Andrei Sabau | 12 Jun 16:08 2014
Picon

[rancid] Using Ravin's patch to jump through a gateway device to probe device not working in 3.1?

Hello.

I've installed Rancid 3.1, added Ed Ravin's modification to clogin but apparently it does not work.

The error shows something like this:

  1. Trying to get all of the configs.
  2. send: spawn id exp4 not open
  3.     while executing
  4. "send "\r""
  5.     ("foreach" body line 162)
  6.     invoked from within
  7. "foreach router [lrange $argv $i end] {
  8.     set router [string tolower $router]
  9.     # attempt at platform switching.
  10.     set platform ""
  11.     send_user ..."
  12.     (file "/home/rancid/bin/clogin" line 773)

I have used the correct syntax in cloginrc.

Any ideas? Is there another way to achieve the method?
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Manfred Mayer IT | 10 Jun 11:49 2014
Picon

Re: [rancid] clogin: not found

Hello John,

thanks for your help. After adding /usr/local/rancid/bin to the PATH, that error is gone and I went on to
executing bin/rancid-run. Now I see these errors in the rancid-run logfile:

Trying to get all of the configs.
swledv05: missed cmd(s): write term
swledv05: End of run not found
;
swledv02: missed cmd(s): show tech transceivers
swledv04: missed cmd(s): show tech transceivers,show module,show config status,show
system-information,show systems
swledv11: missed cmd(s): show config files
couldn't compile regular expression pattern: parentheses () not balanced
    while executing
"expect {
        -re $reprompt   {}
        -re "\[\n\r]+"  { exp_continue }
    }"
    (procedure "run_commands" line 9)
    invoked from within
"run_commands $prompt $command"
    ("foreach" body line 161)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find t..."
    (file "/usr/local/rancid/bin/hlogin" line 615)

I use the same entries in my router.db as on my old machine, but on the old system I don't get any errors in my
logfile. For the "parentheses" error I found this thread
(http://www.shrubbery.net/pipermail/rancid-discuss/2010-June/004987.html), but my hlogin
already contains the mentioned line.

Regards
Mana

-----Ursprüngliche Nachricht-----
Von: John Heasley [mailto:heas <at> shrubbery.net]
Gesendet: Freitag, 6. Juni 2014 16:26
An: Manfred Mayer IT
Betreff: Re: [rancid] clogin: not found

> Am Jun 6, 2014 um 6:40 AM schrieb Manfred Mayer IT <manfred.mayer.it <at> rapunzel.de>:
>
> Hi all,
>
> I try to migrate my existing rancid-2.3.8 installation to a new host with Ubuntu 12.04. I downloaded
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz and installed it to /usr/local/rancid. I
copied the .cloginrc and rancid.conf to the new host and wanted to test with a new router.db first,
containing only 6 HP Procurve switches (switchname:hp:up). I can login successfully to each switch with
"bin/clogin switchname" and I also tried "bin/hlogin -f .cloginrc -c "show version" switchname" which
gives me a "no page" output first, but then the version and a completed logout.
>
> But executing "bin/rancid switchname" results in the following:
> sh: 1: clogin: not found
> switchname: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all
sec-slot2:,show diag,dir:
> switchname: End of run not found
> !

The rancid bin dir is not hardcoded in *login, it uses and inherits your PATH, or rancid.conf's in the case of rancid-run.
>
> I found this existing thread
http://www.shrubbery.net/pipermail/rancid-discuss/2008-November/003404.html but however I
don't know what to do exactly to solve the problem.
>
> Any suggestions would be appreciated
>
> Regards
> Mana
>
> Rapunzel Naturkost GmbH, Rapunzelstra?e 1, D-87764 Legau
> Registergericht Memmingen HRB 14736  | Sitz der Gesellschaft: Legau
> Ust Id Nr. DE 129088402
> Gesch?ftsf?hrer: Joseph Wilhelm | Margit Epple | Andreas Wenning
> Telefon: +49 (0)8330 / 529 - 0
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss <at> shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Email secured by [Rapunzel IT]

Rapunzel Naturkost GmbH, Rapunzelstraße 1, D-87764 Legau
Registergericht Memmingen HRB 14736  | Sitz der Gesellschaft: Legau
Ust Id Nr. DE 129088402
Geschäftsführer: Joseph Wilhelm | Margit Epple | Andreas Wenning
Telefon: +49 (0)8330 / 529 - 0
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Nicolas DEFFAYET | 7 Jun 14:47 2014

[rancid] Quagga vtysh patchs

Hello,

Please find the complete files attached that I use successfully with
Rancid 2.3.8 to get config from Quagga vtysh. I have done a big rewrite
for have clean stuff and I use a new qlogin instead of original clogin
because the original clogin don't work correctly since Rancid 2.3.5 due
to various change.

# vi /usr/lib/rancid/bin/rancid-fe
---
-    'zebra' => 'zrancid'
+    'zebra' => 'zrancid',
+    'quagga' => 'qrancid'
---

Put qlogin qrancid
# chown root:root qlogin qrancid
# chmod 755 qlogin qrancid
# mv qlogin qrancid /usr/lib/rancid/bin/

In router.db file
---
test.example.com:quagga:up
---

-- 
Nicolas DEFFAYET
#! /usr/bin/expect --
##
## $Id: qlogin.in 1 2012-06-01 17:05:00Z n $
##
## rancid 2.3.8
## Copyright (c) 1997-2011 by Terrapin Communications, Inc.
## All rights reserved.
##
## This code is derived from software contributed to and maintained by
## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
##    must display the following acknowledgement:
##        This product includes software developed by Terrapin Communications,
##        Inc. and its contributors for RANCID.
## 4. Neither the name of Terrapin Communications, Inc. nor the names of its
##    contributors may be used to endorse or promote products derived from
##    this software without specific prior written permission.
## 5. It is requested that non-binding fixes and modifications be contributed
##    back to Terrapin Communications, Inc.
##
## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
# 
#  The expect login scripts were based on Erik Sherk's gwtn, by permission.
# 
# qlogin - quagga s/w login
# Based on csblogin
#
# The default username password is the same as the vty password.
#

# Usage line
set usage "Usage: $argv0 \[-dV\] \[-c command\] \[-Evar=x\] \
\[-f cloginrc-file\] \[-p user-password\] \[-r passphrase\] \[-s script-file\] \
\[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \
router \[router...\]\n"

# env(CLOGIN) may contain:
#	x == do not set xterm banner or name

# Password file
set password_file $env(HOME)/.cloginrc
# Default is to login to the router
set do_command 0
set do_script 0
# The default is to look in the password file to find the passwords.  This
# tracks if we receive them on the command line.
set do_passwd 1
# Sometimes routers take awhile to answer (the default is 10 sec)
set timeoutdflt 120
#
# new option to provide "login" command capabilities
set loginonly 0

