes rancid to hang forever
> > until the telnet to that device is killed.
> > 
> > I wasn't sure if this would be considered a bug, but I thought I'd send
> > it to this list as an example of this problem, which we've seen several
> > times.
> Call clogin with -t to give it a timeout. rancid uses clogin -t 90 to 
> prevent such loops being to disastrous.

That will do nothing, as the timeout only takes effect when there is no
input match.  Here, there's obviously a match.

> > 
> > Example:
> > Fri 8:58am {rancid <at> prometheus:[~/bin]} ./clogin 172.28.41.69
> > 172.28.41.69
> > spawn telnet 172.28.41.69
> > Trying 172.28.41.69...
> > Connected to 172.28.41.69.
> > Escape character is '^]'.
> > 
> > Efficient 5871 IDSL Router (5871-001/2) v5.3.80 Ready
> > Login: ******
> > Wrong password!   Try logging in again.
> > Login: ******
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sutherland, James | 5 May 2006 18:56

[rancid] Re: Infinate loop on clogin

That didn't seem to work for me notice the time stamps:

Fri 9:48am {rancid <at> prometheus:[~]} ./bin/clogin -t 90 172.28.41.69 >
/tmp/clogin.test
^C
Fri 9:54am {rancid <at> prometheus:[~]} 

Just for fun:
Fri 9:55am {rancid <at> prometheus:[~]} grep -c Login /tmp/clogin.test 
1714

-----Original Message-----
From: Michael Stefaniuc [mailto:mstefani <at> redhat.com] 
Sent: Friday, May 05, 2006 9:44 AM
To: Sutherland, James
Cc: rancid-discuss <at> shrubbery.net
Subject: Re: [rancid] Infinate loop on clogin

Sutherland, James wrote:
> Interestingly we managed to accidentally get rancid set so that an 
> Efficient 5871 was set as a cisco.
> 
> What resulted was an infinite loop that causes rancid to hang forever 
> until the telnet to that device is killed.
> 
> I wasn't sure if this would be considered a bug, but I thought I'd 
> send it to this list as an example of this problem, which we've seen 
> several times.
Call clogin with -t to give it a timeout. rancid uses clogin -t 90 to
prevent such loops being to disastrous.
(Continue reading)

Permalink | Reply | 0 comments |
headers
john heasley | 6 May 2006 00:58

[rancid] Re: race condition in ssh on CatOS

Thu, May 04, 2006 at 05:55:47PM +0200, Michael Stefaniuc:
> Switch> (enable) exitConnection to switch.foo.bar closed by remote host.
> wont happen in the middle of a cat5run run ever. But is is very likely 
> to get
> Switch> (enable)Connection to switch.foo.bar closed by remote host.
> between 2 commands. One cannot safely set $clean_run=1 in that case.
> The method i used was to split up 'send "exit\r"' in clogin into
> send "exit"
> sleep 0.1
> send "\r"
> Alternatively using send -h "exit\r" and using the "hangover" human 
> speed setting (see man expect) works too. This way i reduce the problem 
> to detecting "Switch> (enable) exitConnection ...".
> 
> Is there a better way to achieve a reliable backup of CatOS devices with 
> rancid using ssh besides having to patch clogin and cat5rancid? Not that 
> patching would be a problem but having the right fix upstream makes 
> future maintanance easier.

