Re: [rancid] Rancid - keep backup/config files/SVN revisions no older than X days

2020-01-17 Thread john heasley 
Fri, Jan 17, 2020 at 09:47:56AM -0800, Dragan Vucanovic:
> I'm new to Rancid, just started playing with it.
> 
> Is somehow possible, when newer config file of same device exist, to keep 
> only newest version, or it's already configured by default ? 

not really - saving the config history is part of the majick.  one (you)
could write a script to periodically look at the CVS or SVN history and
delete all revisions besides the latest.  this would not work with git,
afaik.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Aruba 2930M

2019-12-22 Thread john heasley 
Sat, Dec 21, 2019 at 08:30:39AM +1100, Dale Shaw:
> On Thu, 19 Dec 2019 at 1:02 am, Guisepp Rodriguez 
> > What version of Rancid I need? I use rancid 3.7 and for Aruba 2930M I use
> > hlogin, hrancid. This is the output error:
> >
> > [rancid@rancid rancid]$ ./bin/hrancid -t hp -d xx.xx.xx.xx
> > executing hlogin -t 90 -c"show version;show flash;show
> > system-information;show system information;show module;show stack;show tech
> > transceivers;show config files;show config status;write term" xx.xx.xx.xx
> > sh: hlogin: command not found
> >
> 
> ^^ do you have a $PATH environment variable problem? It seems hrancid can’t
> execute hlogin. From memory, this can be set in rancid.conf.

To clarify; the scripts inherit PATH from their parent, expect rancid-run and
control_rancid which include rancid.conf.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] git vs svn

2019-12-14 Thread john heasley 
Sat, Dec 14, 2019 at 01:20:37PM +, Wayne Eisenberg:
> I'm considering changing over to git from svn for my rancid version control. 
> A brief Google search seems to show that converting from one to the other is 
> not terribly difficult. (So I don't have to lose my history.)
> 
> For those who are using git with rancid, what has the experience been like? 
> Worth doing? Stay with SVN? Doesn't really matter?

I use all three - IMO, religion.  git is slightly easier to implement a remote
copy of the repo.  both are much faster than cvs.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme EXOS switches - what model?

2019-12-03 Thread john heasley 
Tue, Dec 03, 2019 at 08:49:12PM +, Adam Thompson:
> I’m somewhat confused here; I have some Extreme X620 switches (that’s the 
> Summit / EX-OS line) that I’m trying to add into RANCID.
> However, my v3.9 installation, upon seeing “extreme” in router.db, still 
> tries to run the “enable” command after logging in, which is wrong – VERY 
> wrong, and tells me the wrong device type in is use.
> Yet when I manually run “xlogin” to one of these devices, it still fails 
> because it treats it like a Cisco-ish device, not like an EXOS device.
> 
> What device type am I supposed to put in router.db?  Why doesn’t xlogin 
> successfully log in??
> 
> I feel like I’m missing something here…

clogin(5)
...
CAVEATS
...
   The Extreme is supported by clogin, but it has no concept of an
   "enabled" privilege level.  You must set autoenable for these devices
   in your .cloginrc.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Merge OpenGear vendor-provided rancid scripts with official RANCID release for future?

2019-11-26 Thread john heasley 
Tue, Nov 26, 2019 at 08:53:02PM +, Ni Ne:
> OpenGear has published rancid and login files that work with their console 
> servers.
> 
> The page describing it is here:
> 
> https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support
> 
> The direct link to their code is:
> 
> https://opengear.zendesk.com/hc/en-us/article_attachments/209925523/opengear-rancid-v2.1.zip
> 
> I just implemented their scripts, replacing very old custom hack-jobs I put 
> together years ago, using some other existing login scripts as a base. Their 
> scripts handle the prompts better than my legacy code.
> 
> I have successfully tested their code on ~150 OpenGear console servers of 
> various models (IM7200, IM4xxx, CMx) and on various software versions - 3.16 
> through 4.5
> 
> There are some tweaks I made, like running their show version code first. And 
> that line is not commented out in the resulting output file. But beyond that, 
> it works fine.
> 
> Would it be possible for their code to be reviewed and merged with official 
> rancid source for easier future use?
> 

sure.  I've asked them for permission.

It will have to be brought up to date with the current code and I will need
your (and/or other's) help to test those changes.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Cisco 3650 IOS-XE active VLAN port state changes

2019-11-25 Thread john heasley 
Sat, Nov 23, 2019 at 09:50:06PM +, Piegorsch, Weylin William:
> You can also develop a custom type that doesn't call "show vlan".

please do this, rather than change ios.pm.  This makes it easier for you
to upgrade rancid, both of which i prefer because it is easier to support
you.

> Also, I've had this occur twice in the past.
> - One time was happening campus-wide. I dug into it hard, and after a good 
> amount of effort found out there was something actually happening based on a 
> misunderstanding I had about native VLANs work in IOS.  In other words: (a) I 
> learned something, and (b) I found I had an actual misconfiguration.
> - The other time it turned out that there was a hardware fault on the ASIC 
> (we're actually still using that particular Catalyst 3508).

I would like to understand why this occurs for some folks and change
the code to automatically ignore show vlan output when the switch is
configured in a manner that would lead to it.  I know that VTP does
this and sometimes 802.1x and the current code tries to recognize
both of these.  tia for any help here.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] moving rancid to new server

2019-11-18 Thread john heasley 
Mon, Nov 18, 2019 at 10:40:22PM +, Wayne Eisenberg:
> Hi,
> 
> I need to move my rancid (3.8) setup to a new server. Is it ok to tar/gzip 
> the entire directory and copy it or just do a bulk copy via scp of the entire 
> /usr/local/rancid directory from the old to new server (and the .cloginrc 
> file, of course)? Or should I re-install and re-configure from scratch on the 
> new server? It's not the same distro, but as long as the other packages (like 
> expect) are installed, it should be pretty portable, yes?

in theory, yes.  rsync/tar/whatever.  there are only 2 C programs in the
package; as long as their libraries are satisfied (ldd ) and there
are no path changes, it should work.  YMMV

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Dell EMC OS10 switch

2019-11-05 Thread john heasley 
Tue, Nov 05, 2019 at 09:02:19AM +0100, Bjørn Skobba:
> It looks like Dell S3048-ON can use either the “old” Force10 FTOS(OS9) or 
> Dell’s OS10 (aka (D)NOS10). As you are running the latter, the dnos10 type 
> John mention should work. It is also based on a modified version of the 
> f10rancid script. From a quick browse of the diff, I think they are pretty 
> much doing the same thing. I’m using the dnos10 for our Dell S5296F-ON 
> switches running OS10 (version 10.4.x)

FWIW, I expect that these modules will diverge as DNOS evolves, as it
seems to be Dell's goal.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] web frontend for git based rancid

2019-11-05 Thread john heasley 
Tue, Nov 05, 2019 at 11:34:05AM +, shouldbe q931:
> On Wed, Oct 30, 2019 at 11:14 PM Andreas Ott  wrote:
> >
> > Hello,
> >
> > we have recently uplifted a server from the stoneage to a current version of
> > rancid, also now using git as the version control system.
> >
> > In previous generations we used cvsweb (cvs backend) and WebSVN (svn
> > backend) to provide at least read-only view for our operations/support
> > team into the different devices. For the git backend we installed gitlist
> > but find it lacking, especially when it comes to a very common need
> > "display diff between version X and version Y".
> >
> > Has anyone solved this problem in gitlist, or what other web frontend
> > are you using to display data from the git repository that can do this?
> >
> > Thanks, andreas
> > --
> > Andreas Ott   andr...@naund.org
> >
> 
> My solution for this was to use a commit hook to push to an instance
> of gitlab ce.