# Find the user in the ENV, or use the unix userid.
if {[info exists env(CISCO_USER)]} {
    set default_user $env(CISCO_USER)
} elseif {[info exists env(USER)]} {
    set default_user $env(USER)
} elseif {[info exists env(LOGNAME)]} {
    set default_user $env(LOGNAME)
} else {
    # This uses "id" which I think is portable.  At least it has existed
    # (without options) on all machines/OSes I've been on recently -
    # unlike whoami or id -nu.
    if [catch {exec id} reason] {
	send_error "\nError: could not exec id: $reason\n"
	exit 1
    }
    regexp {\(([^)]*)} "$reason" junk default_user
}
if {[info exists env(CLOGINRC)]} {
    set password_file $env(CLOGINRC)
}

# Process the command line
for {set i 0} {$i < $argc} {incr i} {
    set arg [lindex $argv $i]

    switch  -glob -- $arg {
	# Command to run.
	-c* -
	-C* {
	    if {! [regexp .\[cC\](.+) $arg ignore command]} {
		incr i
		set command [lindex $argv $i]
	    }
	    set do_command 1
	# Expect debug mode
	} -d* {
	    exp_internal 1
	# Environment variable to pass to -s scripts
	} -E*
	{
	    if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
		set E$varname $varvalue
	    } else {
		send_user "\nError: invalid format for -E in $arg\n"
		exit 1
	    }
	# alternate cloginrc file
	} -f* -
	-F* {
	    if {! [regexp .\[fF\](.+) $arg ignore password_file]} {
		incr i
		set password_file [lindex $argv $i]
	    }
	# user Password
	} -p* {
	    if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} {
		incr i
		set userpasswd [lindex $argv $i]
	    }
	    set do_passwd 0
	# ssh passphrase
	} -r* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set vapassphrase [lindex $argv $i]
	    }
	# Version string
	} -V* {
	    send_user "rancid 2.3.8\n"
	    exit 0
	# Passphrase
	} -r* -
	-R* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set avpassphrase [lindex $argv $i]
	    }
	# Expect script to run.
	} -s* {
	    if {! [regexp .\[sS\](.+) $arg ignore sfile]} {
		incr i
		set sfile [lindex $argv $i]
	    }
	    if { ! [file readable $sfile] } {
		send_user "\nError: Can't read $sfile\n"
		exit 1
	    }
	    set do_script 1
	# Timeout
	} -t* {
	    if {! [regexp .\[tT\](.+) $arg ignore timeout]} {
		incr i
	        set timeoutdflt [lindex $argv $i]
	    }
	# Username
	} -u* -
	-U* {
	    if {! [regexp .\[uU\](.+) $arg ignore user]} {
		incr i
		set username [lindex $argv $i]
 	    }
	# Command file
	} -x* {
	    if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} {
		incr i
		set cmd_file [lindex $argv $i]
	    }
	    if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
		send_user "\nError: $reason\n"
		exit 1
	    }
	    set cmd_text [read $cmd_fd]
	    close $cmd_fd
	    set command [join [split $cmd_text \n] \;]
	    set do_command 1
	# 'ssh -c' cypher type
	} -y* -
	-Y* {
	    if {! [regexp .\[yY\](.+) $arg ignore cypher]} {
		incr i
		set cypher [lindex $argv $i]
	    }
	} -* {
	    send_user "\nError: Unknown argument! $arg\n"
	    send_user $usage
	    exit 1
	} default {
	    break
	}
    }
}
# Process routers...no routers listed is an error.
if { $i == $argc } {
    send_user "\nError: $usage"
}

# Only be quiet if we are running a script (it can log its output
# on its own)
if { $do_script } {
    log_user 0
} else {
    log_user 1
}

#
# Done configuration/variable setting.  Now run with it...
#

# Sets Xterm title if interactive...if its an xterm and the user cares
proc label { host } {
    global env
    # if CLOGIN has an 'x' in it, don't set the xterm name/banner
    if [info exists env(CLOGIN)] {
	if {[string first "x" $env(CLOGIN)] != -1} { return }
    }
    # take host from ENV(TERM)
    if [info exists env(TERM)] {
	if [regexp \^(xterm|vs) $env(TERM) ignore] {
	    send_user "\033]1;[lindex [split $host "."] 0]\a"
	    send_user "\033]2;$host\a"
	}
    }
}

# This is a helper function to make the password file easier to
# maintain.  Using this the password file has the form:
# add password sl*	pete cow
# add password at*	steve
# add password *	hanky-pie
proc add {var args} { global int_$var ; lappend int_$var $args}
proc include {args} {
    global env
    regsub -all "(^{|}$)" $args {} args
    if { [regexp "^/" $args ignore ] == 0 } {
	set args $env(HOME)/$args
    }
    source_password_file $args
}

proc find {var router} {
    upvar int_$var list
    if { [info exists list] } {
	foreach line $list {
	    if { [string match [lindex $line 0] $router] } {
		return [lrange $line 1 end]
	    }
	}
    }
    return {}
}

# Loads the password file.  Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info...  I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
    global env
    if { ! [file exists $password_file] } {
	send_user "\nError: password file ($password_file) does not exist\n"
	exit 1
    }
    file stat $password_file fileinfo
    if { [expr ($fileinfo(mode) & 007)] != 0000 } {
	send_user "\nError: $password_file must not be world readable/writable\n"
	exit 1
    }
    if [catch {source $password_file} reason ] {
	send_user "\nError: $reason\n"
	exit 1
    }
}

# Log into the router.
# returns: 0 on success, 1 on failure, -1 if rsh was used successfully
proc login { router user passwd cmethod cyphertype identfile } {
    global spawn_id in_proc do_command do_script passphrase
    global prompt sshcmd
    set in_proc 1

    # try each of the connection methods in $cmethod until one is successful
    set progs [llength $cmethod]
    foreach prog [lrange $cmethod 0 end] {
	incr progs -1
	if [string match "telnet*" $prog] {
	    regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
	    if {"$port" == ""} {
		set retval [catch {spawn telnet $router} reason]
	    } else {
		set retval [catch {spawn telnet $router $port} reason]
	    }
	    if { $retval } {
		send_user "\nError: telnet failed: $reason\n"
		return 1
	    }
	} elseif ![string compare $prog "ssh"] {
	    # ssh to the router & try to login with or without an identfile.
	    # We use two calls to spawn since spawn does not seem to parse
	    # spaces correctly.
	    if {$identfile != ""} {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    } else {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    }
	} elseif ![string compare $prog "rsh"] {
	    send_error "\nError: unsupported method: rsh\n"
	    if { $progs == 0 } {
		return 1
	    }
	    continue
	} else {
	    send_user "\nError: unknown connection method: $prog\n"
	    return 1
	}
	sleep 0.3

	# This helps cleanup each expect clause.
	expect_after {
	    timeout {
		send_user "\nError: TIMEOUT reached\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    } eof {
		send_user "\nError: EOF received\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    }
	}