Normally I'd say use your support contract to harrass cisco to fix their
broken stuff before we make hacks permanent (unless its an Extreme), but I
think this has been fixed.  Of 43 chassis I collect, only one is failing
(I have not looked into why).  So, I suggest you try more recent code, try
ipservicesk9-mz.122-18.SXF vintage.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
(Continue reading)

Permalink | Reply | 1 comment |
headers
Michael Stefaniuc | 6 May 2006 10:54
Picon
Favicon

[rancid] Re: race condition in ssh on CatOS

john heasley wrote:
> Thu, May 04, 2006 at 05:55:47PM +0200, Michael Stefaniuc:
> 
>>Switch> (enable) exitConnection to switch.foo.bar closed by remote host.
>>wont happen in the middle of a cat5run run ever. But is is very likely 
>>to get
>>Switch> (enable)Connection to switch.foo.bar closed by remote host.
>>between 2 commands. One cannot safely set $clean_run=1 in that case.
>>The method i used was to split up 'send "exit\r"' in clogin into
>>send "exit"
>>sleep 0.1
>>send "\r"
>>Alternatively using send -h "exit\r" and using the "hangover" human 
>>speed setting (see man expect) works too. This way i reduce the problem 
>>to detecting "Switch> (enable) exitConnection ...".
>>
>>Is there a better way to achieve a reliable backup of CatOS devices with 
>>rancid using ssh besides having to patch clogin and cat5rancid? Not that 
>>patching would be a problem but having the right fix upstream makes 
>>future maintanance easier.
> 
> 
> Normally I'd say use your support contract to harrass cisco to fix their
> broken stuff before we make hacks permanent (unless its an Extreme), but I
> think this has been fixed.  Of 43 chassis I collect, only one is failing
> (I have not looked into why).  So, I suggest you try more recent code, try
> ipservicesk9-mz.122-18.SXF vintage.
I was talking about CatOS. We do not have any problems with backing up
IOS devices. Sadly there is no IOS available for the good old Cat2948.
I'll have to check the release notes for the newer CatOS versions if
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kanagaraj Krishna | 8 May 2006 09:21
Picon

[rancid] Re: Rancid attic devices

Hi,
     I have a question regarding the reuse of previous added device on
rancid. This is the situation. Previously I've added a device with IP
xxx.xxx.xxx.xxx and realised that once it was deleted from router.db,  it
was placed under attic. Currently I'm planning to use the same IP
xxx.xxx.xxx.xxx for another device but at the same time maintain the older
device configs as well. What is best way to do this?  Thanks

Regards,
Kanagaraj Krishna

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Permalink | Reply | 1 comment |
headers
john heasley | 8 May 2006 09:36

[rancid] Re: Rancid attic devices

Mon, May 08, 2006 at 03:21:56PM +0800, Kanagaraj Krishna:
> Hi,
>      I have a question regarding the reuse of previous added device on
> rancid. This is the situation. Previously I've added a device with IP
> xxx.xxx.xxx.xxx and realised that once it was deleted from router.db,  it
> was placed under attic. Currently I'm planning to use the same IP
> xxx.xxx.xxx.xxx for another device but at the same time maintain the older
> device configs as well. What is best way to do this?  Thanks
> 
> Regards,
> Kanagaraj Krishna
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss <at> shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This is really a CVS question.

IIRC, when a file is added that was previous "cvs delete"'ed, the files is
essentially resurrected.  Meaning that you start off from whence you had
ended, thus maintaining all the history.  I think that applies to subversion
as well.

If you wanted to maintain them separately, you can goof with the repository
-- which I do not encourage -- by renaming the repository file from
Attic/foo,v to Attic/foo_old,v or something similar.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
(Continue reading)

Permalink | Reply | 0 comments |
headers
Anton.Schweitzer | 8 May 2006 10:13

[rancid] No Software: tag in config for 6500/7600 Switches


Hi,

i did a script for greping all the sofware releases, so i discovered there is no software tag for Cisco 65XX and 76XX.

Can anyone tell why there is no "Image:Software:"  tag ?


Cheers


Anton



Anton Schweitzer
CNO IP Backoffice
o2 (Germany) GmbH & Co.OHG
Georg Brauchle-Ring 23-25, D-80992 München
Tel      +49(0)89-2442-5794
Mobil +49(0)176-23407715
Fax      +49(0)89-2442-5632
anton.schweitzer <at> o2.com
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Permalink | Reply | 1 comment |

Gmane