Not know the exact nature of your hack, but if using git, there is a simple
method to have a remote without hacking.  See the rancid FAQ S2Q8.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Dell EMC OS10 switch

2019-11-04 Thread john heasley 
Mon, Nov 04, 2019 at 04:51:23PM +, Howard Jones:
> I made a slightly-tweaked version of the Force10 type for our Dell 
> S3048-ON switches.
> 
> In etc/rancid.types.conf:
> 
> dell10;script;dell10rancid
> dell10;login;clogin
> 
> And then these are the differences from f10rancid:
> 
> A few commands don't exist - removed those. The switch likes to beep 
> (send ctrl-G) in responses, so I strip control chars out. It also 
> doesn't have 'end' at the end of the config, so the default 'saw all 
> commands' stuff didn't work.
> 
> Patch is for RANCID 3.7, but hopefully the gist is clear.
> 

I haven't looked at Howard's, but will.  However, I am assuming that this
is Dell NOS 10; maybe there is a difference from OS10 - i do not know, but
maybe someone will enlighten me.  rancid 3.10 has a dnos10 type that is
new from another user; maybe the two should be merged.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] web frontend for git based rancid

2019-10-30 Thread john heasley 
Wed, Oct 30, 2019 at 04:13:57PM -0700, Andreas Ott:
> we have recently uplifted a server from the stoneage to a current version of
> rancid, also now using git as the version control system.
> 
> In previous generations we used cvsweb (cvs backend) and WebSVN (svn
> backend) to provide at least read-only view for our operations/support
> team into the different devices. For the git backend we installed gitlist
> but find it lacking, especially when it comes to a very common need
> "display diff between version X and version Y". 
> 
> Has anyone solved this problem in gitlist, or what other web frontend
> are you using to display data from the git repository that can do this?

we use gitweb.  doesnt seem to have what you seek, but does have a
"commit-to-current" diff button.  if one knows the commits, they can
enter those manually in the url to achieve what you want - or hack
that to do what you want.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Aruba - Wireless Controllers

2019-10-29 Thread john heasley 
Fri, Oct 25, 2019 at 09:26:44AM -0700, reza:
> I’m using Mike32’s Aruba module which was recommended from the Shrubbery FTP, 
> https://github.com/miken32/rancid-aruba/. 
> 
> When I run rancid in debug mode against one of my device it failed in “End of 
> run not found”. I manually logged in with clogin to the device and ran “write 
> term” and verified the last line is end. Which is was is expected on line 546 
> of the Aruba.pm file, 
> https://github.com/miken32/rancid-aruba/blob/master/aruba.pm#L546. 
> 
> I’m hoping someone else has had some luck with this module and can provide 
> some help.

I do not have any of these, but note the README in the github repo and
the existence of arubalogin in the older version in
ftp://ftp.shrubbery.net/pub/rancid/contrib/aruba.tgz

maybe its hitting the pager.  look at the end of the site2-wc2.raw file
left by the -d in your test:

> rancid@rancid:~$ rancid -d -t aruba site2-wc2
> loadtype: device type aruba
> loadtype: found device type aruba at /etc/rancid/rancid.types.conf:115
> executing clogin -t 90 -c"no paging;show version;show master-redundancy;show 
> boot;show image version;dir;show interface transceivers;show 
> packet-capture;show inventory;show vlan;write term" site2-wc2
>     In aruba::inloop: PROMPT MATCH: \(site2-wc2\) >
> HIT COMMAND:(site2-wc2) >no paging
>     In RunCommand: (site2-wc2) >no paging
> HIT COMMAND:(site2-wc2) >show version
>     In aruba::ShowVersion: (site2-wc2) >show version
> HIT COMMAND:(site2-wc2) >show master-redundancy
>     In aruba::ShowMasterRedundancy: (site2-wc2) >show master-redundancy
> HIT COMMAND:(site2-wc2) >show boot
>     In aruba::ShowBoot: (site2-wc2) >show boot
> HIT COMMAND:(site2-wc2) >show image version
>     In aruba::ShowImageVersion: (site2-wc2) >show image version
> HIT COMMAND:(site2-wc2) >dir
>     In aruba::Dir: (site2-wc2) >dir
> HIT COMMAND:(site2-wc2) >show interface transceivers
>     In aruba::ShowInterfaceTransceivers: (site2-wc2) >show interface 
> transceivers
> HIT COMMAND:(site2-wc2) >show packet-capture
>     In aruba::ShowPacketCapture: (site2-wc2) >show packet-capture
> HIT COMMAND:(site2-wc2) >show inventory
>     In aruba::ShowInventory: (site2-wc2) >show inventory
> HIT COMMAND:(site2-wc2) >show vlan
>     In aruba::ShowVLAN: (site2-wc2) >show vlan
> HIT COMMAND:(site2-wc2) >write term
>     In aruba::WriteTerm: (site2-wc2) >write term
> site2-wc2: End of run not found
> site2-wc2: found_end is false
> !
> rancid@rancid:~$

> aruba;script;rancid -t aruba
> aruba;login;clogin
> aruba;module;aruba
> aruba;inloop;aruba::inloop
> aruba;command;aruba::RunCommand;no paging
> #aruba;command;aruba::RunCommand;encrypt disable
> aruba;command;aruba::ShowVersion;show version
> aruba;command;aruba::ShowMasterRedundancy;show master-redundancy
> aruba;command;aruba::ShowBoot;show boot
> aruba;command;aruba::ShowImageVersion;show image version
> aruba;command;aruba::Dir;dir
> aruba;command;aruba::ShowInterfaceTransceivers;show interface transceivers
> aruba;command;aruba::ShowPacketCapture;show packet-capture
> aruba;command;aruba::ShowInventory;show inventory
> aruba;command;aruba::ShowVLAN;show vlan
> aruba;command;aruba::WriteTerm;write term

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Fwd: Rancid - cmwlogin - HPE switches

2019-10-25 Thread john heasley 
Fri, Oct 25, 2019 at 02:27:52PM +0200, Kevin Olbrich:
> Hi Henri,
> 
> ok, old releases are a no-go for me, as I have HP devices with recent FW
> that would loop (find diff on every refresh) as HP introduced a timestamp
> for some commands.
> I would like to see CMW work in 3.9+ but I was unable to get this working
> on my own (I have no perl skills and don't plan to extend them).

Assuming code quality, old scripts ought to work to with rancid 3.9/3.10.
See the FAQ S4 Q1.  The shebang of the script may need to be updated for
your environment.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] patch suggestion for Cisco Mobile Express

2019-10-14 Thread john heasley 
Sun, Oct 13, 2019 at 09:53:21AM +, Piegorsch, Weylin William:
> Should an autonomous Aeronet AP have its config in rancid through wlc8?  I'd 
> had success (years ago, on older version of rancid and AeroOS) with type 
> cisco.  If this is a Aeronet AP on a WLC, then wouldn’t simply backing up the 
> WLC be sufficient?
> weylin

I can not answer that, but I am curious to see the diff that was produced
prior to this change.  Is it possible that it was terminal control characters
causing the changes?