    # Here we get a little tricky.  There are several possibilities:
    # the router can ask for a username and passwd and then
    # talk to the TACACS server to authenticate you, or if the
    # TACACS server is not working, then it will use the enable
    # passwd.  Or, the router might not have TACACS turned on,
    # then it will just send the passwd.
    # if telnet fails with connection refused, try ssh
    expect {
	-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection Refused ($prog): $router\n"
		return 1
	    }
	}
	-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection closed ($prog): $router\n"
		return 1
	    }
	}
	eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 }
	-nocase "unknown host\r" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"Host is unreachable" {
	    send_user "\nError: Host Unreachable: $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"No address associated with name" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	-re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" {
	    send "yes\r"
	    send_user "\nHost $router added to the list of known hosts.\n"
	    exp_continue
	}
	-re "HOST IDENTIFICATION HAS CHANGED.* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
	-re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" {
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    return 1
	}
	-re "Offending key for .* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: host key mismatch for $router.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
        -re "(denied|Sorry)"    {
                                  send_user "\nError: Check your passwd for $router\n"
                                  catch {close}; catch {wait}; return 1
                                }
        -re "(Password|Password for .+):"      {
                                  # ssh pwd prompt
                                  sleep 1
                                  send -- "$passwd\r"
                                  exp_continue
                                }
        -re "Enter passphrase.*: " {
                                  # sleep briefly to allow time for stty -echo
                                  sleep .3
                                  send -- "$passphrase\r"
                                  exp_continue
                                }
        -re "$prompt"           {
                                  set prompt_match $expect_out(0,string);
                                  break;
                                }
     }
    }

    set in_proc 0
    return 0
}

# Run commands given on the command line.
proc run_commands { prompt command } {
    global in_proc
    set in_proc 1

    set reprompt $prompt

    set commands [split $command \;]
    set num_commands [llength $commands]
    # the pager can not be turned off on the PIX, so we have to look
    # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,
    # with a global switch in the config.
    for {set i 0} {$i < $num_commands} { incr i} {
        send -- "[subst -nocommands [lindex $commands $i]]\r"
        expect {
                -re "^\[^\n\r *]*$prompt *$"    {}
                -re "^\[^\n\r]*$prompt."        { exp_continue }
                -re "(\r\n|\n)"                 { exp_continue }
        }
    }

    send "exit\r"
    expect {
        -re "\[\n\r]+"                          { exp_continue }
        timeout                                 { catch {close}; catch {wait};
                                                  return 0
                                                }
        eof                                     { return 0 }
    }
    set in_proc 0
}

#
# For each router... (this is main loop)
#
source_password_file $password_file
set in_proc 0
set exitval 0
foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find timeout $router]
    if { [llength $timeout] == 0 } {
	set timeout $timeoutdflt
    }

    # Default prompt.
    set prompt "#"

    # Figure out username
    if {[info exists username]} {
      # command line username
      set loginname $username
    } else {
      set loginname [join [find user $router] ""]
      if { "$loginname" == "" } { set loginname $default_user }
    }

    # Figure out loginname's password (if different from the vty password)
    if {[info exists userpasswd]} {
      # command line passwd
      set passwd $userpasswd
    } else {
      set passwd [join [lindex [find userpassword $router] 0] ""]
      if { "$passwd" == "" } {
        set passwd [join [lindex [find password $router] 0] ""]
        if { "$passwd" == "" } {
	  send_user "\nError: no password for $router in $password_file.\n"
	  continue
        }
      }
    }

    # Figure out identity file to use
    set identfile [join [lindex [find identity $router] 0] ""]

    # Figure out passphrase to use
    if {[info exists avpassphrase]} {
	set passphrase $avpassphrase
    } else {
	set passphrase [join [lindex [find passphrase $router] 0] ""]
    }
    if { ! [string length "$passphrase"]} {
	set passphrase $passwd
    }

    # Figure out cypher type
    if {[info exists cypher]} {
        # command line cypher type
        set cyphertype $cypher
    } else {
        set cyphertype [find cyphertype $router]
        if { "$cyphertype" == "" } { set cyphertype "3des" }
    }

    # Figure out connection method
    set cmethod [find method $router]
    if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }

    # Figure out the SSH executable name
    set sshcmd [join [lindex [find sshcmd $router] 0] ""]
    if { "$sshcmd" == "" } { set sshcmd {ssh} }

    # Login to the router
    if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} {
	incr exitval
	continue
    }

    if { $do_command || $do_script } {
	send "terminal length 0\r"
	expect -re $prompt	{}
    }
    if { $do_command } {
	if {[run_commands $prompt $command]} {
	    incr exitval
	    continue
	}
    } elseif { $do_script } {
	source $sfile
	catch {close};
    } else {
	label $router
	log_user 1
	interact
    }

    # End of for each router
    catch {wait};
    sleep 0.3
}
exit $exitval
Attachment (qrancid): application/x-perl, 13 KiB
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Nicolas DEFFAYET | 7 Jun 13:17 2014

[rancid] Cisco SG-300 patchs

Hello,

Please find the complete files attached that I use successfully with
Rancid 2.3.8 to get config from Cisco SG-300. I have done a big rewrite
for have clean stuff and I use a csblogin instead of original clogin.

# vi /var/lib/rancid/bin/rancid-fe
---
     'cisco' => 'rancid',
+    'cisco-sb' => 'csbrancid',
     'cisco-nx' => 'nxrancid',
---

Put csblogin csbrancid
# chown root:root csblogin csbrancid
# chmod 755 csblogin csbrancid
# mv csblogin csbrancid /usr/lib/rancid/bin/

In router.db file
---
test.example.com:cisco-sb:up
---

In .cloginrc
---
add autoenable test.example.com {1}
add method test.example.com {ssh}
add password test.example.com {password}
add user test.example.com {user}
add userprompt test.example.com {"User Name:"}
---

It's a fork of (thanks to Christian for its works !):
http://chrpinedo.blogspot.fr/2012/03/cisco-small-business-sg300-backup-with.html

-- 
Nicolas DEFFAYET
#! /usr/bin/expect --
##
## $Id: csblogin.in 1 2012-06-01 17:05:00Z n $
##
## rancid 2.3.8
## Copyright (c) 1997-2011 by Terrapin Communications, Inc.
## All rights reserved.
##
## This code is derived from software contributed to and maintained by
## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
##    must display the following acknowledgement:
##        This product includes software developed by Terrapin Communications,
##        Inc. and its contributors for RANCID.
## 4. Neither the name of Terrapin Communications, Inc. nor the names of its
##    contributors may be used to endorse or promote products derived from
##    this software without specific prior written permission.
## 5. It is requested that non-binding fixes and modifications be contributed
##    back to Terrapin Communications, Inc.
##
## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
# 
#  The expect login scripts were based on Erik Sherk's gwtn, by permission.
# 
# csblogin - Cisco Small Business switch login
#
# Most options are intuitive for logging into a Cisco Small Business switch.
# The default username password is the same as the vty password.
#

