lexore | 18 Jun 13:34 2014
Picon

Re: [rancid] show policy detail on extreme switches

Thanks, it works!

--
lexore <at> gmail.com

2014-05-22 2:31 GMT+04:00 Alan McKinnon <alan.mckinnon <at> gmail.com>:
> On 21/05/2014 13:18, lexore wrote:
>> Hello.
>>
>> We use rancid to backup configs of Extreme switches.
>> I noticed, that rancid don't save output of "show policy detail".
>> We need to backup this too.
>> I tried to add support of this command to xrancid.
>> I wrote subroutine (copy of WriteTerm), added string to  <at> commandtable,
>> but without success.
>> Syntax of output "show policy detail" significant differ from usual
>> cisco-style configs.
>> Is anyone solved this for it's own needs?
>> Or maybe you could suggest, how i can add support of this command in xrancid?
>>
>> I attached example of ouput "show policy detail" to message.
>> Copy here: http://pastebin.com/p6h4bgsE
>> We use Extreme Summit X670V
>> ExtremeXOS version 15.3.1.4 v1531b4-patch1-29
>
>
>
> Indeed, that output looks nothing like anything from a Cisco :-)
>
> When I look over the output your supplied, nothing in there looks like
(Continue reading)

Daniel Schmidt | 17 Jun 20:32 2014

[rancid] tacacs.org down

database error?
E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Howard Jones | 17 Jun 16:25 2014

[rancid] Cisco APs and RANCID 3.1 => traffic counters in output

I've just upgraded from 2.8.x to 3.1, and it's nice that I don't get 
hourly updates on files on our ASRs anymore. However, what I get now 
instead is byte counters per-VLAN from our Cisco WAPs :-)

- !VLAN:21689 packets, 8176753 bytes output

- !VLAN:Other0173501

- !VLAN:25937 packets, 10671062 bytes input

- !VLAN:151812 packets, 11928977 bytes output

+ !VLAN:22023 packets, 8302671 bytes output

+ !VLAN:Other 0176177

+ !VLAN:26337 packets, 10835508 bytes input

+ !VLAN:154154 packets, 12113161 bytes output

Before I dig in to fix it, has anyone already done that?

Cheers,

Howie
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Chip Pleasants | 16 Jun 20:01 2014
Picon

[rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2?  I have four sets running PAN version 5.0.11 without an issues.  Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions. 

Cheers,

Chip


[rancid <at> cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com 
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line:                                 NOTICE TO USERS              
line:   This is an official computer system and is the property of POOP Incorporated. 
line:   It is for authorized users only.  Unauthorized  users are prohibited. 
line:   Users (authorized or unauthorized) have no  explicit or implicit expectation of 
line:   privacy.  Any or all uses of this system may be subject to one or more of the 
line:   following actions:  interception, monitoring, recording, auditing, inspection and
line:   disclosing to security personnel and law enforcement personnel, as well as 
line:   authorized officials of other agencies, both domestic and foreign. By using this 
line:   system, the user consents to these actions.  Unauthorized or improper use of 
line:   this system may result in administrative disciplinary action and civil and criminal 
line:   penalties.  By accessing this system you indicate your awareness of and
line:   consent to these terms and conditions of use. Discontinue access immediately 
line:   if you do not agree to the conditions stated in this notice.
line: 
line: Password: 
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
line: 
line: rancid <at> CMH1-Z4-F01(active)> 
line: rancid <at> CMH1-Z4-F01(active)> 
line: rancid <at> CMH1-Z4-F01(active)> set rancid <at> CMH1-Z4-F01(active)> set cli rancid <at> CMH1-Z4-F01(active)> set cli scripting-mode rancid <at> CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: rancid <at> CMH1-Z4-F01\(active\)[#>]
HIT COMMAND:rancid <at> CMH1-Z4-F01(active)> set rancid <at> CMH1-Z4-F01(active)> set cli rancid <at> CMH1-Z4-F01(active)> set cli scripting-mode rancid <at> CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:rancid <at> CMH1-Z4-F01(active)> set rancid <at> CMH1-Z4-F01(active)> set cli rancid <at> CMH1-Z4-F01(active)> set cli pager rancid <at> CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:rancid <at> CMH1-Z4-F01(active)> show rancid <at> CMH1-Z4-F01(active)> show system rancid <at> CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
    In ShowInfo:: rancid <at> CMH1-Z4-F01(active)> show rancid <at> CMH1-Z4-F01(active)> show system rancid <at> CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z4-f01.domain.com : End of run not found

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
heasley | 13 Jun 08:04 2014
Picon

Re: [rancid] Cisco 10k sflog Timestamp Cycling

Mon, Jun 09, 2014 at 10:18:21AM -0400, Kenneth Lind:
> > -----Original Message-----
> > From: heasley [mailto:heas <at> shrubbery.net]
> > Sent: Thursday, June 05, 2014 5:27 PM
> > To: Kenneth Lind
> > Cc: rancid-discuss <at> shrubbery.net
> > Subject: Re: [rancid] Cisco 10k sflog Timestamp Cycling
> > 
> > Thu, Jun 05, 2014 at 02:24:41PM -0400, Kenneth Lind:
> > > This is a fairly old issue so I'm including the previous threads for
> > > what it's worth. We upgraded to Rancid v3.0 and then today to v3.1
> > without issue.
> > > The upgrade to 3.0a did hush the actual sflog diffs, however, we are
> > > still receiving noisy diffs related to the sflog/IPDR data and the
> > > fact that n bytes are stored in flash before being sent to the
> > collector.
> > >
> > > What would be the best method to hush these diffs?
> > >
> > > Example of diffs:
> > >   !Flash:                                           sflog
> > > - !Flash: 821772288 bytes available (202817536 bytes used)
> > > + !Flash: 821805056 bytes available (202784768 bytes used)
> > 
> > would you show me the output of the command 'dir' or 'show flash' for
> > whatever device this is?  it should be replacing that line with a
> > sumarry line that ought to be less annoying.
> 
> "Dir" and "show flash" look a little different, so I'll include both.
> 
> First "dir"
> Directory of disk0:/
> 
>     1  -rw-    68483912  Dec 14 2010 10:46:02 -05:00  <removed>.bin
>     2  -rw-    68495176  Jan 25 2011 01:27:54 -05:00  <removed>.bin
>     3  -rw-    54584320  Jan 25 2011 01:30:40 -05:00  <removed>.pkg
>     4  -rw-    11060935  Jul 31 2012 10:09:38 -04:00  <removed>.img
>     5  -rw-      115639  Mar 28 2013 10:24:54 -04:00  ftp
>     6  -rw-           0   Jun 9 2014 10:01:30 -04:00  sflog
> 
> 
> "show flash"
> -#- --length-- -----date/time------ path
> 1     68483912 Dec 14 2010 10:46:02 -05:00 <removed>.bin
> 2     68495176 Jan 25 2011 01:27:54 -05:00 <removed>.bin
> 3     54584320 Jan 25 2011 01:30:40 -05:00 <removed>.pkg
> 4     11060935 Jul 31 2012 10:09:38 -04:00 <removed>.img
> 5       115639 Mar 28 2013 10:24:54 -04:00 ftp
> 6            0 Jun 9 2014 10:01:30 -04:00 sflog
> 