> On 10/8/19, 7:51 AM, "Bjarne Saltbæk"  wrote:
> 
> Hi again.
> 
> I just realized that a patch in ciscowlc.pm would make more sense:
> 
> --- cut ---
> --- /usr/share/perl5/vendor_perl/rancid/ciscowlc.pm.org 2019-10-08 
> 13:30:29.894650701 +0200
> +++ /usr/share/perl5/vendor_perl/rancid/ciscowlc.pm 2019-10-08 
> 13:48:38.125686723 +0200
> @@ -137,6 +137,9 @@
> next if (/^\s*rogue ap classify/);
> next if (/^\s*rogue (adhoc|client) (alert|unknown)/i);
> next if (/^\s*interface nat-address management set 
> -?[0-9]{4,}\./);
> +   next if (/^\s*Config generation may take some time .../);
> +   next if (/^\s*# WLC Config Begin/);
> +   next if (/^\s*# WLC Config End/);
> 
> $linecnt++;
> 
> --- cut ---
> 
> 
> -- 
> Bjarne Saltbæk
> System Administrator
> Sinch Denmark
> 
> > -Original Message-
> > From: Bjarne Saltbæk
> > Sent: Tuesday, 8 October 2019 13.12
> > To: rancid-discuss@shrubbery.net
> > Subject: patch suggestion for Cisco Mobile Express
> > 
> > Hi
> > 
> > I am using the 3.9 version for backing up Cisco Mobility Express config 
> on a
> > Cisco Aironet 1830.
> > 
> > I was getting random garbage in the config by using
> > 
> > /etc/rancid/rancid.types.base
> > cisco-wlc8;script;rancid -t cisco-wlc8
> > cisco-wlc8;login;wlogin
> > cisco-wlc8;timeout;120
> > cisco-wlc8;module;ciscowlc
> > cisco-wlc8;inloop;ciscowlc::inloop
> > cisco-wlc8;command;ciscowlc::ShowUdi;show udi cisco-
> > wlc8;command;ciscowlc::ShowSysinfo;show sysinfo cisco-
> > wlc8;command;ciscowlc::ShowConfig;show run-config commands
> > 
> > changed ShowConfig from run-config commands to
> > 
> > cisco-wlc8;command;ciscowlc::ShowConfig;show run-config startup-
> > commands
> > 
> > But then ended up with new dates on every diff.
> > Fixed it by patching wlogin
> > --- cut ---
> > --- wlogin.bak  2019-10-08 12:14:31.085325057 +0200
> > +++ wlogin  2019-10-08 12:58:13.325178327 +0200
> > @@ -684,6 +684,8 @@
> >  for {set i 0} {$i < $num_commands} { incr i} {
> > send -- "[subst -nocommands [lindex $commands $i]]\r"
> > expect {
> > +   -re "^# WLC Config Begin.*\r\n" { exp_continue }
> > +   -re "^# WLC Config End.*\r\n"   { exp_continue }
> > -re "\b+"   { exp_continue }
> > -re "^\[^\n\r *]*$reprompt" { send_user -- 
> "$expect_out(buffer)"
> > }
> > --- cut ---
> > 
> > Feel free to add this to the upstream code.
> > 
> > BR,
> > Bjarne
> > 
> > 
> > 
> > --
> > Bjarne Saltbæk
> > System Administrator
> > Sinch Denmark
> 
> 
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid issues

2019-09-27 Thread john heasley 
Wed, Aug 21, 2019 at 02:44:01PM +, john heasley:
> Wed, Aug 21, 2019 at 12:10:35PM +0200, Chris Knipe:
> > Hi All,
> > 
> > Rancid setup and everything's fine form what I can tell.  I'm getting a
> > strange error I haven't seen before:
> > 
> > router.db:
> > za-ctn-pe01;mikrotik;up
> > 
> > bash-4.2$ ./bin/rancid -d -t mikrotik za-ctn-pe01
> > loadtype: device type mikrotik
> > loadtype: found device type mikrotik in /srv/rancid/etc/rancid.types.base
> > executing mtlogin -t 90 -c"" za-ctn-pe01
> > inloop is not configured for device type mikrotik at ./bin/rancid line 130.
> > 
> > Not quite sure what is happening at this stage...
> 
> bin/rancid does not work this way with scripts that have not been converted
> to modules.  It could be made to work, I just had not anticipated it.  you
> must run the script itself.
> 
> mtrancid [opts] hostname
> 

I've fixed this here:
commit 4750bf3ee31cd11a299a1dfee2c8c36020f41479
rancid, rancid.pm: handle non-modulized rancid scripts in the rancid script
by exec()ing the real script

https://www.shrubbery.net/pipermail/rancid-discuss/2019-August/010820.html

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid upgrade 3.2 to 3.9

2019-09-03 Thread john heasley 
Mon, Sep 02, 2019 at 03:45:28PM +, Nati Danan:
> Hello
> 
> I am using Rancid for the last 3 years and would like to upgrade it now to 
> latest version which is 3.9.
> Current version is 3.2.99  after upgrade of my colleague a year ago I believe.
> my Expect version is 5.44.1.15 if it helps.
> 
> I've downloaded the last tar.gz file  to the box and read the UPGRADE file 
> which wasn't very straight forward for base version of 3.2.x.
> Would you please advise about upgrade process and what files should be backed 
> up as we did some tweaks for some vendor files.

Fair.  I've added some text; lmk if I've missed the mark.

diff --git a/UPGRADING b/UPGRADING
index b33f5ace..633bdac4 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -1,10 +1,27 @@
+RANCiD 2.3 to >2.3
+Assuming that no other specifics in the sections below apply to your
+installation or environment, then upgrades should be straight-forward.
+   - review the CHANGES file for anything that may affect you,
+   - backup your current installation,
+   - optionally disable rancid's cron jobs and waiting for running
+ collections to finish.
+   - follow the quick installation instructions in the README, using the
+ same arguments to configure that were used for the previous version
+ (if any), and installing the new directly over the previous.
+   - it may be necessary to merge new .conf files (rancd.conf, lg.conf,
+ rancid.types.conf) with the existing files, which will not have been
+ over-written.
+   - re-enable rancid's cron jobs

I did not comment specifically about files to backup, as I feel that one
could be extra careful by backing-up everything or one could backup only
the files are locally customized (.conf & router.db files).

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme switch policy backup.

2019-08-27 Thread john heasley 
Fri, Jul 12, 2019 at 08:05:30PM +, john heasley:
> Fri, Jul 12, 2019 at 08:30:28PM +0100, Paul Thornton:
> > Hi
> > 
> > We had a patch to 2.3's xrancid which we were running at some stage in 
> > the past N years that did this already - but can't I find it, and we 
> > aren't running it on our current rancid system either.  Thanks to Chris' 
> > E-mail at least I've been reminded of that.
> > 
> > It wasn't a hard thing to add.
> > 
> > On 12/07/2019 20:15, john heasley wrote:
> > > Tue, Jul 09, 2019 at 09:55:56PM +, Chris Davis:
> > >> We've just gotten a few Extreme switches (model X440-G2) and I've gotten 
> > >> them set up in Rancid.  But while I get the configs, I have a few 
> > >> policies as well.  They're kept as .pol files on the switch.  Is there a 
> > >> way to include the policy files in the backup that Rancid takes?  It 
> > >> would be particularly helpful.  I've done some searching, and seen folks 
> > >> ask about it.  But no real answers.  Lots of modifications to commands 
> > >> from 4 years ago but nothing current.  There's a command that will print 
> > >> it all out, just not sure how to add it into the mix.  Don't like to 
> > >> modify something like Rancid if there's already a way within the system 
> > >> to make it happen.
> > >
> > > what is the command to display the policy?  can you provide an example of
> > > the command and output, from prompt to the next prompt?  is the output
> > > format and order stable?
> > >
> > > i see an incomplete example here;
> > > http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html
> > 
> > The format isn't great.  The switch basically outputs
> > Policies at Policy Server:
> > Policy: 
> > 
> > Number of clients bound to policy: 
> > Client: 
> > 
> > My hunch would be not to try and parse this lot at all, but just execute 
> > the 'show policy detail' and wait for the prompt to come back.  I'm 
> > pretty sure that's all we did; I remember it just diffed everything and 
> > you saw quickly if a policy was added/removed just as easily.
> > It is theoretically possible for someone to have a prompt matching 
> > string in the policy file as a comment, but lets ignore that madness for 
> > now.
> > 
> > This example shows three policies as an example:
> > 
> > * ag1.hbr.2 # dis clip
> > * ag1.hbr.3 # show policy detail
> > Policies at Policy Server:
> > Policy: as65001-in-v4
> > entry term10 {
> 
> Cool.  Could you test this?

ping.  I'd be grateful if someone would test this change for policy
backup on extreme.