# Usage line
set usage "Usage: $argv0 \[-dV\] \[-c command\] \[-Evar=x\] \
\[-f cloginrc-file\] \[-p user-password\] \[-r passphrase\] \[-s script-file\] \
\[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \
router \[router...\]\n"

# env(CLOGIN) may contain:
#	x == do not set xterm banner or name

# Password file
set password_file $env(HOME)/.cloginrc
# Default is to login to the router
set do_command 0
set do_script 0
# The default is to look in the password file to find the passwords.  This
# tracks if we receive them on the command line.
set do_passwd 1
# Sometimes routers take awhile to answer (the default is 10 sec)
set timeoutdflt 120
#
# new option to provide "login" command capabilities
set loginonly 0

# Find the user in the ENV, or use the unix userid.
if {[info exists env(CISCO_USER)]} {
    set default_user $env(CISCO_USER)
} elseif {[info exists env(USER)]} {
    set default_user $env(USER)
} elseif {[info exists env(LOGNAME)]} {
    set default_user $env(LOGNAME)
} else {
    # This uses "id" which I think is portable.  At least it has existed
    # (without options) on all machines/OSes I've been on recently -
    # unlike whoami or id -nu.
    if [catch {exec id} reason] {
	send_error "\nError: could not exec id: $reason\n"
	exit 1
    }
    regexp {\(([^)]*)} "$reason" junk default_user
}
if {[info exists env(CLOGINRC)]} {
    set password_file $env(CLOGINRC)
}

# Process the command line
for {set i 0} {$i < $argc} {incr i} {
    set arg [lindex $argv $i]

    switch  -glob -- $arg {
	# Command to run.
	-c* -
	-C* {
	    if {! [regexp .\[cC\](.+) $arg ignore command]} {
		incr i
		set command [lindex $argv $i]
	    }
	    set do_command 1
	# Expect debug mode
	} -d* {
	    exp_internal 1
	# Environment variable to pass to -s scripts
	} -E*
	{
	    if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
		set E$varname $varvalue
	    } else {
		send_user "\nError: invalid format for -E in $arg\n"
		exit 1
	    }
	# alternate cloginrc file
	} -f* -
	-F* {
	    if {! [regexp .\[fF\](.+) $arg ignore password_file]} {
		incr i
		set password_file [lindex $argv $i]
	    }
	# user Password
	} -p* {
	    if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} {
		incr i
		set userpasswd [lindex $argv $i]
	    }
	    set do_passwd 0
	# ssh passphrase
	} -r* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set vapassphrase [lindex $argv $i]
	    }
	# Version string
	} -V* {
	    send_user "rancid 2.3.8\n"
	    exit 0
	# Passphrase
	} -r* -
	-R* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set avpassphrase [lindex $argv $i]
	    }
	# Expect script to run.
	} -s* {
	    if {! [regexp .\[sS\](.+) $arg ignore sfile]} {
		incr i
		set sfile [lindex $argv $i]
	    }
	    if { ! [file readable $sfile] } {
		send_user "\nError: Can't read $sfile\n"
		exit 1
	    }
	    set do_script 1
	# Timeout
	} -t* {
	    if {! [regexp .\[tT\](.+) $arg ignore timeout]} {
		incr i
	        set timeoutdflt [lindex $argv $i]
	    }
	# Username
	} -u* -
	-U* {
	    if {! [regexp .\[uU\](.+) $arg ignore user]} {
		incr i
		set username [lindex $argv $i]
 	    }
	# Command file
	} -x* {
	    if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} {
		incr i
		set cmd_file [lindex $argv $i]
	    }
	    if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
		send_user "\nError: $reason\n"
		exit 1
	    }
	    set cmd_text [read $cmd_fd]
	    close $cmd_fd
	    set command [join [split $cmd_text \n] \;]
	    set do_command 1
	# 'ssh -c' cypher type
	} -y* -
	-Y* {
	    if {! [regexp .\[yY\](.+) $arg ignore cypher]} {
		incr i
		set cypher [lindex $argv $i]
	    }
	} -* {
	    send_user "\nError: Unknown argument! $arg\n"
	    send_user $usage
	    exit 1
	} default {
	    break
	}
    }
}
# Process routers...no routers listed is an error.
if { $i == $argc } {
    send_user "\nError: $usage"
}

# Only be quiet if we are running a script (it can log its output
# on its own)
if { $do_script } {
    log_user 0
} else {
    log_user 1
}

#
# Done configuration/variable setting.  Now run with it...
#

# Sets Xterm title if interactive...if its an xterm and the user cares
proc label { host } {
    global env
    # if CLOGIN has an 'x' in it, don't set the xterm name/banner
    if [info exists env(CLOGIN)] {
	if {[string first "x" $env(CLOGIN)] != -1} { return }
    }
    # take host from ENV(TERM)
    if [info exists env(TERM)] {
	if [regexp \^(xterm|vs) $env(TERM) ignore] {
	    send_user "\033]1;[lindex [split $host "."] 0]\a"
	    send_user "\033]2;$host\a"
	}
    }
}

# This is a helper function to make the password file easier to
# maintain.  Using this the password file has the form:
# add password sl*	pete cow
# add password at*	steve
# add password *	hanky-pie
proc add {var args} { global int_$var ; lappend int_$var $args}
proc include {args} {
    global env
    regsub -all "(^{|}$)" $args {} args
    if { [regexp "^/" $args ignore ] == 0 } {
	set args $env(HOME)/$args
    }
    source_password_file $args
}

proc find {var router} {
    upvar int_$var list
    if { [info exists list] } {
	foreach line $list {
	    if { [string match [lindex $line 0] $router] } {
		return [lrange $line 1 end]
	    }
	}
    }
    return {}
}

# Loads the password file.  Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info...  I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
    global env
    if { ! [file exists $password_file] } {
	send_user "\nError: password file ($password_file) does not exist\n"
	exit 1
    }
    file stat $password_file fileinfo
    if { [expr ($fileinfo(mode) & 007)] != 0000 } {
	send_user "\nError: $password_file must not be world readable/writable\n"
	exit 1
    }
    if [catch {source $password_file} reason ] {
	send_user "\nError: $reason\n"
	exit 1
    }
}

# Log into the router.
# returns: 0 on success, 1 on failure, -1 if rsh was used successfully
proc login { router user passwd cmethod cyphertype identfile } {
    global spawn_id in_proc do_command do_script passphrase
    global prompt sshcmd
    set in_proc 1

    # try each of the connection methods in $cmethod until one is successful
    set progs [llength $cmethod]
    foreach prog [lrange $cmethod 0 end] {
	incr progs -1
	if [string match "telnet*" $prog] {
	    regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
	    if {"$port" == ""} {
		set retval [catch {spawn telnet $router} reason]
	    } else {
		set retval [catch {spawn telnet $router $port} reason]
	    }
	    if { $retval } {
		send_user "\nError: telnet failed: $reason\n"
		return 1
	    }
	} elseif ![string compare $prog "ssh"] {
	    # ssh to the router & try to login with or without an identfile.
	    # We use two calls to spawn since spawn does not seem to parse
	    # spaces correctly.
	    if {$identfile != ""} {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    } else {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    }
	} elseif ![string compare $prog "rsh"] {
	    send_error "\nError: unsupported method: rsh\n"
	    if { $progs == 0 } {
		return 1
	    }
	    continue
	} else {
	    send_user "\nError: unknown connection method: $prog\n"
	    return 1
	}
	sleep 0.3