Does this patch fix the space available line (summarize it)?

Index: lib/ios.pm.in
===================================================================
--- lib/ios.pm.in	(revision 2847)
+++ lib/ios.pm.in	(working copy)
 <at>  <at>  -848,6 +848,20  <at>  <at> 
 	# Drop these files entirely.
 	/\s+(private-multiple-fs|multiple-fs|LISP-MapCache-IPv\S+|nv_hdr)$/ &&
 	    next;
+
+	if ($ios eq "XE" && /(\d+) bytes available \(\d+ bytes used\)/) {
+	    my($tmp) = $1;
+	    if ($tmp >= (1024 * 1024 * 1024)) {
+		$tmp = int($tmp / (1024 * 1024 * 1024));
+		$_ = "$tmp GB free";
+	    } elsif ($tmp >= (1024 * 1024)) {
+		$tmp = int($tmp / (1024 * 1024));
+		$_ = "$tmp MB free";
+	    } else {
+		$tmp = int($tmp / 1024);
+		$_ = "$tmp KB free";
+	    }
+	}
 	ProcessHistory("FLASH","","","!Flash: $_");
     }
     ProcessHistory("","","","!\n");

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Andrei Sabau | 12 Jun 16:08 2014
Picon

[rancid] Using Ravin's patch to jump through a gateway device to probe device not working in 3.1?

Hello.

I've installed Rancid 3.1, added Ed Ravin's modification to clogin but apparently it does not work.

The error shows something like this:

  1. Trying to get all of the configs.
  2. send: spawn id exp4 not open
  3.     while executing
  4. "send "\r""
  5.     ("foreach" body line 162)
  6.     invoked from within
  7. "foreach router [lrange $argv $i end] {
  8.     set router [string tolower $router]
  9.     # attempt at platform switching.
  10.     set platform ""
  11.     send_user ..."
  12.     (file "/home/rancid/bin/clogin" line 773)

I have used the correct syntax in cloginrc.

Any ideas? Is there another way to achieve the method?
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Manfred Mayer IT | 10 Jun 11:49 2014
Picon

Re: [rancid] clogin: not found

Hello John,

thanks for your help. After adding /usr/local/rancid/bin to the PATH, that error is gone and I went on to
executing bin/rancid-run. Now I see these errors in the rancid-run logfile:

Trying to get all of the configs.
swledv05: missed cmd(s): write term
swledv05: End of run not found
;
swledv02: missed cmd(s): show tech transceivers
swledv04: missed cmd(s): show tech transceivers,show module,show config status,show
system-information,show systems
swledv11: missed cmd(s): show config files
couldn't compile regular expression pattern: parentheses () not balanced
    while executing
"expect {
        -re $reprompt   {}
        -re "\[\n\r]+"  { exp_continue }
    }"
    (procedure "run_commands" line 9)
    invoked from within
"run_commands $prompt $command"
    ("foreach" body line 161)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find t..."
    (file "/usr/local/rancid/bin/hlogin" line 615)

I use the same entries in my router.db as on my old machine, but on the old system I don't get any errors in my
logfile. For the "parentheses" error I found this thread
(http://www.shrubbery.net/pipermail/rancid-discuss/2010-June/004987.html), but my hlogin
already contains the mentioned line.

Regards
Mana

-----Ursprüngliche Nachricht-----
Von: John Heasley [mailto:heas <at> shrubbery.net]
Gesendet: Freitag, 6. Juni 2014 16:26
An: Manfred Mayer IT
Betreff: Re: [rancid] clogin: not found

> Am Jun 6, 2014 um 6:40 AM schrieb Manfred Mayer IT <manfred.mayer.it <at> rapunzel.de>:
>
> Hi all,
>
> I try to migrate my existing rancid-2.3.8 installation to a new host with Ubuntu 12.04. I downloaded
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz and installed it to /usr/local/rancid. I
copied the .cloginrc and rancid.conf to the new host and wanted to test with a new router.db first,
containing only 6 HP Procurve switches (switchname:hp:up). I can login successfully to each switch with
"bin/clogin switchname" and I also tried "bin/hlogin -f .cloginrc -c "show version" switchname" which
gives me a "no page" output first, but then the version and a completed logout.
>
> But executing "bin/rancid switchname" results in the following:
> sh: 1: clogin: not found
> switchname: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all
sec-slot2:,show diag,dir:
> switchname: End of run not found
> !

The rancid bin dir is not hardcoded in *login, it uses and inherits your PATH, or rancid.conf's in the case of rancid-run.
>
> I found this existing thread
http://www.shrubbery.net/pipermail/rancid-discuss/2008-November/003404.html but however I
don't know what to do exactly to solve the problem.
>
> Any suggestions would be appreciated
>
> Regards
> Mana
>
> Rapunzel Naturkost GmbH, Rapunzelstra?e 1, D-87764 Legau
> Registergericht Memmingen HRB 14736  | Sitz der Gesellschaft: Legau
> Ust Id Nr. DE 129088402
> Gesch?ftsf?hrer: Joseph Wilhelm | Margit Epple | Andreas Wenning
> Telefon: +49 (0)8330 / 529 - 0
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss <at> shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Email secured by [Rapunzel IT]

Rapunzel Naturkost GmbH, Rapunzelstraße 1, D-87764 Legau
Registergericht Memmingen HRB 14736  | Sitz der Gesellschaft: Legau
Ust Id Nr. DE 129088402
Geschäftsführer: Joseph Wilhelm | Margit Epple | Andreas Wenning
Telefon: +49 (0)8330 / 529 - 0
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Nicolas DEFFAYET | 7 Jun 14:47 2014

[rancid] Quagga vtysh patchs

Hello,

Please find the complete files attached that I use successfully with
Rancid 2.3.8 to get config from Quagga vtysh. I have done a big rewrite
for have clean stuff and I use a new qlogin instead of original clogin
because the original clogin don't work correctly since Rancid 2.3.5 due
to various change.