> diff --git a/etc/rancid.types.base b/etc/rancid.types.base
> index 18139479..6c3a80aa 100644
> --- a/etc/rancid.types.base
> +++ b/etc/rancid.types.base
> @@ -381,6 +381,7 @@ extreme;command;exos::ShowMemory;show memory
>  extreme;command;exos::ShowDiag;show diag
>  extreme;command;exos::ShowSwitch;show switch
>  extreme;command;exos::ShowSlot;show slot
> +extreme;command;exos::ShowPolicy;show policy detail
>  extreme;command;exos::WriteTerm;show configuration detail
>  extreme;command;exos::WriteTerm;show configuration
>  #
> diff --git a/lib/exos.pm.in b/lib/exos.pm.in
> index fd7d1482..710a5c0f 100644
> --- a/lib/exos.pm.in
> +++ b/lib/exos.pm.in
> @@ -1,7 +1,5 @@
>  package exos;
>  ##
> -## $Id$
> -##
>  ## @PACKAGE@ @VERSION@
>  @copyright@
>  #
> @@ -161,6 +159,21 @@ sub ShowDiag {
>  return(0);
>  }
>  
> +# This routine parses "show policy detail"
> +sub ShowPolicy {
> +my($INPUT, $OUTPUT, $cmd) = @_;
> +print STDERR "In ShowPolicy: $_" if ($debug);
> +
> +while (<$INPUT>) {
> + tr/\015//d;
> + last if (/^$prompt/);
> + next if (/^(\s*|\s*$cmd\s*)$/);
> +
> + ProcessHistory("POLICY","","","# $_");
> +}
> +return(0);
> +}
> +
>  # This routine parses "show slot"
>  sub ShowSlot {
>  my($INPUT, $OUTPUT, $cmd) = @_;
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Tellabs equipment

2019-08-26 Thread john heasley 
Mon, Aug 26, 2019 at 06:57:27PM +, Luke Smith:
> I'm new to configuring Rancid, so forgive me if I'm not asking the right 
> questions. I've turned up a rancid server, I can get Cisco, Adtran, and 
> Foundry no issues. I'm moving over to my Tellabs now and I've found a 
> rancid-ssi github that I was able to find a tlrancid.in file on the commands 
> needed and clogin works fine to get me into the device, but when I actually 
> start a run, it doesn't get into the device, what happens in the logs I get 
> the following error:
> 
> Trying to get all of the configs.
> exec(tlrancid) failed router manufacturer tellabs: No such file or directory
> 
> I went ahead and in the rancid.types.base I added the following:

I recommend using rancid.types.conf instead; see the comment at the
top of .base.

> # Tellabs
> tellabs;script;tlrancid
> tellabs;login;clogin
> 
> If I manually run the tlrancid or clogin command, it gets in just fine. 
> However, I don't actually get the scripts to run ... so I'm assuming I'm 
> missing a correlation between files. Any help would be appreciated.
> 

make sure that tlrancid is executable, has the correct interpretter as
its first line and it in rancid's path according to rancid.conf:PATH
or make it a FQPN in the rancid.types.conf entry.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] RANCID 3.8 and Git - sync to remote repo instead of or in addition to local repo?

2019-08-21 Thread john heasley 
Wed, Aug 21, 2019 at 09:10:04PM +, Ni Ne:
> Running rancid 3.8 and I would like to (re-)publish the rancid config files 
> (for devices themselves) to a gitlab server we have internally.
> 
> I am still learning about Git and not very familiar with rancid's interaction 
> with it.
> 
> Is it feasible to have rancid update both repo's simultaneously? The local 
> one on the server, and a remote repo?

this is covered in the rancid FAQ.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid issues

2019-08-21 Thread john heasley 
Wed, Aug 21, 2019 at 12:10:35PM +0200, Chris Knipe:
> Hi All,
> 
> Rancid setup and everything's fine form what I can tell.  I'm getting a
> strange error I haven't seen before:
> 
> router.db:
> za-ctn-pe01;mikrotik;up
> 
> bash-4.2$ ./bin/rancid -d -t mikrotik za-ctn-pe01
> loadtype: device type mikrotik
> loadtype: found device type mikrotik in /srv/rancid/etc/rancid.types.base
> executing mtlogin -t 90 -c"" za-ctn-pe01
> inloop is not configured for device type mikrotik at ./bin/rancid line 130.
> 
> Not quite sure what is happening at this stage...

bin/rancid does not work this way with scripts that have not been converted
to modules.  It could be made to work, I just had not anticipated it.  you
must run the script itself.

mtrancid [opts] hostname

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Improving Rancid's processing speed when having 1k+ devices

2019-07-29 Thread john heasley 
Fri, Jul 26, 2019 at 02:34:49AM -0700, Florin Vlad Olariu:
> On 25 July 2019 at 18:16:48, Scott Granados
> (scott.grana...@gmail.com(mailto:scott.grana...@gmail.com)) wrote:
> 
> > I would also recommend running multiple rancid servers maybe scatter them 
> >geographically so it’s not a single machine pulling all the weight. Break 
> >the work loads up among them.
> 
> Great advice which didn't cross my mind. Might have to resort to this
> if I want ~ 1m poll times.

topologically close servers can help, but I would just run more processes
instead.  less mgmt overhead.

> > - make sure that the rancid user is not process rlimited to less than ~605
> processes; or PAR_COUNT * 2 + 5 or so.
> 
> My `ulimit -u` gives "4096". I don't this this is a factor?

unlikely.  make sure its not others; -n -d.  you'd see processes being
killed in the logs

...

Are your configs very large?  I have one group of 252 devices that are
scattered around the global totaling 1.2G of on-disk rancid output which
takes about 28m to collect with 16 processes.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Adjust Rancid-Run Default Run Location

2019-07-29 Thread john heasley 
Fri, Jul 26, 2019 at 09:37:36AM +, Sheeter, Kyle:
> Hey guys,
> 
> I have been trying to figure out what happened to my RANCID install after a 
> linux upgrade, and it looks like it adjusted some parameters that my 
> predecessor setup when he built the machine.  He used a subdirectory 
> (/home/rancid/rancid/) to store all of our RANCID files, but when I did the 
> ubuntu upgrade now rancid-run just runs from the default directory.
> 
> I looked over the man page but didn't see anything on how to change that.  
> Anyone have some good documentation on how to change that?

etc/rancid.conf:BASEDIR see rancid.conf(5); presumably the upgrade saved a
copy of the old file as etc/rancid.conf..