	# This helps cleanup each expect clause.
	expect_after {
	    timeout {
		send_user "\nError: TIMEOUT reached\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    } eof {
		send_user "\nError: EOF received\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    }
	}

    # Here we get a little tricky.  There are several possibilities:
    # the router can ask for a username and passwd and then
    # talk to the TACACS server to authenticate you, or if the
    # TACACS server is not working, then it will use the enable
    # passwd.  Or, the router might not have TACACS turned on,
    # then it will just send the passwd.
    # if telnet fails with connection refused, try ssh
    expect {
	-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection Refused ($prog): $router\n"
		return 1
	    }
	}
	-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection closed ($prog): $router\n"
		return 1
	    }
	}
	eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 }
	-nocase "unknown host\r" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"Host is unreachable" {
	    send_user "\nError: Host Unreachable: $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"No address associated with name" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	-re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" {
	    send "yes\r"
	    send_user "\nHost $router added to the list of known hosts.\n"
	    exp_continue
	}
	-re "HOST IDENTIFICATION HAS CHANGED.* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
	-re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" {
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    return 1
	}
	-re "Offending key for .* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: host key mismatch for $router.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
	"Login Screen"	{
				  send "$user\t$passwd\r"
				  exp_continue
				}
	"Switch Main Menu"	{
				  # send Ctrl+Z
				  sleep 1; send "send \032"
				  exp_continue
				}
	">"			{
				  send "lcli\r"
				  exp_continue
				}
	-re "User Name:$"	{
				  send "$user\r"
				  exp_continue
				}
	-re "Password:$"	{
				  send "$passwd\r"
				  exp_continue
				}

	-re "$prompt"		{
				  break;
				}
	denied			{
				  send_user "\nError: Check your passwd for $router\n"
				  catch {close}; catch {wait}; return 1
				}
     }
    }

    set in_proc 0
    return 0
}

# Run commands given on the command line.
proc run_commands { prompt command } {
    global in_proc
    set in_proc 1

    send "terminal datadump\r"
    expect -re $prompt	{}

    set commands [split $command \;]
    set num_commands [llength $commands]

    for {set i 0} {$i < $num_commands} { incr i} {
	send -- "[lindex $commands $i]\r"
	expect {
		-re "^\[^\n\r *]*$prompt *$"	{}
		-re "^\[^\n\r]*$prompt."	{ exp_continue }
		-re "(\r\n|\n)"			{ exp_continue }
	}
    }

    send "exit\r\n"
    expect {
	"\n"					{ exp_continue }
	timeout					{ catch {close}; catch {wait};
						  return 0
						}
	eof					{ return 0 }
    }
    set in_proc 0
}

#
# For each router... (this is main loop)
#
source_password_file $password_file
set in_proc 0
set exitval 0
foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find timeout $router]
    if { [llength $timeout] == 0 } {
	set timeout $timeoutdflt
    }

    # Default prompt.
    set prompt "#"

    # Figure out username
    if {[info exists username]} {
      # command line username
      set loginname $username
    } else {
      set loginname [join [find user $router] ""]
      if { "$loginname" == "" } { set loginname $default_user }
    }

    # Figure out loginname's password (if different from the vty password)
    if {[info exists userpasswd]} {
      # command line passwd
      set passwd $userpasswd
    } else {
      set passwd [join [lindex [find userpassword $router] 0] ""]
      if { "$passwd" == "" } {
        set passwd [join [lindex [find password $router] 0] ""]
        if { "$passwd" == "" } {
	  send_user "\nError: no password for $router in $password_file.\n"
	  continue
        }
      }
    }

    # Figure out identity file to use
    set identfile [join [lindex [find identity $router] 0] ""]

    # Figure out passphrase to use
    if {[info exists avpassphrase]} {
	set passphrase $avpassphrase
    } else {
	set passphrase [join [lindex [find passphrase $router] 0] ""]
    }
    if { ! [string length "$passphrase"]} {
	set passphrase $passwd
    }

    # Figure out cypher type
    if {[info exists cypher]} {
        # command line cypher type
        set cyphertype $cypher
    } else {
        set cyphertype [find cyphertype $router]
        if { "$cyphertype" == "" } { set cyphertype "3des" }
    }

    # Figure out connection method
    set cmethod [find method $router]
    if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }

    # Figure out the SSH executable name
    set sshcmd [join [lindex [find sshcmd $router] 0] ""]
    if { "$sshcmd" == "" } { set sshcmd {ssh} }

    # Login to the router
    if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} {
	incr exitval
	continue
    }

    if { $do_command } {
	if {[run_commands $prompt $command]} {
	    incr exitval
	    continue
	}
    } elseif { $do_script } {
	send "terminal datadump\r"
	expect -re $prompt	{}
	source $sfile
	catch {close};
    } else {
	label $router
	log_user 1
	interact
    }

    # End of for each router
    catch {wait};
    sleep 0.3
}
exit $exitval
Attachment (csbrancid): application/x-perl, 12 KiB
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Alan McKinnon | 7 Jun 01:30 2014
Picon

[rancid] [PATCH]

I may have posted this one already. If so, apologies for the dupe.

ACL sorting fails for ipv6 addresses as ipaddrval() always returns false
for these so sorting never happens. Rancid output is then always
whatever order the router presented leading to chatter and noisy diffs.

The simplest solution is to sort ipv6 addresses ASCIIbetically so they
always sort predictably. The only oddity is :: comes after digits 0-9
and before A-F. Aside from that, the order is as expected by hex numbers.

This is much easier than writing an ipv6 sort routine from scratch as
rancid uses no perl user modules.

--- rancid.old  2014-05-16 01:07:20.000000000 +0200
+++ rancid      2014-06-04 01:47:20.000000000 +0200
 <at>  <at>  -168,7 +186,8  <at>  <at> 
     $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0]));
 }
 sub sortbyipaddr {
-    &ipaddrval($a) <=> &ipaddrval($b);
+    &ipaddrval($a) <=> &ipaddrval($b) ||
+    $a cmp $b;
 }

 # This routine parses "show version"
 <at>  <at>  -1874,7 +1898,7  <at>  <at> 
        # order arp lists
        /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ &&
            ProcessHistory("ARP","$aclsort","$1","$_") && next;
-       /^ip(v6)?
prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\S+)(\/.*)$/
+       /^ip(v4|v6)?
prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\S+)(\/.*)$/
            && ProcessHistory("PACL $2 $4","$aclsort","$5",
                              "ip$1 prefix-list $2 $4 $5$6\n")
            && next;

--

-- 
Alan McKinnon
alan.mckinnon <at> gmail.com

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Alan McKinnon | 7 Jun 01:09 2014
Picon

[rancid] [PATCH] Reduce chatter about file sizes in nvram.

