Chris Davis | 30 Mar 16:18 2016

[rancid] Upgrading to 3.4

I was hoping to upgrade to 3.4 but have run into a series of problems.  Wondering how others moved past this. 

 

Initially, I was running 2.38 on Centos 5.  I tried to in place upgrade and ran into a socket library problem.  Saw that the version of the socket library in Centos 7 was compatible, so then began to focus on installing that on my hardware.  Unfortunately, the controller driver appears to be no longer supported.  So, then I started focusing on a VM for my Rancid server.  Got it all set up and installed on a Hyper-V host.  And while the networking worked during the install, apparently the network drivers aren’t right on the virtual disk and none of the networking works once I boot off the virtual HD.  So, has anyone set up Rancid 3.4/Centos 7 on a hyper V host?  Or have any other ideas to try? 

Thanks.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Jeffrey d'Ambly | 29 Mar 22:52 2016

Re: [rancid] Rancid with an F5

Here is the output, am I using the wrong version of f5rancid?


[rancid <at> sjc-corp-net01 configs]$ eval `/usr/libexec/rancid/f5rancid -C
sjc-lb01`
sjc-lb01
spawn ssh -i /var/rancid/.ssh/id_dsa -c 3des -x -l admin sjc-lb01
Warning: Identity file /var/rancid/.ssh/id_dsa not accessible: No such
file or directory.
Password:
Last login: Tue Mar 29 11:04:48 2016 from 192.168.201.51
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal length
0
Syntax Error: unexpected argument "terminal"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# terminal width
132
Syntax Error: unexpected argument "terminal"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#  bigpipe version
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe platform
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# cat
/config/bigip.license
Syntax Error: unexpected argument "cat"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe monitor
list all
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe profile
list
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe base
list
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe db show
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe route
static show
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time
--color=never /config/ssl/ssl.crt
Syntax Error: unexpected argument "ls"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# ls --full-time
--color=never /config/ssl/ssl.key
Syntax Error: unexpected argument "ls"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# bigpipe list
Syntax Error: unexpected argument "bigpipe"
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session
admin <at> (sjc-lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
^C[rancid <at> sjc-corp-net01 configs]$



On 3/29/16, 1:45 PM, "heasley" <heas <at> shrubbery.net> wrote:

>Tue, Mar 29, 2016 at 08:04:28PM +0000, Jeffrey d'Ambly:
>> So that would mean the commands are not working, how do I troubleshoot
>> that?
>
>yes, i expect so.  you will need to run the commands to check for
>yourself.
>like
>eval `f5rancid -C hostname`
>
>> ‹Jeff
>> 
>> On 3/29/16, 11:33 AM, "heasley" <heas <at> shrubbery.net> wrote:
>> 
>> >Tue, Mar 29, 2016 at 05:31:06PM +0000, Jeffrey d'Ambly:
>> >> 
>> >> I¹m having some issues getting rancid working with my F5 load
>>balancers.
>> >> 
>> >> Here is what my routers.db looks like
>> >> 
>> >> [root <at> sjc-corp-net01 observium]# cat router.db | grep lb
>> >> atl-lb01;f5;up
>> >> atl-lb02;f5;up
>> >> gz-lb01;f5;up
>> >> gz-lb02;f5;up
>> >> jed-lb01;f5;up
>> >> jed-lb02;f5;up
>> >> nj-lb01;f5;up
>> >> nj-lb02;f5;up
>> >> phx-lb01;f5;up
>> >> phx-lb02;f5;up
>> >> ryd-lb01;f5;up
>> >> ryd-lb02;f5;up
>> >> sjc-lb01;f5;up
>> >> sjc-lb02;f5;up
>> >> [root <at> sjc-corp-net01 observium]#
>> >> 
>> >> When I run rancid I get the following
>> >> 
>> >> [root <at> sjc-corp-net01 rancid]# cat observium.20160329.101355
>> >> starting: Tue Mar 29 10:13:55 PDT 2016
>> >> 
>> >> 
>> >> 
>> >> Trying to get all of the configs.
>> >> ERROR: sjc-lb01 configuration appears truncated.
>> >> 
>> >> Is this because I have partitions configured on my f5, and if so how
>>do
>> >>I resolve this?
>> >
>> >it does so if receives less than 3 lines of configuration.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Jeffrey d'Ambly | 29 Mar 19:31 2016

[rancid] Rancid with an F5


I’m having some issues getting rancid working with my F5 load balancers.