# vi /usr/lib/rancid/bin/rancid-fe
---
-    'zebra' => 'zrancid'
+    'zebra' => 'zrancid',
+    'quagga' => 'qrancid'
---

Put qlogin qrancid
# chown root:root qlogin qrancid
# chmod 755 qlogin qrancid
# mv qlogin qrancid /usr/lib/rancid/bin/

In router.db file
---
test.example.com:quagga:up
---

-- 
Nicolas DEFFAYET
#! /usr/bin/expect --
##
## $Id: qlogin.in 1 2012-06-01 17:05:00Z n $
##
## rancid 2.3.8
## Copyright (c) 1997-2011 by Terrapin Communications, Inc.
## All rights reserved.
##
## This code is derived from software contributed to and maintained by
## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
##    must display the following acknowledgement:
##        This product includes software developed by Terrapin Communications,
##        Inc. and its contributors for RANCID.
## 4. Neither the name of Terrapin Communications, Inc. nor the names of its
##    contributors may be used to endorse or promote products derived from
##    this software without specific prior written permission.
## 5. It is requested that non-binding fixes and modifications be contributed
##    back to Terrapin Communications, Inc.
##
## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
# 
#  The expect login scripts were based on Erik Sherk's gwtn, by permission.
# 
# qlogin - quagga s/w login
# Based on csblogin
#
# The default username password is the same as the vty password.
#

# Usage line
set usage "Usage: $argv0 \[-dV\] \[-c command\] \[-Evar=x\] \
\[-f cloginrc-file\] \[-p user-password\] \[-r passphrase\] \[-s script-file\] \
\[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \
router \[router...\]\n"

# env(CLOGIN) may contain:
#	x == do not set xterm banner or name

# Password file
set password_file $env(HOME)/.cloginrc
# Default is to login to the router
set do_command 0
set do_script 0
# The default is to look in the password file to find the passwords.  This
# tracks if we receive them on the command line.
set do_passwd 1
# Sometimes routers take awhile to answer (the default is 10 sec)
set timeoutdflt 120
#
# new option to provide "login" command capabilities
set loginonly 0

# Find the user in the ENV, or use the unix userid.
if {[info exists env(CISCO_USER)]} {
    set default_user $env(CISCO_USER)
} elseif {[info exists env(USER)]} {
    set default_user $env(USER)
} elseif {[info exists env(LOGNAME)]} {
    set default_user $env(LOGNAME)
} else {
    # This uses "id" which I think is portable.  At least it has existed
    # (without options) on all machines/OSes I've been on recently -
    # unlike whoami or id -nu.
    if [catch {exec id} reason] {
	send_error "\nError: could not exec id: $reason\n"
	exit 1
    }
    regexp {\(([^)]*)} "$reason" junk default_user
}
if {[info exists env(CLOGINRC)]} {
    set password_file $env(CLOGINRC)
}

# Process the command line
for {set i 0} {$i < $argc} {incr i} {
    set arg [lindex $argv $i]

    switch  -glob -- $arg {
	# Command to run.
	-c* -
	-C* {
	    if {! [regexp .\[cC\](.+) $arg ignore command]} {
		incr i
		set command [lindex $argv $i]
	    }
	    set do_command 1
	# Expect debug mode
	} -d* {
	    exp_internal 1
	# Environment variable to pass to -s scripts
	} -E*
	{
	    if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
		set E$varname $varvalue
	    } else {
		send_user "\nError: invalid format for -E in $arg\n"
		exit 1
	    }
	# alternate cloginrc file
	} -f* -
	-F* {
	    if {! [regexp .\[fF\](.+) $arg ignore password_file]} {
		incr i
		set password_file [lindex $argv $i]
	    }
	# user Password
	} -p* {
	    if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} {
		incr i
		set userpasswd [lindex $argv $i]
	    }
	    set do_passwd 0
	# ssh passphrase
	} -r* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set vapassphrase [lindex $argv $i]
	    }
	# Version string
	} -V* {
	    send_user "rancid 2.3.8\n"
	    exit 0
	# Passphrase
	} -r* -
	-R* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set avpassphrase [lindex $argv $i]
	    }
	# Expect script to run.
	} -s* {
	    if {! [regexp .\[sS\](.+) $arg ignore sfile]} {
		incr i
		set sfile [lindex $argv $i]
	    }
	    if { ! [file readable $sfile] } {
		send_user "\nError: Can't read $sfile\n"
		exit 1
	    }
	    set do_script 1
	# Timeout
	} -t* {
	    if {! [regexp .\[tT\](.+) $arg ignore timeout]} {
		incr i
	        set timeoutdflt [lindex $argv $i]
	    }
	# Username
	} -u* -
	-U* {
	    if {! [regexp .\[uU\](.+) $arg ignore user]} {
		incr i
		set username [lindex $argv $i]
 	    }
	# Command file
	} -x* {
	    if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} {
		incr i
		set cmd_file [lindex $argv $i]
	    }
	    if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
		send_user "\nError: $reason\n"
		exit 1
	    }
	    set cmd_text [read $cmd_fd]
	    close $cmd_fd
	    set command [join [split $cmd_text \n] \;]
	    set do_command 1
	# 'ssh -c' cypher type
	} -y* -
	-Y* {
	    if {! [regexp .\[yY\](.+) $arg ignore cypher]} {
		incr i
		set cypher [lindex $argv $i]
	    }
	} -* {
	    send_user "\nError: Unknown argument! $arg\n"
	    send_user $usage
	    exit 1
	} default {
	    break
	}
    }
}
# Process routers...no routers listed is an error.
if { $i == $argc } {
    send_user "\nError: $usage"
}