Hi,

I got tired of endless noise mails with diffs like this:

- !Flash: nvram:  1692  -rw-      356089                    <no date>
startup-config
+ !Flash: nvram:  1692  -rw-      356257                    <no date>
startup-config
- !Flash: nvram: 2093048 bytes total (1636661 bytes free)
+ !Flash: nvram: 2093048 bytes total (1636493 bytes free)

So I wrote the below to deal with it.
Rationale: I don't care to know that the file increased by 168 bytes,
all I want to know is if the file was created or deleted and it's
approximate size. I'd also like to know if the size changed dramatically
eg 100K to 10M.
The patch transforms the size to the nearest SI unit and truncates it to
an integer, like so:

!Flash: nvram:  1691  -rw-       347KB                    <no date>
startup-config
!Flash: disk0:        1MB bytes total (       1MB bytes free)

The diff is against 2.3.8 and I have similar ones for nxrancid and
xrrancid. Also gsrrancid but that's my own creation for GSRs and not in
the source tarballs.

--- rancid.old  2014-05-16 01:07:20.000000000 +0200
+++ rancid      2014-06-04 01:47:20.000000000 +0200
 <at>  <at>  -95,6 +95,24  <at>  <at> 
     1;
 }

+# Transform filesizes into integral SI units (eg 123456 => 120KB)
+sub numtosi {
+    my $num = $_[0];
+    my $len = length($_[0]);
+    if ($num >= (1024 * 1024 * 1024)) {
+        $num = int($num / (1024 * 1024 * 1024));
+        return sprintf("%$len"."s", "$num"."GB");
+    } elsif ($num >= (1024 * 1024 )) {
+        $num = int($num / (1024 * 1024));
+        return sprintf("%$len"."s", "$num"."MB");
+    } elsif ($num >= (1024 )) {
+        $num = int($num / (1024));
+        return sprintf("%$len"."s", "$num"."KB");
+    } else {
+        return $num;
+    }
+}
+
 sub numerically { $a <=> $b; }

 # This is a sort routine that will sort numerically on the
 <at>  <at>  -717,6 +736,14  <at>  <at> 
        # Filter dhcp database
        next if (/dhcp_[^. ]*\.txt/);

+        # Transform file sizes in file listing to SI units
+        if (/^(\s*?\d+\s+[rwx-]{4}\s+)(\d+)(.*)/) {
+            $_ = "$1" . numtosi($2) . "$3\n";
+        }
+       if (/^(\s*?)(\d+) bytes total \((\d+) bytes free\)$/) {
+           $_ = $1 . numtosi($2) . " bytes total (" . numtosi($3) . "
bytes free)\n";
+       }
+
        /\s+(multiple-fs|nv_hdr|vlan\.dat)$/ && next;
        ProcessHistory("FLASH","","","!Flash: $_");
     }
 <at>  <at>  -762,22 +789,19  <at>  <at> 
        # Filter dhcp database
        next if (/dhcp_[^. ]*\.txt/);

-       if ($ios eq "XE" && /.*\((\d+) bytes free\)/) {
-           my($tmp) = $1;
-           if ($tmp >= (1024 * 1024 * 1024)) {
-               $tmp = int($tmp / (1024 * 1024 * 1024));
-               s/$1 bytes free/$tmp GB free/;
-           } else {
-               $tmp = int($tmp / (1024 * 1024));
-               s/$1 bytes free/$tmp MB free/;
-           }
-       }
        if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) {
            $_ = "$1" . sprintf("%43s", "") . "$3\n";
        }
        if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) {
            $_ = "$1" . sprintf("%43s", "") . "$3\n";
        }
+        # Transform file sizes in file listing to SI units
+        if (/^(\s*?\d+\s+[rwx-]{4}\s+)(\d+)(.*)/) {
+            $_ = "$1" . numtosi($2) . "$3\n";
+        }
+       if (/^(\s*?)(\d+) bytes total \((\d+) bytes free\)$/) {
+           $_ = $1 . numtosi($2) . " bytes total (" . numtosi($3) . "
bytes free)\n";
+       }
        # the pager can not be disabled per-session on the PIX
        if (/^(<-+ More -+>)/) {
            my($len) = length($1);

--

-- 
Alan McKinnon
alan.mckinnon <at> gmail.com

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Manfred Mayer IT | 6 Jun 15:40 2014
Picon

[rancid] clogin: not found

Hi all,

I try to migrate my existing rancid-2.3.8 installation to a new host with Ubuntu 12.04. I downloaded
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz and installed it to /usr/local/rancid. I
copied the .cloginrc and rancid.conf to the new host and wanted to test with a new router.db first,
containing only 6 HP Procurve switches (switchname:hp:up). I can login successfully to each switch with
"bin/clogin switchname" and I also tried "bin/hlogin -f .cloginrc -c "show version" switchname" which
gives me a "no page" output first, but then the version and a completed logout.

But executing "bin/rancid switchname" results in the following:
sh: 1: clogin: not found
switchname: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all
sec-slot2:,show diag,dir:
switchname: End of run not found
!

I found this existing thread
http://www.shrubbery.net/pipermail/rancid-discuss/2008-November/003404.html but however I
don't know what to do exactly to solve the problem.

Any suggestions would be appreciated

Regards
Mana

Rapunzel Naturkost GmbH, Rapunzelstra?e 1, D-87764 Legau
Registergericht Memmingen HRB 14736  | Sitz der Gesellschaft: Legau
Ust Id Nr. DE 129088402
Gesch?ftsf?hrer: Joseph Wilhelm | Margit Epple | Andreas Wenning
Telefon: +49 (0)8330 / 529 - 0
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Craig Ayliffe | 6 Jun 02:52 2014
Picon

Re: [rancid] Help for nlogin and Netscreen

Hi,

Apologies the link that failed was meant to be: http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

It is found on this page: http://www.shrubbery.net/rancid/#help


Yes agreed it is a broken implementation of the CLI.
I will take a look at the -s option.

Thanks,

Craig

On 6 June 2014 03:53, <rancid-discuss <at> shrubbery.net> wrote:
Thu, Jun 05, 2014 at 03:15:41PM +1000, Craig Ayliffe:
> Hi,
>
> Firstly I tried to subscribe to the mailing list at
> http://www.shrubbery.net/pipermail/rancid-discuss/ - but get a 404 error
> going to that page.

that url looks fine to me.  in the logs, i see some failures with bad urls,
which might have been you.  if you can verify what url doesnt work and where
you found the url or the referring page, i'll look.