Here is what my routers.db looks like

[root <at> sjc-corp-net01 observium]# cat router.db | grep lb
atl-lb01;f5;up
atl-lb02;f5;up
gz-lb01;f5;up
gz-lb02;f5;up
jed-lb01;f5;up
jed-lb02;f5;up
nj-lb01;f5;up
nj-lb02;f5;up
phx-lb01;f5;up
phx-lb02;f5;up
ryd-lb01;f5;up
ryd-lb02;f5;up
sjc-lb01;f5;up
sjc-lb02;f5;up
[root <at> sjc-corp-net01 observium]#

When I run rancid I get the following

[root <at> sjc-corp-net01 rancid]# cat observium.20160329.101355
starting: Tue Mar 29 10:13:55 PDT 2016



Trying to get all of the configs.
ERROR: sjc-lb01 configuration appears truncated.

Is this because I have partitions configured on my f5, and if so how do I resolve this?

—Jeff
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Daniel Jacobs | 28 Mar 23:12 2016

[rancid] fnrancid not getting full configs for fortigates

We have a couple of fortigate devices that we want to incorporate into
our rancid backups. The config file that rancid is ending up with from
the "show full-configuration" command is around 8800 lines and is
missing all of the ipsec and bgp configuration sections as well as
other areas. The full configuration I see when I ssh into the firewall
and run "show full-configuration" and the config I get from
downloading a backup through the gui are both close to 30,000 lines
and have the ipsec and bgp configuration sections.

The version of fnrancid I'm running is from 2015-01-11, and is the
latest one I found. And I'm running rancid 3.2, but the changelogs
didn't indicate anything that seemed relevant to my issue.

Has anyone else run into this? Any suggestions?

--

-- 
Daniel Jacobs
Senior IT Admin

Door to Door Organics
p: 303.620.5440
DoorToDoorOrganics.com
Facebook • Twitter • Instagram • Pinterest

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
nachofw | 24 Mar 15:58 2016
Picon
Picon

[rancid] High cpu on large configs

Hi, some of the devices i backup contain more than 10k config lines, specifically a cisco asa. This causes high cpu when a backup is done. How can i set a "sleep 1" in the clogin script so that when the line "<--- More --->" gets hit it whaits 1 second before continuing.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
nachofw | 21 Mar 18:06 2016
Picon
Picon

[rancid] Cisco - who made change

Hi, i wanted to make a suggestion.
When someone makes a change in a cisco router to take into account the line "last configuration change at *** by user ***".
But only make a new version if the config chaged, and send in the mail with the diff and the user that made the change.
I know some people dont agree that this is the best way. Still can this feature be optional?
Regards
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Lee | 16 Mar 16:32 2016
Picon

[rancid] cosmetic error in configure for rancid 3.4.1?

I don't know if this is a cygwin specific issue or it's an error msg
everybody gets that can be safely ignored, but it looks like this line
in configure

ENV_PATH="$ENV_PATH:`dirname $DIRNAME`:`dirname $DIFF`:`dirname $MKTEMP`"

should be using $MKTEMP_PATH instead of $MKTEMP

MKTEMP isn't getting set in configure -- at least on cygwin.  But it's
a non-issue since the mktemp program is in /usr/bin which gets added
to the path anyway because perl, expect, etc. are all in /usr/bin

relevant bit from ./configure output:

checking for perl... /usr/bin/perl
checking Socket.pm version... checking for expect... /usr/bin/expect
checking for mktemp... /usr/bin/mktemp
checking for ping... /cygdrive/c/windows/system32/ping.exe
dirname: missing operand
Try 'dirname --help' for more information.

I added some echo commands to configure & reran:
checking for ping... /cygdrive/c/windows/system32/ping.exe
PERLV_PATH : /usr/bin/perl
EXPECT_PATH: /usr/bin/expect
SENDMAIL   :
DIRNAME    : /usr/bin/dirname
DIFF       : /usr/bin/diff
MKTEMP     :
MKTEMP_PATH: /usr/bin/mktemp
ENV_PATH   : /usr/bin:/usr/bin:.
dirname: missing operand
Try 'dirname --help' for more information.
ENV_PATH   : /usr/bin:/usr/bin:.:/usr/bin:/usr/bin:

So the problem is
$ dirname $MKTEMP
dirname: missing operand
Try 'dirname --help' for more information.

