From the CRON file you shared, it looks like you’re executing this in the crontab in /etc? I find it more reliable to execute system management tasks there (logrotate; updatedb; and so forth), but for rancid’s environment to be setup correctly when using rancid’s personal CRON file. “sudo su - rancid ; crontab -e”
Just remember that in a user’s crontab you don’t need to specify the user. [signature_1593189312] Weylin Piegorsch | Manager, Network Engineering Boston University Information Services & Technology [email protected]<mailto:[email protected]> | 617.353.8128 | bu.edu/tech<http://www.bu.edu/tech> Listen. Learn. Lead. From: Lucian-Ionut Lepadatu <[email protected]> Sent: Wednesday, July 26, 2023 9:47 AM To: [email protected] Subject: [rancid] rancid-run doesn't work from cron for panorama but works manually Hello, I am trying to make rancid pull the configs from a pair of Palo Alto Panorama devices. I've installed it on an Alma Linux 9 box with the default package from epel (rancid.x86_64 3.13-7.el9). I have in router.db a list of Palo Alto firewalls and a pair of Panorama devices. Login to all devices works. If I login with the rancid user and run rancid-run from the shell ([rancid@rancidbox ~]$ /usr/libexec/rancid/rancid-run) it gets the config for all devices. If I login as root and run rancid run as the rancid user ("[rancid@rancidbox ~]# sudo -u rancid /usr/libexec/rancid/rancid-run") it also works for all devices. But if I try to run it from cron as the user rancid, it works for the firewalls but not for panorama. The cron entry looks like this: SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/var/rancid 0 */8 * * * rancid /usr/libexec/rancid/rancid-run In the rancid logs I see: missed cmd(s): all commands End of run not found panlogin error: Error: TIMEOUT reached I've managed to capture the .raw and .new files for a panorama device when rancid-run was executed from cron and looks like it connects to the device but it gets stuck: [rancid@rancidbox ~]$ cat network-devices/configs/panorama_hostname.internal.domain.raw panorama_hostname.internal.domain spawn ssh -x -l rancid_login_user panorama_hostname.internal.domain ************************************************************************* * * * WARNING! Access to this device is restricted * * to those individuals with specific * * permissions. If you are not an authorized user * * disconnect now. * * * * Any attempts to gain unauthorized access * * will be prosecuted to the fullest * * extent of the law. * * * ************************************************************************* (rancid_login_user@panorama_hostname.internal.domain<mailto:rancid_login_user@panorama_hostname.internal.domain>) Password: Last login: Wed Jul 26 11:51:59 2023 from IP.XXX.YYY.ZZZ No entry for terminal type "network"; using dumb terminal settings. Number of failed attempts since last successful login: 0 rancid_login_user@panorama_hostname.internal.domain(primary-active)<mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)>> rancid_login_user@panorama_hostname.internal.domain(primary-active)<mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set rancid_login_user@panorama_hostname.internal.domain(primary-active)<mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set cli rancid_login_user@panorama_hostname.internal.domain(primary-active)<mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set cli scripting -mode rancid_login_user@panorama_hostname.internal.domain(primary-active)<mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set cli scripting -mode on rancid_login_user@panorama_hostname.internal.domain(primary-active)<mailto:rancid_login_user@panorama_hostname.internal.domain(primary-active)>> [rancid@rancidbox ~]$ [rancid@rancidbox ~]$ cat network-devices/configs/panorama_hostname.internal.domain.new #RANCID-CONTENT-TYPE: paloalto # If I try to run run rancid instead of rancid-run from cron for panorama it works (needs a PATH added to be able to find the panlogin script but other than that it succeeds) PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/usr/libexec/rancid/:/usr/share/perl5/vendor_perl/rancid 08 10 * * * rancid /usr/libexec/rancid/rancid -t paloalto -d panorama_hostname.internal.domain I've also got a dump of all environment variables for the rancid user and put it in cron but same as before: rancid-run always fails for panorama but works for the firewalls. (it has the same content in the .raw file every time) I was thinking that since invoking rancid from cron works but rancid-run fails, it might have something to do with how control_rancid or rancid-fe invokes rancid but couldn't see anything obvious in those scripts that might cause this behaviour. I am not sure what exactly fails. I appreciate any pointers you might have. Thanks, Lucian Lepadatu
_______________________________________________ Rancid-discuss mailing list [email protected] https://www.shrubbery.net/mailman/listinfo/rancid-discuss