> Anyway my problem today is trying to run the command:
>    nlogin -t 90 -f vfw.cloginrc -c "exec nsrp sync global-config check-sum"
> hostname
>
> It runs the command successfully but then hangs waiting to finish.
> The output of the command (configuration in sync) is printed out after the
> prompt is displayed which seems to get nlogin out of sync - still looking
> for the prompt which it doesn't see again.
>
> Attached is the debug of the commands being run.
>
> Below is it running without debug.
> ==============================================
> craiga <at> syd-monitor-01:~/juniper$ /tmp/nlogin.3.1 -t 90 -f vfw.cloginrc -c
> "exec nsrp sync global-config check-sum" bne-vfw-1b
> bne-vfw-1b
> spawn ssh -c 3des -x -l craiga bne-vfw-1b
> craiga <at> bne-vfw-1b's password:
> Remote Management Console
> BNE-VFW-1b(B)->
> BNE-VFW-1b(B)-> set console page 0
> BNE-VFW-1b(B)-> exec nsrp sync global-config check-sum
> *BNE-VFW-1b(B)-> configuration in sync*
>
>
> ^Ccraiga <at> syd-monitor-01:~/juniper$
> ==============================================
>
> As far as I can see this is due to Netscreen running this command in the
> background and it returns the display later on after the new prompt is
> already there.
> This doesn't happen when I run the 'get' commands in Netscreen.
>
> Any ideas on how to fix this would be awesome thanks

eh, you could do that with a script via nlogin -s.  but, once it receives a
new prompt, the login scripts assume the command is done.  to that do a cmd
in the background is a completely broken cli way to do it, imo, and i'd
complain to the vendor.

see the share dir of the dist for -s examples.



--
Craig Ayliffe
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Kenneth Lind | 5 Jun 20:24 2014
Picon

Re: [rancid] Cisco 10k sflog Timestamp Cycling

This is a fairly old issue so I'm including the previous threads for what
it's worth. We upgraded to Rancid v3.0 and then today to v3.1 without issue.
The upgrade to 3.0a did hush the actual sflog diffs, however, we are still
receiving noisy diffs related to the sflog/IPDR data and the fact that n
bytes are stored in flash before being sent to the collector.

What would be the best method to hush these diffs?

Example of diffs:
  !Flash:                                           sflog
- !Flash: 821772288 bytes available (202817536 bytes used)
+ !Flash: 821805056 bytes available (202784768 bytes used)
  !