Should MKTEMP be getting set in configure?   I can't tell, but it
seems like the easy fix would be to use $MKTEMP_PATH instead of
$MKTEMP

Thanks,
Lee

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Gerhard Mourani | 11 Mar 16:30 2016
Picon

[rancid] set password ENC

Hello List,

I’m still having problem with diff related to "set password ENC” that come again and again.
Fortigate version is v5.2.6,build711.
Rancid version is 3.2

Here an example of the line I would like to remove:

set password ENC AGPgQlrTRxOmZuUjKSSGaBqav+OG08kYtIUGTrVg7YNWv8Kz96DI/02XCUISGqEOncyp4mWxfx5AfZO9RZ2Xi+EJO00sJGlgJaeYZ47l2CDXISwum0INicQ2AETplkrzPglVsd78zWlogFtf4AQXxMbrYU+wCaTElsvc2G0eqftKCjOLEhl3vsSBmEPODPNKyjycXg==

Gerhard,
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
David Ahrens | 10 Mar 18:45 2016

[rancid] Cisco Nexus

Hi,

 

I’m trying to use rancid 3.2 to backup the configs of a Cisco Nexus.

 

Here’s the version info for the Cisco Nexus:

Software

  BIOS: version 08.06

  NXOS: version 6.1(2)I2(2b)

  BIOS compile time:  09/10/2014

  NXOS image file is: bootflash:///n9000-dk9.6.1.2.I2.2b.bin

  NXOS compile time:  8/7/2014 17:00:00 [08/08/2014 00:10:31]

 

 

Hardware

  cisco Nexus9000 C9504 (4 Slot) Chassis ("Supervisor Module")

  Intel(R) Xeon(R) CPU E5-2403 with 16402456 kB of memory.

  Processor Board ID SAL18485EX1

 

I’m able to login to the switch using clogin.  Here’s my .cloginrc

### FTL Colo Cisco Nexus switches

#

#

###

       add method * {ssh}

       add autoenable MIA2-ESW* {1}

       add user MIA2-ESW* {<removed>}

       add password MIA2-ESW* { <removed>}

 

Here’s the log file (it’s the same for rounds 1..4):

=====================================

Getting missed routers: round 4.

mia2-esw0008-1_supa: missed cmd(s): show module,dir usb1:,dir debug:,show debug,show cores vdc-all,show vtp status,show module xbar,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,show module fex,show processes log vdc-all,dir logflash:,show fex,show running-config

mia2-esw0008-1_supa: End of run not found

!

 

 

When I login to the Cisco-nexus using clogin,  I’m able to manually enter these commands at the prompt.

 

Thanks,
David

 

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Shawn McKee | 10 Mar 13:57 2016
Picon

[rancid] Rancid support for Mellanox switches?

Hi Everyone,

I have poked around but haven't found any mention of Rancid support for Mellanox switches.   I am particularly interested in running Rancid on a new SN2700  (http://www.mellanox.com/page/products_dyn?product_family=217& )

I can clogin to the switch but gathering its config fails.    I assume I would be more successful starting from a "mlxlogin" if someone has created one.

Thanks for any pointers,

Shawn McKee / University of Michigan Physics

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Samir Meftahi | 10 Mar 13:08 2016
Picon

[rancid] Clogin not sending username

Hi,

I tested my clogin file with below, and it works fine when AAA is removed from node abd I have local user configured on cisco router.

add method rtr-* {telnet}
add user rtr-* {user}
add password rtr-* {pass} {enapass}
add autoenable dk-* 0

But when I use AAA, and below file...clogin does not seem to send username...and session times out. 
If I type username, I don't get prompted for password. 

add method rtr-* {telnet}
add user rtr-* {AAAuser}
add password rtr-* {AAApass} 
add autoenable dk-* 1

This setup has worked fine until recent tacacs changes, where enable password was no longer needed. I assumed changing 0 to 1 would be enough.
I can telnet to nodes using the credentials.

Any help appreciated !

/Sam
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Gmane