# Only be quiet if we are running a script (it can log its output
# on its own)
if { $do_script } {
    log_user 0
} else {
    log_user 1
}

#
# Done configuration/variable setting.  Now run with it...
#

# Sets Xterm title if interactive...if its an xterm and the user cares
proc label { host } {
    global env
    # if CLOGIN has an 'x' in it, don't set the xterm name/banner
    if [info exists env(CLOGIN)] {
	if {[string first "x" $env(CLOGIN)] != -1} { return }
    }
    # take host from ENV(TERM)
    if [info exists env(TERM)] {
	if [regexp \^(xterm|vs) $env(TERM) ignore] {
	    send_user "\033]1;[lindex [split $host "."] 0]\a"
	    send_user "\033]2;$host\a"
	}
    }
}

# This is a helper function to make the password file easier to
# maintain.  Using this the password file has the form:
# add password sl*	pete cow
# add password at*	steve
# add password *	hanky-pie
proc add {var args} { global int_$var ; lappend int_$var $args}
proc include {args} {
    global env
    regsub -all "(^{|}$)" $args {} args
    if { [regexp "^/" $args ignore ] == 0 } {
	set args $env(HOME)/$args
    }
    source_password_file $args
}

proc find {var router} {
    upvar int_$var list
    if { [info exists list] } {
	foreach line $list {
	    if { [string match [lindex $line 0] $router] } {
		return [lrange $line 1 end]
	    }
	}
    }
    return {}
}

# Loads the password file.  Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info...  I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
    global env
    if { ! [file exists $password_file] } {
	send_user "\nError: password file ($password_file) does not exist\n"
	exit 1
    }
    file stat $password_file fileinfo
    if { [expr ($fileinfo(mode) & 007)] != 0000 } {
	send_user "\nError: $password_file must not be world readable/writable\n"
	exit 1
    }
    if [catch {source $password_file} reason ] {
	send_user "\nError: $reason\n"
	exit 1
    }
}

# Log into the router.
# returns: 0 on success, 1 on failure, -1 if rsh was used successfully
proc login { router user passwd cmethod cyphertype identfile } {
    global spawn_id in_proc do_command do_script passphrase
    global prompt sshcmd
    set in_proc 1

    # try each of the connection methods in $cmethod until one is successful
    set progs [llength $cmethod]
    foreach prog [lrange $cmethod 0 end] {
	incr progs -1
	if [string match "telnet*" $prog] {
	    regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
	    if {"$port" == ""} {
		set retval [catch {spawn telnet $router} reason]
	    } else {
		set retval [catch {spawn telnet $router $port} reason]
	    }
	    if { $retval } {
		send_user "\nError: telnet failed: $reason\n"
		return 1
	    }
	} elseif ![string compare $prog "ssh"] {
	    # ssh to the router & try to login with or without an identfile.
	    # We use two calls to spawn since spawn does not seem to parse
	    # spaces correctly.
	    if {$identfile != ""} {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    } else {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    }
	} elseif ![string compare $prog "rsh"] {
	    send_error "\nError: unsupported method: rsh\n"
	    if { $progs == 0 } {
		return 1
	    }
	    continue
	} else {
	    send_user "\nError: unknown connection method: $prog\n"
	    return 1
	}
	sleep 0.3

	# This helps cleanup each expect clause.
	expect_after {
	    timeout {
		send_user "\nError: TIMEOUT reached\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    } eof {
		send_user "\nError: EOF received\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    }
	}

    # Here we get a little tricky.  There are several possibilities:
    # the router can ask for a username and passwd and then
    # talk to the TACACS server to authenticate you, or if the
    # TACACS server is not working, then it will use the enable
    # passwd.  Or, the router might not have TACACS turned on,
    # then it will just send the passwd.
    # if telnet fails with connection refused, try ssh
    expect {
	-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection Refused ($prog): $router\n"
		return 1
	    }
	}
	-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection closed ($prog): $router\n"
		return 1
	    }
	}
	eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 }
	-nocase "unknown host\r" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"Host is unreachable" {
	    send_user "\nError: Host Unreachable: $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"No address associated with name" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	-re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" {
	    send "yes\r"
	    send_user "\nHost $router added to the list of known hosts.\n"
	    exp_continue
	}
	-re "HOST IDENTIFICATION HAS CHANGED.* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
	-re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" {
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    return 1
	}
	-re "Offending key for .* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: host key mismatch for $router.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
        -re "(denied|Sorry)"    {
                                  send_user "\nError: Check your passwd for $router\n"
                                  catch {close}; catch {wait}; return 1
                                }
        -re "(Password|Password for .+):"      {
                                  # ssh pwd prompt
                                  sleep 1
                                  send -- "$passwd\r"
                                  exp_continue
                                }
        -re "Enter passphrase.*: " {
                                  # sleep briefly to allow time for stty -echo
                                  sleep .3
                                  send -- "$passphrase\r"
                                  exp_continue
                                }
        -re "$prompt"           {
                                  set prompt_match $expect_out(0,string);
                                  break;
                                }
     }
    }

    set in_proc 0
    return 0
}

# Run commands given on the command line.
proc run_commands { prompt command } {
    global in_proc
    set in_proc 1

    set reprompt $prompt

    set commands [split $command \;]
    set num_commands [llength $commands]
    # the pager can not be turned off on the PIX, so we have to look
    # for the "More" prompt.  the extreme is equally obnoxious in pre-12.3 XOS,
    # with a global switch in the config.
    for {set i 0} {$i < $num_commands} { incr i} {
        send -- "[subst -nocommands [lindex $commands $i]]\r"
        expect {
                -re "^\[^\n\r *]*$prompt *$"    {}
                -re "^\[^\n\r]*$prompt."        { exp_continue }
                -re "(\r\n|\n)"                 { exp_continue }
        }
    }

    send "exit\r"
    expect {
        -re "\[\n\r]+"                          { exp_continue }
        timeout                                 { catch {close}; catch {wait};
                                                  return 0
                                                }
        eof                                     { return 0 }
    }
    set in_proc 0
}