> -----Original Message-----
> From: 'heasley' [mailto:heas <at> shrubbery.net]
> Sent: Thursday, November 07, 2013 2:56 PM
> To: Kenneth Lind
> Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling
> 
> Thu, Nov 07, 2013 at 07:44:33PM +0000, 'heasley':
> > Thu, Oct 31, 2013 at 11:34:51AM -0400, Kenneth Lind:
> > > > -----Original Message-----
> > > > From: heasley [mailto:heas <at> shrubbery.net]
> > > > Sent: Wednesday, October 30, 2013 6:42 PM
> > > > To: Kenneth Lind
> > > > Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling
> > > >
> > > > Tue, Oct 29, 2013 at 04:26:18PM -0400, Kenneth Lind:
> > > > > > -----Original Message-----
> > > > > > From: rancid-discuss-bounces <at> shrubbery.net
> > > > > > [mailto:rancid-discuss- bounces <at> shrubbery.net] On Behalf Of
> > > > > > Alan McKinnon
> > > > > > Sent: Tuesday, October 22, 2013 4:19 PM
> > > > > > To: rancid-discuss <at> shrubbery.net
> > > > > > Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling
> > > > > >
> > > > > > On 22/10/2013 17:27, Kenneth Lind wrote:
> > > > > > > We recently implemented IPDR on our Cisco 10K uBRs and are
> > > > > > > now receiving diffs for every rancid run about the
> timestamp
> > > > > > > for the
> > > > > > sflog:
> > > > > > >
> > > > > > > - !Flash: 6            0 Oct 22 2013 08:46:10 -04:00 sflog
> > > > > > > + !Flash: 6            0 Oct 22 2013 09:37:28 -04:00 sflog
> > > > > > >
> > > > > > > We are running Rancid v2.3.6 which according to the change
> > > > > > > log included the fix for this issue (though in our instance
> > > > > > > it does not appear to be filtered, unless there is an
> option
> > > > > > > somewhere that we've missed to enable the filtering):
> > > > > > >
> > > > > > > rancid: filter sflog from DirSlotN() for IOS on cisco 10k
> > > > > > >
> > > > > > > I've been able to find mentions of the issue in the discuss
> > > > > > > archives, but none have included a solution. Has anyone
> been
> > > > > > > able to hush the diffs for the sflog outside of creating a
> > > > > > > new rancid type and
> > > > > > altering
> > > > > > > the command table to exclude the DirSlotN run?
> > > > > >
> > > > > > I'm not familiar with the 10k but Google indicates they will
> > > > > > run regular IOS. Is that correct?
> > > > >
> > > > > 10k does run IOS. There are some specialized-for-the-purpose
> > > > > commands/configuration, but it is still standard IOS
> (12.2(33)).
> > > > >
> > > > > >
> > > > > > The code in 2.3.6 does support what the Changelog says:
> > > > > >
> > > > > > sub DirSlotN {
> > > > > >     ....
> > > > > >     if ($ios eq "IOS" &&
> /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) {
> > > > > >         $_ = "$1" . sprintf("%43s", "") . "$3\n";
> > > > > >     }
> > > > > >     ....
> > > > > > }
> > > > > >
> > > > > > but that regex does not match the output you quoted. maybe
> > > > > > that was written for
> > > > > >
> > > > > > Personally, I would simply discard the entire line (you don't
> > > > > > want to keep the timestamp and that is the very thing that is
> > > > > > changing) so modify DirSlotN thusly (add it just before the
> code above):
> > > > > >
> > > > > >     next if ($ios eq "IOS" && /^Flash:.*? sflog$);
> > > > > >
> > > > > > that regex is quite simplistic, you might want to tweak it to
> > > > > > be more specific.
> > > > > >
> > > > >
> > > > > Heasley replied directly to me with the following diff from
> > > > > Rancid
> > > > v3.0a:
> > > > > Index: lib/ios.pm.in
> > > > >
> ===================================================================
> > > > > --- lib/ios.pm.in	(revision 2731)
> > > > > +++ lib/ios.pm.in	(working copy)
> > > > >  <at>  <at>  -884,7 +884,7  <at>  <at> 
> > > > >  	# to:
> > > > >  	#       -rw-                                   vlan.dat
> > > > >  	#       -rw-
> vlan.dat
> > > > > -	if (/(dhcp_[^. ]*\.txt|vlan\.dat)\s*$/) {
> > > > > +	if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) {
> > > > >  	    if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+
> > > > > \d+:\d+:\d+
> > > > > .\d+:\d+)/) {
> > > > >  		my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4,
> $5, $');
> > > > >  		my($fnl, $szl, $dtl) = (length($fn), length($sz),
> > > > length($dt));  <at>  <at> 
> > > > > -921,9 +921,6  <at>  <at> 
> > > > >  	if ($ios eq "XE" &&
> /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) {
> > > > >  	    $_ = "$1" . sprintf("%43s", "") . "$3\n";
> > > > >  	}
> > > > > -	if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/)
> {
> > > > > -	    $_ = "$1" . sprintf("%43s", "") . "$3\n";
> > > > > -	}
> > > > >  	# the pager can not be disabled per-session on the PIX
> > > > >  	if (/^(<-+ More -+>)/) {
> > > > >  	    my($len) = length($1);
> > > > >
> > > > >
> > > > > However, our stock Rancid v2.3.6 looks considerably different
> > > > > and I wasn't able to find the correct location(s) to make the
> changes.
> > > > >
> > > > > I created a proposed diff with changes matching our stock
> Rancid
> > > > > as follows and I wonder if anyone has any input (notice the
> line
> > > > > numbers are considerably different as well as the 'next if'
> statement):
> > > >
> > > > and i replied about your diff below.  did you try it?  you can
> try
> > > > it without changing your installed based.  ./rancid hostname;
> diff
> > > > ~rancid/group/ configs/hostname hostname.new
> > >
> > >
> > > Applying the below proposed changes caused the following errors in
> the log:
> > >
> > > Execution of /usr/local/rancid/bin/rancid aborted due to
> compilation errors.
> > > syntax error at /usr/local/rancid/bin/rancid line 759, near ") {"
> > > Can't use global $1 in "my" at /usr/local/rancid/bin/rancid line
> > > 761, near "($1"
> > > Missing right curly or square bracket at
> > > /usr/local/rancid/bin/rancid line 2085, at end of line
> >
> > the patch wasnt applied properly.
> >
> > >
> > > >
> > > > > Index: bin/rancid
> > > > >
> ================================================================
> > > > > ===
> > > > >  <at>  <at>  -757,9 +757,9  <at>  <at> 
> > > > >         if ($dev =~ /bootflash/) {
> > > > >             next if (/temp_cont\s*$/);
> > > > >             next if (/uptime_cont\s*$/);
> > > > >         }
> > > > >         # Filter dhcp database
> > > > > -       next if (/dhcp_[^. ]*\.txt/);
> > > > > +	  next if (/(dhcp_[^. ]*\.txt|vlan\.dat|sflog)\s*$/) {
> >
> > eg: next is not valid there.  you could just move to rancid 3.0aN,
> > else you will have to correct the application of the patch.
> 
> btw, you need ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-
> 3.0a3.tar.gz
> then apply the patch i'd sent to you.
> 
> > > > > + 	    if (/(\s*\d+)(\s+\S+\s+)(\d+)(\s+)(\w+ \d+\s+\d+
> > > > > + \d+:\d+:\d+
> > > > > .\d+:\d+)/) {
> > > > > + 		my($fn, $a, $sz, $c, $dt, $rem) = ($1, $2, $3, $4,
> $5, $');
> > > > > + 		my($fnl, $szl, $dtl) = (length($fn), length($sz),
> > > > > length($dt));
> > > > >
> > > > >         if ($ios eq "XE" && /.*\((\d+) bytes free\)/) {
> > > > >             my($tmp) = $1;
> > > > >             if ($tmp >= (1024 * 1024 * 1024)) {
> > > > >                 $tmp = int($tmp / (1024 * 1024 * 1024));
> > > > >                 s/$1 bytes free/$tmp GB free/;
> > > > >             } else {
> > > > >                 $tmp = int($tmp / (1024 * 1024));
> > > > >                 s/$1 bytes free/$tmp MB free/;
> > > > >             }
> > > > >         }
> > > > >         if ($ios eq "XE" &&
> > > > > /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/)
> > > > {
> > > > >             $_ = "$1" . sprintf("%43s", "") . "$3\n";
> > > > >         }
> > > > >
> > > > >  <at>  <at>  -772,9 +772,9  <at>  <at> 
> > > > >             }
> > > > >         }
> > > > >         if ($ios eq "XE" &&
> > > > > /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/)
> > > > {
> > > > >             $_ = "$1" . sprintf("%43s", "") . "$3\n";
> > > > >         }
> > > > > -	  if ($ios eq "IOS" &&
> /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) {
> > > > > -           $_ = "$1" . sprintf("%43s", "") . "$3\n";
> > > > > -        }
> > > > >         # the pager can not be disabled per-session on the PIX
> > > > >         if (/^(<-+ More -+>)/) {
> > > > >             my($len) = length($1);
> > > > >             s/^$1\s{$len}//;
> > > > >
> > > > > > Don't stress about maintaining your own patches to make the
> > > > > > rancid scripts do what you intent - every installation I know
> > > > > > of accumulating a rather large number of them :-)  It seems
> to
> > > > > > be inevitable considering the problem we are all using rancid
> > > > > > to
> > > > solve.
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Alan McKinnon
> > > > > > alan.mckinnon <at> gmail.com
> > > > > >
> > > > > > _______________________________________________
> > > > > > Rancid-discuss mailing list
> > > > > > Rancid-discuss <at> shrubbery.net
> > > > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> > > > >
> > > > > _______________________________________________
> > > > > Rancid-discuss mailing list
> > > > > Rancid-discuss <at> shrubbery.net
> > > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Alexander Bochmann | 4 Jun 10:44 2014
Picon

[rancid] Cisco SG-500 configs?

Hi,

does anyone have rancid 2.3.x patches for Cisco SG-500 switches with current 
software? I've found several pieces of code that claim to support the SG series, 
but none of them acutally work. The new SG switches are quite IOS-like, but not 
enough to work with the normal clogin...

Alex.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Joshua Lebo | 16 May 22:36 2014
Picon

Re: [rancid] Cisco WLC: Rancid 3.0 add other vendor devices???

Gavin,

I'm having the exact same issues.  I'm also poking around at code, and I have noticed that Rancid::loadtype is a subrouting in lib/rancid/rancid.pm not it's own module.

For completeness, I'm showing my rancid.types.conf contents:

ciscowlc;login;wlogin
ciscowlc;script;ciscowlc5

and my error:


Trying to get all of the configs.
Unknown option: t
ciscowlc5 wlogin error: Error: no password for ciscowlc5 in /home/rancid/.cloginrc.
ciscowlc5: missed cmd(s): show sysinfo,show udi,show run-config commands
ciscowlc5: End of run not found

I was able to resolve 'Unknown option: t' was resolved by catching the option, by editing line 30 and adding 't'.

The above wlogin error should probably read <devicename> instead of <ciscowlc5>, leading me to believe that our scripts are not parsing something correctly.  Did the change in router.db from ':' to ';' in version 3.0 break the script?

Interestingly, if I run ./ciscowlc5 <devicename> from within the bin directory, the complete config is pulled down and saved as a .new file. Password, etc is correctly configured.  So I know the scripts work, having trouble getting them to run via rancid-run in version 3.0.

- Josh

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Gmane