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Possible bug

2019-07-29 Thread john heasley 
Fri, Jul 26, 2019 at 08:24:35AM -0400, Ugo Bellavance:
> Hi,
> 
> I think that there might be a problem with the fnlogin script. It may
> because I'm attempting to execute it on a Fortiweb system (not Fortigate),
> but there is one last ' "send "end\r" ' that shouldn't be there.
> 
> Sample of ssh session with the unit, doing the same thing as the fnolgin
> script:
> 
> [rancid@server bin]$ ssh -l ranciduser fortiweb.example.com
> rancidu...@fortiweb.example.com's password:
> fortiweb $ config system console
> 
> fortiweb (console) $ set output standard
> 
> fortiweb (console) $ end
> 
> fortiweb $ end
> Command fail. CLI parsing error.

it should be sending 'config global' first.  Have you altered the script?

> I'm using the fnlogin script "3915 2018-10-29 21:05:01Z"

This part of the script has not changed since then.

> I don't have a Fortigate unit to test, so I do not know if it's OS-related
> or not.


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Fortinet private key problem

2019-07-25 Thread john heasley 
Thu, Jul 25, 2019 at 02:52:42PM -0400, Ugo Bellavance:
> Hi,
> 
> I'm trying to get rancid to work with my Fortinet device.  It seems to work
> OK, except for the fact that it doesn't collect the whole config. It looks
> like it's stuck in the removal of the private key.  It stops like this:
> 
> #set private-key "-BEGIN ENCRYPTED PRIVATE KEY-
> # 
> Connection to server.xxx.xxx closed.
> 
> I checked the code for filter cycling RSA private keys, but I don't know
> where would be the problem.
> 
> Any help or suggestion would be appreciated.

what version of rancid?  show us example input.  test that you can run the
command with the login script and receive the full output.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Improving Rancid's processing speed when having 1k+ devices

2019-07-25 Thread john heasley 
Thu, Jul 25, 2019 at 02:29:37PM +0200, Florin Vlad Olariu:
> Well, as per title, is there any way to improve rancid's speed with so many
> devices? At the moment I set PAR_COUNT to 300, so it will connect in
> parallel to 300 devices at a time, but the reality is that most time does
> not seem to be taken by connecting and retrieving config but by what
> happens next in the file processing and git-comitting.
> 
> To give you some stats, with current settings it takes around 9 minutes to
> do 1200 devices. I have only 1 group with all devices under the same group.
> 
> Any trick you might have, please let me know!

Typically, the network and, more so, the devices are the slow part.  Some
devices are much slower than others.  more parallelism helps a lot - your
high PAR_COUNT.  other thoughts:

- cvs is slow.  use svn or git.  svn is probably faster; but I have not
  benchmarked the two for the functions that rancid uses.
- make sure that the rancid user is not process rlimited to less than ~605
  processes; or PAR_COUNT * 2 + 5 or so.
- perl is a meory pig.  if the host/vm has memory pressure, this would be
  something to address.
- retrieving device output does not require much cpu, but process does use
  some - dont starve it
- use rancid.conf:NOPIPE=YES; i think this is faster because perl is a pig.
- if you only need configs, then reduce what is collected to just show version
  and show running.  or have one hourly group that collects that, and a daily
  group that collects everything.  less processing, and esp many fewer regexes.

multiple groups might help, at least for the SCM part.  split your one large
group into a few.  make sure to use a separate cron for each so that they run
in parallel.

I havent attempted to benchmark or optimize any parts for a while.  There was
a complaint about the start-up time for control_rancid, which seems to me to
be inconsequential, but I do not know what the users were attempting to do
with rancid that made this matter.  There are other benefits to this, so I've
started to re-write it; this is not ready yet.

9 minutes for 1200 devices seems reasonable to me. :)

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Improving Rancid's processing speed when having 1k+ devices

2019-07-25 Thread john heasley 
Thu, Jul 25, 2019 at 08:14:28AM -0700, Emille Blanc:
> I've seen/heard stories of people pre-empting rancid with an snmp-get of the 
> config-last-changed / last committed OID, to generate a list of devices to 
> run against.

a building block for that is in the FAQ S3 Q10; using syslog 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid and the Cisco 5000 Nexus Platform

2019-07-23 Thread john heasley 
Tue, Jul 23, 2019 at 01:29:01AM -0700, Florin Vlad Olariu:
> I am running version 3.9 [2] and the logs looks like in [1]. I tried
> un-commenting the line that states
> "#cisco-nx;command;rancid::RunCommand;term no monitor-force" but it doesn't
> work anyway.

keep that; it prevents logs/etc from mangling prompts and commands that
rancid wants to match.

> Reading about your comment on "show version" made me try and un-comment
> that line... (and only that line) and after that it worked!. But why do I
> need to have show version in there at all for this to properly work?
> 
> An alternative solution I had was to put variables "$clean_run" and
> "$found_end" to 1 in the /usr/local/rancid/bin/rancid file, but of course
> this is not ideal as it applies to all types of routers.
> 
> Any idea how can I gather config _without_ needing "show version" also?

As I mentioned, the model sometimes affects the handling of the config.
I do not remember off the top why this is so in nxos.  i'll try to look
later.  its not that much extra data and it should all be commented.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid with Dell PowerConnect M8024-k

2019-07-23 Thread john heasley 
Tue, Jul 23, 2019 at 03:53:39AM +, Dennis Jasch:
> Hi,
> 
> I have been Googleing a lot on how to get this to work, but had no luck yet.
> 
> Observium version: 19.7.9977
> Rancid version: 3.9
> Device: Dell PowerConnect M8024-k
> 
> The Observium PHP script to generate the rancid router.db classifies the 
> switch as "dell" - is this correct? I'm lead to believe it may have to be 
> "smc".

I can not say, I do not know this device and dell OEMs all of their
switch h/w, except perhaps white box h/w.  If the cli and config look
like another device type in rancid, then that type will likely work.
Else, perhaps show an example of the cli and config to the list.

smc would be my guess as well.  so, maybe show us the errors and try
the debug procedure from the FAQ S3 Q2.

If you discover one, please lmk and I will document it in rancid.types.base
along with the others.

> I have tried both, but neither seems to successfully pull the config. The 
> process seems to just hang indefinitely.
> 
> Testing using: /opt/rancid/bin/clogin -c"show version;" 10.x.x.x seems to 
> work correctly.
> 
> Logs seem to suggest:
> 10.x.x.x: End of run not found
> 
> Any suggestions would be greatly appreciated.
> 
> Regards,
> Dennis.
> 
> 

> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid and the Cisco 5000 Nexus Platform

2019-07-22 Thread john heasley 
Mon, Jul 22, 2019 at 08:51:09AM -0700, Florin Vlad Olariu:
> Hello,
> 
> I have some cisco Nexus 5k and I'm having some trouble grabbing the "show
> run" through rancid. In my setup I commented out most commands in the
> "rancid.types.base" file except for the "show run" section. The problem is
> that with the file commented, rancid can't manage to grab the output
> because, according to the logs, "End of run not found". Is this message
> based on finding the word "end" in the configuration? Because if that's the
> requirement, then even when manually doing "show run" it's not there.

please show us the error from the log file and tell us what version of
rancid.  also, please follow the test in the FAQ S3 Q2.

Also, for some devices show version is required; as the device type can
affect other parsing.  I doubt that is the problem for nxos, but you
also commented this:

> #cisco-nx;command;rancid::RunCommand;term no monitor-force

which i suspect is the problem, having now seen the errors.