#
# For each router... (this is main loop)
#
source_password_file $password_file
set in_proc 0
set exitval 0
foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find timeout $router]
    if { [llength $timeout] == 0 } {
	set timeout $timeoutdflt
    }

    # Default prompt.
    set prompt "#"

    # Figure out username
    if {[info exists username]} {
      # command line username
      set loginname $username
    } else {
      set loginname [join [find user $router] ""]
      if { "$loginname" == "" } { set loginname $default_user }
    }

    # Figure out loginname's password (if different from the vty password)
    if {[info exists userpasswd]} {
      # command line passwd
      set passwd $userpasswd
    } else {
      set passwd [join [lindex [find userpassword $router] 0] ""]
      if { "$passwd" == "" } {
        set passwd [join [lindex [find password $router] 0] ""]
        if { "$passwd" == "" } {
	  send_user "\nError: no password for $router in $password_file.\n"
	  continue
        }
      }
    }

    # Figure out identity file to use
    set identfile [join [lindex [find identity $router] 0] ""]

    # Figure out passphrase to use
    if {[info exists avpassphrase]} {
	set passphrase $avpassphrase
    } else {
	set passphrase [join [lindex [find passphrase $router] 0] ""]
    }
    if { ! [string length "$passphrase"]} {
	set passphrase $passwd
    }

    # Figure out cypher type
    if {[info exists cypher]} {
        # command line cypher type
        set cyphertype $cypher
    } else {
        set cyphertype [find cyphertype $router]
        if { "$cyphertype" == "" } { set cyphertype "3des" }
    }

    # Figure out connection method
    set cmethod [find method $router]
    if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }

    # Figure out the SSH executable name
    set sshcmd [join [lindex [find sshcmd $router] 0] ""]
    if { "$sshcmd" == "" } { set sshcmd {ssh} }

    # Login to the router
    if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} {
	incr exitval
	continue
    }

    if { $do_command || $do_script } {
	send "terminal length 0\r"
	expect -re $prompt	{}
    }
    if { $do_command } {
	if {[run_commands $prompt $command]} {
	    incr exitval
	    continue
	}
    } elseif { $do_script } {
	source $sfile
	catch {close};
    } else {
	label $router
	log_user 1
	interact
    }

    # End of for each router
    catch {wait};
    sleep 0.3
}
exit $exitval
Attachment (qrancid): application/x-perl, 13 KiB
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Nicolas DEFFAYET | 7 Jun 13:17 2014

[rancid] Cisco SG-300 patchs

Hello,

Please find the complete files attached that I use successfully with
Rancid 2.3.8 to get config from Cisco SG-300. I have done a big rewrite
for have clean stuff and I use a csblogin instead of original clogin.

# vi /var/lib/rancid/bin/rancid-fe
---
     'cisco' => 'rancid',
+    'cisco-sb' => 'csbrancid',
     'cisco-nx' => 'nxrancid',
---

Put csblogin csbrancid
# chown root:root csblogin csbrancid
# chmod 755 csblogin csbrancid
# mv csblogin csbrancid /usr/lib/rancid/bin/

In router.db file
---
test.example.com:cisco-sb:up
---

In .cloginrc
---
add autoenable test.example.com {1}
add method test.example.com {ssh}
add password test.example.com {password}
add user test.example.com {user}
add userprompt test.example.com {"User Name:"}
---

It's a fork of (thanks to Christian for its works !):
http://chrpinedo.blogspot.fr/2012/03/cisco-small-business-sg300-backup-with.html

-- 
Nicolas DEFFAYET
#! /usr/bin/expect --
##
## $Id: csblogin.in 1 2012-06-01 17:05:00Z n $
##
## rancid 2.3.8
## Copyright (c) 1997-2011 by Terrapin Communications, Inc.
## All rights reserved.
##
## This code is derived from software contributed to and maintained by
## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan,
## Pete Whiting, Austin Schutz, and Andrew Fort.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
## 3. All advertising materials mentioning features or use of this software
##    must display the following acknowledgement:
##        This product includes software developed by Terrapin Communications,
##        Inc. and its contributors for RANCID.
## 4. Neither the name of Terrapin Communications, Inc. nor the names of its
##    contributors may be used to endorse or promote products derived from
##    this software without specific prior written permission.
## 5. It is requested that non-binding fixes and modifications be contributed
##    back to Terrapin Communications, Inc.
##
## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS
## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS
## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
# 
#  The expect login scripts were based on Erik Sherk's gwtn, by permission.
# 
# csblogin - Cisco Small Business switch login
#
# Most options are intuitive for logging into a Cisco Small Business switch.
# The default username password is the same as the vty password.
#

# Usage line
set usage "Usage: $argv0 \[-dV\] \[-c command\] \[-Evar=x\] \
\[-f cloginrc-file\] \[-p user-password\] \[-r passphrase\] \[-s script-file\] \
\[-u username\] \[-t timeout\] \[-x command-file\] \[-y ssh_cypher_type\] \
router \[router...\]\n"

# env(CLOGIN) may contain:
#	x == do not set xterm banner or name

# Password file
set password_file $env(HOME)/.cloginrc
# Default is to login to the router
set do_command 0
set do_script 0
# The default is to look in the password file to find the passwords.  This
# tracks if we receive them on the command line.
set do_passwd 1
# Sometimes routers take awhile to answer (the default is 10 sec)
set timeoutdflt 120
#
# new option to provide "login" command capabilities
set loginonly 0

# Find the user in the ENV, or use the unix userid.
if {[info exists env(CISCO_USER)]} {
    set default_user $env(CISCO_USER)
} elseif {[info exists env(USER)]} {
    set default_user $env(USER)
} elseif {[info exists env(LOGNAME)]} {
    set default_user $env(LOGNAME)
} else {
    # This uses "id" which I think is portable.  At least it has existed
    # (without options) on all machines/OSes I've been on recently -
    # unlike whoami or id -nu.
    if [catch {exec id} reason] {
	send_error "\nError: could not exec id: $reason\n"
	exit 1
    }
    regexp {\(([^)]*)} "$reason" junk default_user
}
if {[info exists env(CLOGINRC)]} {
    set password_file $env(CLOGINRC)
}

