Indeed, the cron file that I've shared previously was the default one from the rpm /etc/cron.d/rancid. I've already tried the rancid user specific crontab but that behaves exactly the same. Given the format of the output from the .raw file (*set cli scripting**-mode on* for example is not on a single line), maybe rancid is having trouble parsing the output; I've tried adjusting the TERM and COLUMNS env vars and even changed the hostname to something very short but without success. That's what's been puzzling me: on one hand it looks like an env issue but on the other even when run from the rancid user's crontab it still does not work and I cannot pinpoint what exactly fails.
Thanks, Lucian Lepadatu On Thu, Jul 27, 2023 at 6:02 AM Piegorsch, Weylin William <[email protected]> wrote: > From the CRON file you shared, it looks like you’re executing this in the > crontab in /etc? I find it more reliable to execute system management > tasks there (logrotate; updatedb; and so forth), but for rancid’s > environment to be setup correctly when using rancid’s personal CRON file. > > “sudo su - rancid ; crontab -e” > > > > Just remember that in a user’s crontab you don’t need to specify the user. > > > > > > > > > > > > [image: signature_1593189312] > > > > *Weylin Piegorsch *| Manager, Network Engineering > > Boston University Information Services & Technology > [email protected] | 617.353.8128 | bu.edu/tech <http://www.bu.edu/tech> > > *Listen. Learn. Lead.* > > > > > > > > > > *From:* Lucian-Ionut Lepadatu <[email protected]> > *Sent:* Wednesday, July 26, 2023 9:47 AM > *To:* [email protected] > *Subject:* [rancid] rancid-run doesn't work from cron for panorama but > works manually > > > > Hello, > > I am trying to make rancid pull the configs from a pair of Palo Alto > Panorama devices. > > I've installed it on an Alma Linux 9 box with the default package from > epel (rancid.x86_64 3.13-7.el9). > I have in router.db a list of Palo Alto firewalls and a pair of Panorama > devices. Login to all devices works. > > If I login with the rancid user and run rancid-run from the shell > ([rancid@rancidbox ~]$ /usr/libexec/rancid/rancid-run) it gets the config > for all devices. > If I login as root and run rancid run as the rancid user > ("[rancid@rancidbox ~]# sudo -u rancid /usr/libexec/rancid/rancid-run") > it also works for all devices. > > But if I try to run it from cron as the user rancid, it works for the > firewalls but not for panorama. > > > The cron entry looks like this: > > > > > > > *SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root > HOME=/var/rancid 0 */8 * * * rancid /usr/libexec/rancid/rancid-run* > > In the rancid logs I see: > > > *missed cmd(s): all commands End of run not found panlogin error: Error: > TIMEOUT reached* > > I've managed to capture the .raw and .new files for a panorama device when > rancid-run was executed from cron and looks like it connects to the device > but it gets stuck: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *[rancid@rancidbox ~]$ cat > network-devices/configs/panorama_hostname.internal.domain.raw > panorama_hostname.internal.domain spawn ssh -x -l rancid_login_user > panorama_hostname.internal.domain > ************************************************************************* > * * > * WARNING! Access to this device is restricted * > * to those individuals with specific * > * permissions. If you are not an authorized user * > * disconnect now. * > * * > * Any attempts to gain unauthorized access * > * will be prosecuted to the fullest * > * extent of the law. * > * * > ************************************************************************* > (rancid_login_user@panorama_hostname.internal.domain > <rancid_login_user@panorama_hostname.internal.domain>) Password: Last > login: Wed Jul 26 11:51:59 2023 from IP.XXX.YYY.ZZZ No entry for terminal > type "network"; using dumb terminal settings. Number of failed attempts > since last successful login: 0 > rancid_login_user@panorama_hostname.internal.domain(primary-active) > <rancid_login_user@panorama_hostname.internal.domain(primary-active)>> > rancid_login_user@panorama_hostname.internal.domain(primary-active) > <rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set > rancid_login_user@panorama_hostname.internal.domain(primary-active) > <rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set > cli rancid_login_user@panorama_hostname.internal.domain(primary-active) > <rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set > cli scripting -mode > rancid_login_user@panorama_hostname.internal.domain(primary-active) > <rancid_login_user@panorama_hostname.internal.domain(primary-active)>> set > cli scripting -mode on > rancid_login_user@panorama_hostname.internal.domain(primary-active) > <rancid_login_user@panorama_hostname.internal.domain(primary-active)>> > [rancid@rancidbox ~]$ [rancid@rancidbox ~]$ cat > network-devices/configs/panorama_hostname.internal.domain.new > #RANCID-CONTENT-TYPE: paloalto #* > > > > If I try to run run rancid instead of rancid-run from cron for panorama it > works (needs a PATH added to be able to find the panlogin script but other > than that it succeeds) > > > *PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/usr/libexec/rancid/:/usr/share/perl5/vendor_perl/rancid* > > *08 10 * * * rancid /usr/libexec/rancid/rancid -t paloalto > -d panorama_hostname.internal.domain* > > > > I've also got a dump of all environment variables for the rancid user and > put it in cron but same as before: rancid-run always fails for panorama but > works for the firewalls. (it has the same content in the .raw file every > time) > > I was thinking that since invoking rancid from cron works but rancid-run > fails, it might have something to do with how control_rancid or rancid-fe > invokes rancid but couldn't see anything obvious in those scripts > that might cause this behaviour. > > I am not sure what exactly fails. I appreciate any pointers you might have. > > Thanks, > Lucian Lepadatu > >
_______________________________________________ Rancid-discuss mailing list [email protected] https://www.shrubbery.net/mailman/listinfo/rancid-discuss