> The curious thing is that if I un-comment all the other show commands, then
> rancid does manage to grab the router config, although of course that is
> not ideal. Below [1] you can find the "rancid.types.base" config.
> 
> cisco-nx;script;rancid -t cisco-nx

please read the warning at the top of etc/rancid.types.base

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

2019-07-20 Thread john heasley 
Sat, Jul 20, 2019 at 12:29:19AM +0200, Erik Muller:
> On 7/19/19 22:32 , john heasley wrote:
> > Mon, Jul 15, 2019 at 10:30:42PM +, Gauthier, Chris:
> >> The only way in CLI to do a "show run" type of output in XML format is to 
> >> execute the following commands.  This holds true for both Panorama and 
> >> Pan-OS (not managed by Panorama):
> >>
> >> User@Palo-Alto-FW> set cli config-output-format xml
> >> User@Palo-Alto-FW> configure
> >> Entering configuration mode
> >> [edit]
> >> User@Palo-Alto-FW# show
> >> 
> >>
> >>  
> >> Truncated to hide my config
> >>
> >> --Chris
> > 
> > I am confused; please help me understand so that we wrap-up this issue.
> > 
> > There are two configs, the normal one in show config run, and one that
> > comes from panorama config (if in use) that is visible on the "panorama
> > clients" (my term) with show config merged.
> 
> Correct.  Each PANOS device that's managed via Panorama has a local 
> persistent configuration that includes device-specific things like local 
> management address, HA-pair, user accounts...
> Panorama stores in it's config a bunch of rulesets and templates that can 
> be applied to the managed devices; when it pushes those to a managed device 
> they're merged at runtime into that device's live config, but not part of 
> that box's actual local config.
> 
> > the panorama (master) offers a cli, just like a panorama client, where
> > the panorama configuration can be viewed with 'show config run'.
> > 
> > these configs can be dumped as xml or text.  only xml can be loaded.
> > 
> > Do i have all of this correct?  I did not glean much useful info from the
> > palo alto website.
> 
> all correct, TTBOMK.
> -e
> 

Super; thanks.

Is it sensible to collect all three?  ie: the xml of the base, the base,
and the merged.

> > 
> >> -Original Message-
> >> From: Rancid-discuss  on behalf of 
> >> john heasley 
> >> Date: Monday, July 15, 2019 at 3:00 PM
> >> To: Erik Muller 
> >> Cc: "rancid-discuss@shrubbery.net" 
> >> Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup
> >>
> >> Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> >>> On 7/12/19 14:15 , Gauthier, Chris wrote:
> >>>> Rancid configs for PAN can NOT be used to restore the config, unless you
> >>>> cut and paste the configuration. This is because the native config files
> >>>> are stored in XML format and that is the format the Palo Alto utilities
> >>>> expect when performing restorations.
> >>>
> >>> Having recently needed to deal with a bunch of PAs, I ran into that same
> >>> issue and ended up writing a tool (https://github.com/ermuller/bracematch)
> >>> to simplify the process.
> >>>
> >>> RE the other question about Panorama vs device configs, if you're backing
> >>> up your Panorama configuration (which has been fine via Rancid in my
> >>
> >> How are you backing the Panorama configuration?  is that just another
> >> rancid 'paloalto' target?
> >>
> >>> experience) as well as the base config on the device, you don't need to
> >>> backup the merged configuration.  And you probably shouldn't pull the
> >>> merged config, for restore purposes, as anything other than the local
> >>> device configuration will come from the Panorama templates once the device
> >>> is replaced.  Of course, the merged config might still be convenient to
> >>> save to easily see the complete policy set active on a given box.
> >>>
> >>> -e
> > 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

2019-07-19 Thread john heasley 
Mon, Jul 15, 2019 at 10:30:42PM +, Gauthier, Chris:
> The only way in CLI to do a "show run" type of output in XML format is to 
> execute the following commands.  This holds true for both Panorama and Pan-OS 
> (not managed by Panorama):
> 
> User@Palo-Alto-FW> set cli config-output-format xml
> User@Palo-Alto-FW> configure
> Entering configuration mode
> [edit]
> User@Palo-Alto-FW# show
> 
>   
> 
> Truncated to hide my config
> 
> --Chris

I am confused; please help me understand so that we wrap-up this issue.

There are two configs, the normal one in show config run, and one that
comes from panorama config (if in use) that is visible on the "panorama
clients" (my term) with show config merged.

the panorama (master) offers a cli, just like a panorama client, where
the panorama configuration can be viewed with 'show config run'.

these configs can be dumped as xml or text.  only xml can be loaded.

Do i have all of this correct?  I did not glean much useful info from the
palo alto website.

thanks

> -Original Message-
> From: Rancid-discuss  on behalf of john 
> heasley 
> Date: Monday, July 15, 2019 at 3:00 PM
> To: Erik Muller 
> Cc: "rancid-discuss@shrubbery.net" 
> Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup
> 
> Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> > On 7/12/19 14:15 , Gauthier, Chris wrote:
> > > Rancid configs for PAN can NOT be used to restore the config, unless you
> > > cut and paste the configuration. This is because the native config files
> > > are stored in XML format and that is the format the Palo Alto utilities
> > > expect when performing restorations.
> >
> > Having recently needed to deal with a bunch of PAs, I ran into that same
> > issue and ended up writing a tool (https://github.com/ermuller/bracematch)
> > to simplify the process.
> >
> > RE the other question about Panorama vs device configs, if you're backing
> > up your Panorama configuration (which has been fine via Rancid in my
> 
> How are you backing the Panorama configuration?  is that just another
> rancid 'paloalto' target?
> 
> > experience) as well as the base config on the device, you don't need to
> > backup the merged configuration.  And you probably shouldn't pull the
> > merged config, for restore purposes, as anything other than the local
> > device configuration will come from the Panorama templates once the device
> > is replaced.  Of course, the merged config might still be convenient to
> > save to easily see the complete policy set active on a given box.
> >
> > -e

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Getting a lot of noise related to ce_switch.log and ce_switch.log.bak

2019-07-18 Thread john heasley 
Wed, Jul 17, 2019 at 12:36:04AM +, heasley:
> Wed, Jul 10, 2019 at 01:39:34AM -0700, Dan Mahoney (Gushi):
> > On Tue, 11 Sep 2018, heasley wrote:
> > 
> > > Mon, Sep 10, 2018 at 01:45:42AM -0700, Dan Mahoney (Gushi):
> > >> Hey all,
> > >>
> > >> I'm running Rancid built from freebsd packages, rancid3-3.7
> > >>
> > >> Periodically, my ASR9K's log something like this:
> > >>
> > >>   !Flash: harddisk: 24753   -rwx  800470016   Wed Sep 10 20:00:00 
> > >> 2014
> > >> VM-ASR9K-px-4.3.4.tar
> > >> - !Flash: harddisk: 24623   -rw-
> > >> ce_switch.log
> > >> + !Flash: harddisk: 24781   -rw-  8192017 Mon Sep 10 05:10:03 
> > >> 2018
> > >> ce_switch.log.bak
> > >>   !Flash: harddisk: 24688   -rw-  1048576 Thu Sep 11 02:08:46 
> > >> 2014
> > >> kd.bin_0_RSP0_CPU0
> > >>   !Flash: harddisk: 24625   drwx  4096Thu Sep 11 01:38:55 
> > >> 2014
> > >> idiags
> > >>   !Flash: harddisk: 24626   -rw-  0   Thu Sep 11 01:40:24 
> > >> 2014
> > >> ahci.log
> > >>   !Flash: harddisk: 24627   drwx  4096Thu Sep 11 02:20:32 
> > >> 2014
> > >> np
> > >> - !Flash: harddisk: 24783   -rw-  8192017 Fri Sep  7 08:18:57 
> > >> 2018
> > >> ce_switch.log.bak
> > >> + !Flash: harddisk: 24628   -rw-
> > >> ce_switch.log
> > >>   !Flash: harddisk: 6442434560 bytes total (4 GB free)
> > >>
> > >> I thought I saw something on the mailing lists that this was fixed in a
> > >> prior version, but I guess not.  How would I go about tweaking rancid so
> > >> these bits are ignored?
> > >
> > > add a filter to DirSlotN().  i see that your device is renaming files,
> > > causing the fileno to change.  I'll add that filter for 3.9.
> > 
> > Sorry to revive an old thread.
> > 
> > I've upgraded to 3.9, but this doesn't seem to have been fixed:
> 
> My mistake; I made this change to ios.pm, but did not also change iosxr.pm.
> I'll work on that change.

ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.9.99.tar.gz

or

diff --git a/CHANGES b/CHANGES
index fbf20763..4139a17a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,4 @@
 3.9.99
-   iosxr.pm: DirSlotN(): drop the file number from all files.
-
Missing Arista documentation - github.com/inphobia
 
GC "procket" from manpages & README
diff --git a/lib/iosxr.pm.in b/lib/iosxr.pm.in
index 5c2e7008..1af4fd8e 100644
--- a/lib/iosxr.pm.in
+++ b/lib/iosxr.pm.in
@@ -555,7 +555,7 @@ sub DirSlotN {
}
# filter frequently changing files from IOX bootflash, hardiska,
# and nvram
-   if ($dev =~ /(bootflash|disk[012]|harddisk|nvram)/) {
+   if ($dev =~ /(bootflash|disk0|harddisk|nvram)/) {
if (/\s(\.python-history|aaa|\.bash_history)\s*$/ ||
/\s(ce_switch.log\S*|cisco_support|errmsg_cont)\s*$/ ||
/\s(genstr_cont|temp_cont|temp_cont|temp_static_data)\s*$/ ||
@@ -564,47 +564,50 @@ sub DirSlotN {
# 57  -rw-  23100 volt_cont
# 614788  drwx  4096Fri Aug 20 12:06:25 2010  
temp_cont
# to
-   # -rw-volt_cont
-   # drwxtemp_cont
-   if (/\s*\d+\s+(\S+\s+)(\d+)(\s+)()(\s+)/) {
+   # 57  -rw-volt_cont
+   # 614788  drwx
temp_cont
+   if (/(\s*\d+\s+\S+\s+)(\d+)(\s+)()(\s+)/) {
my($a, $sz, $c, $dt, $d, $rem) = ($1, $2, $3, $4, $5, $');
my($szl) = length($sz);
my($fmt) = "%s%-". $szl ."s%s%s%s%s";
-   $_ = sprintf($fmt, $c, $dt, $d, $rem);
+   $_ = sprintf($fmt, $a, "", $c, $dt, $d, $rem);
ProcessHistory("FLASH","keysort",$rem,"!Flash: $dev: $_");
next;
-   } elsif (/\s*\d+\s+(\S+\s+\d+\s+)(\d+\s+\w+\s+\d+\s+\d+:\d+)/) {
+   } elsif 
(/(\s*\d+)(\s+\S+\s+\d+\s+)(\d+\s+\w+\s+\d+\s+\d+:\d+)/) {
# XR >= 6.3; dir disk0:, but harddisk: is diff format.  wtf
# drop fileno size, & date.
# " 8002 drwxr-xr-x 2 4096 Jan 17 15:27 np"
-   my($perm, $dt, $rem) = ($1, $2, $');
-   my($dtl) = length($dt);
-   my($fmt) = "%s%-". $dtl ."s%s";
-   $_ = sprintf($fmt, $perm, "", $rem);
+   my($fn, $perm, $dt, $rem) = ($1, $2, $3, $');
+   my($fnl, $dtl) = (length($fn), length($dt));
+   my($fmt) = "%-". $fnl ."s%s%-". $dtl ."s%s";
+   $_ = sprintf($fmt, "", $perm, "", $rem);
ProcessHistory("FLASH","keysort",$rem,"!Flash: $dev: $_");
next;
-   } elsif (/\s*\d+\s+(\S+\s+)(\d+)(\s+)(\w+ \w+\s+\d+ \d+:\d+:\d+ 
\d+)/) {
-   my($b, $sz, $c, $dt, $rem) = ($1, $2, $3, $4, $');
-

Re: [rancid] Dell EMC S5200-ON series switches running OS10

2019-07-18 Thread john heasley 
Thu, Jul 18, 2019 at 12:25:30PM +0200, Bjørn Skobba:
> Hi,
> first of all, I'm new to rancid and the list, so please bear with me :)
> 
> I have a question regarding devices (in this case a S5296F-ON switch)
> running OS10 Network Operating System.
> 
> We have quite a few Force10 S-series switches running FTOS which rancid
> happily pulls config from. The new S5200-series switches support only OS10
> (and some 3rd party OS'es), and I have been struggling with getting rancid
> to pull config.
> 
> I have tried different device types like dell, force10 and smc.
> 
> Before digging deeper into the fine details; has anyone successfully gotten
> rancid to work with OS10 and can point me in the right direction?

I haven't seen one myself; but from the limited info I find on dell.com,
it looks similar to the Fujitsu, with a different vocabulary.  Perhaps
try that, else contact me off list and I'll try to help.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

2019-07-15 Thread john heasley 
Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> On 7/12/19 14:15 , Gauthier, Chris wrote:
> > Rancid configs for PAN can NOT be used to restore the config, unless you 
> > cut and paste the configuration. This is because the native config files 
> > are stored in XML format and that is the format the Palo Alto utilities 
> > expect when performing restorations.
> 
> Having recently needed to deal with a bunch of PAs, I ran into that same 
> issue and ended up writing a tool (https://github.com/ermuller/bracematch) 
> to simplify the process.
> 
> RE the other question about Panorama vs device configs, if you're backing 
> up your Panorama configuration (which has been fine via Rancid in my 

How are you backing the Panorama configuration?  is that just another
rancid 'paloalto' target?

> experience) as well as the base config on the device, you don't need to 
> backup the merged configuration.  And you probably shouldn't pull the 
> merged config, for restore purposes, as anything other than the local 
> device configuration will come from the Panorama templates once the device 
> is replaced.  Of course, the merged config might still be convenient to 
> save to easily see the complete policy set active on a given box.
> 
> -e
> 
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme switch policy backup.