# Process the command line
for {set i 0} {$i < $argc} {incr i} {
    set arg [lindex $argv $i]

    switch  -glob -- $arg {
	# Command to run.
	-c* -
	-C* {
	    if {! [regexp .\[cC\](.+) $arg ignore command]} {
		incr i
		set command [lindex $argv $i]
	    }
	    set do_command 1
	# Expect debug mode
	} -d* {
	    exp_internal 1
	# Environment variable to pass to -s scripts
	} -E*
	{
	    if {[regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
		set E$varname $varvalue
	    } else {
		send_user "\nError: invalid format for -E in $arg\n"
		exit 1
	    }
	# alternate cloginrc file
	} -f* -
	-F* {
	    if {! [regexp .\[fF\](.+) $arg ignore password_file]} {
		incr i
		set password_file [lindex $argv $i]
	    }
	# user Password
	} -p* {
	    if {! [regexp .\[pP\](.+) $arg ignore userpasswd]} {
		incr i
		set userpasswd [lindex $argv $i]
	    }
	    set do_passwd 0
	# ssh passphrase
	} -r* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set vapassphrase [lindex $argv $i]
	    }
	# Version string
	} -V* {
	    send_user "rancid 2.3.8\n"
	    exit 0
	# Passphrase
	} -r* -
	-R* {
	    if {! [regexp .\[rR\](.+) $arg ignore passphrase]} {
		incr i
		set avpassphrase [lindex $argv $i]
	    }
	# Expect script to run.
	} -s* {
	    if {! [regexp .\[sS\](.+) $arg ignore sfile]} {
		incr i
		set sfile [lindex $argv $i]
	    }
	    if { ! [file readable $sfile] } {
		send_user "\nError: Can't read $sfile\n"
		exit 1
	    }
	    set do_script 1
	# Timeout
	} -t* {
	    if {! [regexp .\[tT\](.+) $arg ignore timeout]} {
		incr i
	        set timeoutdflt [lindex $argv $i]
	    }
	# Username
	} -u* -
	-U* {
	    if {! [regexp .\[uU\](.+) $arg ignore user]} {
		incr i
		set username [lindex $argv $i]
 	    }
	# Command file
	} -x* {
	    if {! [regexp .\[xX\](.+) $arg ignore cmd_file]} {
		incr i
		set cmd_file [lindex $argv $i]
	    }
	    if [ catch {set cmd_fd [open $cmd_file r]} reason ] {
		send_user "\nError: $reason\n"
		exit 1
	    }
	    set cmd_text [read $cmd_fd]
	    close $cmd_fd
	    set command [join [split $cmd_text \n] \;]
	    set do_command 1
	# 'ssh -c' cypher type
	} -y* -
	-Y* {
	    if {! [regexp .\[yY\](.+) $arg ignore cypher]} {
		incr i
		set cypher [lindex $argv $i]
	    }
	} -* {
	    send_user "\nError: Unknown argument! $arg\n"
	    send_user $usage
	    exit 1
	} default {
	    break
	}
    }
}
# Process routers...no routers listed is an error.
if { $i == $argc } {
    send_user "\nError: $usage"
}

# Only be quiet if we are running a script (it can log its output
# on its own)
if { $do_script } {
    log_user 0
} else {
    log_user 1
}

#
# Done configuration/variable setting.  Now run with it...
#

# Sets Xterm title if interactive...if its an xterm and the user cares
proc label { host } {
    global env
    # if CLOGIN has an 'x' in it, don't set the xterm name/banner
    if [info exists env(CLOGIN)] {
	if {[string first "x" $env(CLOGIN)] != -1} { return }
    }
    # take host from ENV(TERM)
    if [info exists env(TERM)] {
	if [regexp \^(xterm|vs) $env(TERM) ignore] {
	    send_user "\033]1;[lindex [split $host "."] 0]\a"
	    send_user "\033]2;$host\a"
	}
    }
}

# This is a helper function to make the password file easier to
# maintain.  Using this the password file has the form:
# add password sl*	pete cow
# add password at*	steve
# add password *	hanky-pie
proc add {var args} { global int_$var ; lappend int_$var $args}
proc include {args} {
    global env
    regsub -all "(^{|}$)" $args {} args
    if { [regexp "^/" $args ignore ] == 0 } {
	set args $env(HOME)/$args
    }
    source_password_file $args
}

proc find {var router} {
    upvar int_$var list
    if { [info exists list] } {
	foreach line $list {
	    if { [string match [lindex $line 0] $router] } {
		return [lrange $line 1 end]
	    }
	}
    }
    return {}
}

# Loads the password file.  Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info...  I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
    global env
    if { ! [file exists $password_file] } {
	send_user "\nError: password file ($password_file) does not exist\n"
	exit 1
    }
    file stat $password_file fileinfo
    if { [expr ($fileinfo(mode) & 007)] != 0000 } {
	send_user "\nError: $password_file must not be world readable/writable\n"
	exit 1
    }
    if [catch {source $password_file} reason ] {
	send_user "\nError: $reason\n"
	exit 1
    }
}

# Log into the router.
# returns: 0 on success, 1 on failure, -1 if rsh was used successfully
proc login { router user passwd cmethod cyphertype identfile } {
    global spawn_id in_proc do_command do_script passphrase
    global prompt sshcmd
    set in_proc 1

    # try each of the connection methods in $cmethod until one is successful
    set progs [llength $cmethod]
    foreach prog [lrange $cmethod 0 end] {
	incr progs -1
	if [string match "telnet*" $prog] {
	    regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
	    if {"$port" == ""} {
		set retval [catch {spawn telnet $router} reason]
	    } else {
		set retval [catch {spawn telnet $router $port} reason]
	    }
	    if { $retval } {
		send_user "\nError: telnet failed: $reason\n"
		return 1
	    }
	} elseif ![string compare $prog "ssh"] {
	    # ssh to the router & try to login with or without an identfile.
	    # We use two calls to spawn since spawn does not seem to parse
	    # spaces correctly.
	    if {$identfile != ""} {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user -i $identfile $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    } else {
		if [catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason] {
		    send_user "\nError: failed to $sshcmd: $reason\n"
		    return 1
		}
	    }
	} elseif ![string compare $prog "rsh"] {
	    send_error "\nError: unsupported method: rsh\n"
	    if { $progs == 0 } {
		return 1
	    }
	    continue
	} else {
	    send_user "\nError: unknown connection method: $prog\n"
	    return 1
	}
	sleep 0.3

	# This helps cleanup each expect clause.
	expect_after {
	    timeout {
		send_user "\nError: TIMEOUT reached\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    } eof {
		send_user "\nError: EOF received\n"
		catch {close}; catch {wait};
		if { $in_proc} {
		    return 1
		} else {
		    continue
		}
	    }
	}

    # Here we get a little tricky.  There are several possibilities:
    # the router can ask for a username and passwd and then
    # talk to the TACACS server to authenticate you, or if the
    # TACACS server is not working, then it will use the enable
    # passwd.  Or, the router might not have TACACS turned on,
    # then it will just send the passwd.
    # if telnet fails with connection refused, try ssh
    expect {
	-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection Refused ($prog): $router\n"
		return 1
	    }
	}
	-re "(Connection closed by|Connection to \[^\n\r]+ closed)" {
	    catch {close}; catch {wait};
	    if !$progs {
		send_user "\nError: Connection closed ($prog): $router\n"
		return 1
	    }
	}
	eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 }
	-nocase "unknown host\r" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"Host is unreachable" {
	    send_user "\nError: Host Unreachable: $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	"No address associated with name" {
	    send_user "\nError: Unknown host $router\n";
	    catch {close}; catch {wait};
	    return 1
	}
	-re "(Host key not found |The authenticity of host .* be established).* \\(yes/no\\)\\?" {
	    send "yes\r"
	    send_user "\nHost $router added to the list of known hosts.\n"
	    exp_continue
	}
	-re "HOST IDENTIFICATION HAS CHANGED.* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
	-re "HOST IDENTIFICATION HAS CHANGED\[^\n\r]+" {
	    send_user "\nError: The host key for $router has changed.  Update the SSH known_hosts file accordingly.\n"
	    return 1
	}
	-re "Offending key for .* \\(yes/no\\)\\?" {
	    send "no\r"
	    send_user "\nError: host key mismatch for $router.  Update the SSH known_hosts file accordingly.\n"
	    catch {close}; catch {wait};
	    return 1
	}
	"Login Screen"	{
				  send "$user\t$passwd\r"
				  exp_continue
				}
	"Switch Main Menu"	{
				  # send Ctrl+Z
				  sleep 1; send "send \032"
				  exp_continue
				}
	">"			{
				  send "lcli\r"
				  exp_continue
				}
	-re "User Name:$"	{
				  send "$user\r"
				  exp_continue
				}
	-re "Password:$"	{
				  send "$passwd\r"
				  exp_continue
				}

	-re "$prompt"		{
				  break;
				}
	denied			{
				  send_user "\nError: Check your passwd for $router\n"
				  catch {close}; catch {wait}; return 1
				}
     }
    }

    set in_proc 0
    return 0
}

# Run commands given on the command line.
proc run_commands { prompt command } {
    global in_proc
    set in_proc 1

    send "terminal datadump\r"
    expect -re $prompt	{}

    set commands [split $command \;]
    set num_commands [llength $commands]

    for {set i 0} {$i < $num_commands} { incr i} {
	send -- "[lindex $commands $i]\r"
	expect {
		-re "^\[^\n\r *]*$prompt *$"	{}
		-re "^\[^\n\r]*$prompt."	{ exp_continue }
		-re "(\r\n|\n)"			{ exp_continue }
	}
    }

    send "exit\r\n"
    expect {
	"\n"					{ exp_continue }
	timeout					{ catch {close}; catch {wait};
						  return 0
						}
	eof					{ return 0 }
    }
    set in_proc 0
}

#
# For each router... (this is main loop)
#
source_password_file $password_file
set in_proc 0
set exitval 0
foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find timeout $router]
    if { [llength $timeout] == 0 } {
	set timeout $timeoutdflt
    }

    # Default prompt.
    set prompt "#"

    # Figure out username
    if {[info exists username]} {
      # command line username
      set loginname $username
    } else {
      set loginname [join [find user $router] ""]
      if { "$loginname" == "" } { set loginname $default_user }
    }

    # Figure out loginname's password (if different from the vty password)
    if {[info exists userpasswd]} {
      # command line passwd
      set passwd $userpasswd
    } else {
      set passwd [join [lindex [find userpassword $router] 0] ""]
      if { "$passwd" == "" } {
        set passwd [join [lindex [find password $router] 0] ""]
        if { "$passwd" == "" } {
	  send_user "\nError: no password for $router in $password_file.\n"
	  continue
        }
      }
    }

    # Figure out identity file to use
    set identfile [join [lindex [find identity $router] 0] ""]

    # Figure out passphrase to use
    if {[info exists avpassphrase]} {
	set passphrase $avpassphrase
    } else {
	set passphrase [join [lindex [find passphrase $router] 0] ""]
    }
    if { ! [string length "$passphrase"]} {
	set passphrase $passwd
    }

    # Figure out cypher type
    if {[info exists cypher]} {
        # command line cypher type
        set cyphertype $cypher
    } else {
        set cyphertype [find cyphertype $router]
        if { "$cyphertype" == "" } { set cyphertype "3des" }
    }

    # Figure out connection method
    set cmethod [find method $router]
    if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} }

    # Figure out the SSH executable name
    set sshcmd [join [lindex [find sshcmd $router] 0] ""]
    if { "$sshcmd" == "" } { set sshcmd {ssh} }

    # Login to the router
    if {[login $router $loginname $passwd $cmethod $cyphertype $identfile]} {
	incr exitval
	continue
    }

    if { $do_command } {
	if {[run_commands $prompt $command]} {
	    incr exitval
	    continue
	}
    } elseif { $do_script } {
	send "terminal datadump\r"
	expect -re $prompt	{}
	source $sfile
	catch {close};
    } else {
	label $router
	log_user 1
	interact
    }

    # End of for each router
    catch {wait};
    sleep 0.3
}
exit $exitval
Attachment (csbrancid): application/x-perl, 12 KiB
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Alan McKinnon | 7 Jun 01:30 2014
Picon

[rancid] [PATCH]

I may have posted this one already. If so, apologies for the dupe.

ACL sorting fails for ipv6 addresses as ipaddrval() always returns false
for these so sorting never happens. Rancid output is then always
whatever order the router presented leading to chatter and noisy diffs.

The simplest solution is to sort ipv6 addresses ASCIIbetically so they
always sort predictably. The only oddity is :: comes after digits 0-9
and before A-F. Aside from that, the order is as expected by hex numbers.

This is much easier than writing an ipv6 sort routine from scratch as
rancid uses no perl user modules.

--- rancid.old  2014-05-16 01:07:20.000000000 +0200
+++ rancid      2014-06-04 01:47:20.000000000 +0200
 <at>  <at>  -168,7 +186,8  <at>  <at> 
     $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0]));
 }
 sub sortbyipaddr {
-    &ipaddrval($a) <=> &ipaddrval($b);
+    &ipaddrval($a) <=> &ipaddrval($b) ||
+    $a cmp $b;
 }

 # This routine parses "show version"
 <at>  <at>  -1874,7 +1898,7  <at>  <at> 
        # order arp lists
        /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ &&
            ProcessHistory("ARP","$aclsort","$1","$_") && next;
-       /^ip(v6)?
prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\S+)(\/.*)$/
+       /^ip(v4|v6)?
prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\S+)(\/.*)$/
            && ProcessHistory("PACL $2 $4","$aclsort","$5",
                              "ip$1 prefix-list $2 $4 $5$6\n")
            && next;

--

-- 
Alan McKinnon
alan.mckinnon <at> gmail.com

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Alan McKinnon | 7 Jun 01:09 2014
Picon

[rancid] [PATCH] Reduce chatter about file sizes in nvram.

Hi,

I got tired of endless noise mails with diffs like this:

- !Flash: nvram:  1692  -rw-      356089                    <no date>
startup-config
+ !Flash: nvram:  1692  -rw-      356257                    <no date>
startup-config
- !Flash: nvram: 2093048 bytes total (1636661 bytes free)
+ !Flash: nvram: 2093048 bytes total (1636493 bytes free)

So I wrote the below to deal with it.
Rationale: I don't care to know that the file increased by 168 bytes,
all I want to know is if the file was created or deleted and it's
approximate size. I'd also like to know if the size changed dramatically
eg 100K to 10M.
The patch transforms the size to the nearest SI unit and truncates it to
an integer, like so:

!Flash: nvram:  1691  -rw-       347KB                    <no date>
startup-config
!Flash: disk0:        1MB bytes total (       1MB bytes free)

The diff is against 2.3.8 and I have similar ones for nxrancid and
xrrancid. Also gsrrancid but that's my own creation for GSRs and not in
the source tarballs.

--- rancid.old  2014-05-16 01:07:20.000000000 +0200
+++ rancid      2014-06-04 01:47:20.000000000 +0200
 <at>  <at>  -95,6 +95,24  <at>  <at> 
     1;
 }

+# Transform filesizes into integral SI units (eg 123456 => 120KB)
+sub numtosi {
+    my $num = $_[0];
+    my $len = length($_[0]);
+    if ($num >= (1024 * 1024 * 1024)) {
+        $num = int($num / (1024 * 1024 * 1024));
+        return sprintf("%$len"."s", "$num"."GB");
+    } elsif ($num >= (1024 * 1024 )) {
+        $num = int($num / (1024 * 1024));
+        return sprintf("%$len"."s", "$num"."MB");
+    } elsif ($num >= (1024 )) {
+        $num = int($num / (1024));
+        return sprintf("%$len"."s", "$num"."KB");
+    } else {
+        return $num;
+    }
+}
+
 sub numerically { $a <=> $b; }

 # This is a sort routine that will sort numerically on the
 <at>  <at>  -717,6 +736,14  <at>  <at> 
        # Filter dhcp database
        next if (/dhcp_[^. ]*\.txt/);

+        # Transform file sizes in file listing to SI units
+        if (/^(\s*?\d+\s+[rwx-]{4}\s+)(\d+)(.*)/) {
+            $_ = "$1" . numtosi($2) . "$3\n";
+        }
+       if (/^(\s*?)(\d+) bytes total \((\d+) bytes free\)$/) {
+           $_ = $1 . numtosi($2) . " bytes total (" . numtosi($3) . "
bytes free)\n";
+       }
+
        /\s+(multiple-fs|nv_hdr|vlan\.dat)$/ && next;
        ProcessHistory("FLASH","","","!Flash: $_");
     }
 <at>  <at>  -762,22 +789,19  <at>  <at> 
        # Filter dhcp database
        next if (/dhcp_[^. ]*\.txt/);

-       if ($ios eq "XE" && /.*\((\d+) bytes free\)/) {
-           my($tmp) = $1;
-           if ($tmp >= (1024 * 1024 * 1024)) {
-               $tmp = int($tmp / (1024 * 1024 * 1024));
-               s/$1 bytes free/$tmp GB free/;
-           } else {
-               $tmp = int($tmp / (1024 * 1024));
-               s/$1 bytes free/$tmp MB free/;
-           }
-       }
        if ($ios eq "XE" && /^((\s+)?\d+\s+\S+)\s+\d+.*(tracelogs$)/) {
            $_ = "$1" . sprintf("%43s", "") . "$3\n";
        }
        if ($ios eq "IOS" && /^((\s+)?\d+\s+\S+)\s+\d+.*(sflog$)/) {
            $_ = "$1" . sprintf("%43s", "") . "$3\n";
        }
+        # Transform file sizes in file listing to SI units
+        if (/^(\s*?\d+\s+[rwx-]{4}\s+)(\d+)(.*)/) {
+            $_ = "$1" . numtosi($2) . "$3\n";
+        }
+       if (/^(\s*?)(\d+) bytes total \((\d+) bytes free\)$/) {
+           $_ = $1 . numtosi($2) . " bytes total (" . numtosi($3) . "
bytes free)\n";
+       }
        # the pager can not be disabled per-session on the PIX
        if (/^(<-+ More -+>)/) {
            my($len) = length($1);

--

-- 
Alan McKinnon
alan.mckinnon <at> gmail.com

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss


Gmane