2019-07-12 Thread john heasley 
Fri, Jul 12, 2019 at 08:30:28PM +0100, Paul Thornton:
> Hi
> 
> We had a patch to 2.3's xrancid which we were running at some stage in 
> the past N years that did this already - but can't I find it, and we 
> aren't running it on our current rancid system either.  Thanks to Chris' 
> E-mail at least I've been reminded of that.
> 
> It wasn't a hard thing to add.
> 
> On 12/07/2019 20:15, john heasley wrote:
> > Tue, Jul 09, 2019 at 09:55:56PM +, Chris Davis:
> >> We've just gotten a few Extreme switches (model X440-G2) and I've gotten 
> >> them set up in Rancid.  But while I get the configs, I have a few policies 
> >> as well.  They're kept as .pol files on the switch.  Is there a way to 
> >> include the policy files in the backup that Rancid takes?  It would be 
> >> particularly helpful.  I've done some searching, and seen folks ask about 
> >> it.  But no real answers.  Lots of modifications to commands from 4 years 
> >> ago but nothing current.  There's a command that will print it all out, 
> >> just not sure how to add it into the mix.  Don't like to modify something 
> >> like Rancid if there's already a way within the system to make it happen.
> >
> > what is the command to display the policy?  can you provide an example of
> > the command and output, from prompt to the next prompt?  is the output
> > format and order stable?
> >
> > i see an incomplete example here;
> > http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html
> 
> The format isn't great.  The switch basically outputs
> Policies at Policy Server:
> Policy: 
> 
> Number of clients bound to policy: 
> Client: 
> 
> My hunch would be not to try and parse this lot at all, but just execute 
> the 'show policy detail' and wait for the prompt to come back.  I'm 
> pretty sure that's all we did; I remember it just diffed everything and 
> you saw quickly if a policy was added/removed just as easily.
> It is theoretically possible for someone to have a prompt matching 
> string in the policy file as a comment, but lets ignore that madness for 
> now.
> 
> This example shows three policies as an example:
> 
> * ag1.hbr.2 # dis clip
> * ag1.hbr.3 # show policy detail
> Policies at Policy Server:
> Policy: as65001-in-v4
> entry term10 {

Cool.  Could you test this?

diff --git a/etc/rancid.types.base b/etc/rancid.types.base
index 18139479..6c3a80aa 100644
--- a/etc/rancid.types.base
+++ b/etc/rancid.types.base
@@ -381,6 +381,7 @@ extreme;command;exos::ShowMemory;show memory
 extreme;command;exos::ShowDiag;show diag
 extreme;command;exos::ShowSwitch;show switch
 extreme;command;exos::ShowSlot;show slot
+extreme;command;exos::ShowPolicy;show policy detail
 extreme;command;exos::WriteTerm;show configuration detail
 extreme;command;exos::WriteTerm;show configuration
 #
diff --git a/lib/exos.pm.in b/lib/exos.pm.in
index fd7d1482..710a5c0f 100644
--- a/lib/exos.pm.in
+++ b/lib/exos.pm.in
@@ -1,7 +1,5 @@
 package exos;
 ##
-## $Id$
-##
 ## @PACKAGE@ @VERSION@
 @copyright@
 #
@@ -161,6 +159,21 @@ sub ShowDiag {
 return(0);
 }
 
+# This routine parses "show policy detail"
+sub ShowPolicy {
+my($INPUT, $OUTPUT, $cmd) = @_;
+print STDERR "In ShowPolicy: $_" if ($debug);
+
+while (<$INPUT>) {
+   tr/\015//d;
+   last if (/^$prompt/);
+   next if (/^(\s*|\s*$cmd\s*)$/);
+
+   ProcessHistory("POLICY","","","# $_");
+}
+return(0);
+}
+
 # This routine parses "show slot"
 sub ShowSlot {
 my($INPUT, $OUTPUT, $cmd) = @_;

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Extreme switch policy backup.

2019-07-12 Thread john heasley 
Tue, Jul 09, 2019 at 09:55:56PM +, Chris Davis:
> We've just gotten a few Extreme switches (model X440-G2) and I've gotten them 
> set up in Rancid.  But while I get the configs, I have a few policies as 
> well.  They're kept as .pol files on the switch.  Is there a way to include 
> the policy files in the backup that Rancid takes?  It would be particularly 
> helpful.  I've done some searching, and seen folks ask about it.  But no real 
> answers.  Lots of modifications to commands from 4 years ago but nothing 
> current.  There's a command that will print it all out, just not sure how to 
> add it into the mix.  Don't like to modify something like Rancid if there's 
> already a way within the system to make it happen.

what is the command to display the policy?  can you provide an example of
the command and output, from prompt to the next prompt?  is the output
format and order stable?

i see an incomplete example here;
http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

2019-07-12 Thread john heasley 
Fri, Jul 12, 2019 at 06:15:39PM +, Gauthier, Chris:
> Rancid configs for PAN can NOT be used to restore the config, unless you cut 
> and paste the configuration.  This is because the native config files are 
> stored in XML format and that is the format the Palo Alto utilities expect 
> when performing restorations.
> 

so, store both in rancid.  what is the cmd to retrieve the xml format?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

2019-07-11 Thread john heasley 
Thu, Jul 11, 2019 at 02:37:51PM +, Anderson, Charles R:
> You can use "show config merged" to see the local device's config merged with 
> the templates from Panorama.

Does this work with "non-managed" (better term?) configs?  And, was this
command introduced recently?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

2019-07-11 Thread john heasley 
Thu, Jul 11, 2019 at 02:19:00PM +, Gauthier, Chris:
> I have run into the issues seen below, as we migrated to a fully-managed 
> Panorama ecosystem in recent months.  The output of the “show configuration 
> running” (or whatever it is) is more limited on the managed device because (I 
> believe) what is being shown is only the locally-managed configuration.  I 
> haven’t looked yet to see if there is a workaround.
> 
> --Chris

I have no experience with these.  If more commands are necessary, lmk.

> Chris Gauthier Senior Network Engineer | Comscore
> t +1 (503) 331-2704 |
> cgauth...@comscore.com
> comscore.com
> ​​​This e-mail (including any attachments) may contain information that is 
> private, confidential, or protected by attorney-client or other privilege. If 
> you received this e-mail in error, please delete it from your system and 
> notify sender.
> From: Rancid-discuss  on behalf of 
> annie lee 
> Date: Wednesday, July 10, 2019 at 6:02 PM
> To: john heasley 
> Cc: "rancid-discuss@shrubbery.net" 
> Subject: Re: [rancid] Palo Alto (Panorama) configuration
> 
> i tried to grab the configs from the panorama and it's what i wanted :-)
> apology, im pretty new to the paloalto and panorama device/setup.
> 
> thanks and glad i can backup the palo/panorama configs without any tweaking.
> 
> On Thu, Jul 11, 2019 at 9:23 AM annie lee 
> mailto:lsy.an...@gmail.com>> wrote:
> Hi John,
> 
> Thanks for your reply and apology for the typo on the paloalto type.  
> (1.1.1.1;paloalto;up)
> Below are the sample config for one of the firewall configs (removed all the 
> ip addresses).
> Basically there are heaps more configs (routing, policy, NAT, virtual router 
> and etc...) i can see from the Panorama.
> Not sure its similar to F5 tweak that we need to add the partition to grab 
> the full configs.
> 
> Rgds
> 
> On Thu, Jul 11, 2019 at 7:42 AM john heasley 
> mailto:h...@shrubbery.net>> wrote:
> Wed, Jul 10, 2019 at 11:53:42AM +1000, annie lee:
> > Hi All,
> >
> > Another question, just added a new PaloAlto to rancid (3.9) but not much
> > configurations being backup (not even interfaces addresses)
> > Anything need to be changed/added to backup the entire configuration ?
> >
> > 1.1.1.1;palo-alto;up
> 
> Please use the built-in type for PAN: paloalto.  if that is still lacking,
> please be more specific about what commands are missing.  it collects
> 
> show system info;show chassis inventory;show config running

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

2019-07-10 Thread john heasley 
Wed, Jul 10, 2019 at 11:53:42AM +1000, annie lee:
> Hi All,
> 
> Another question, just added a new PaloAlto to rancid (3.9) but not much
> configurations being backup (not even interfaces addresses)
> Anything need to be changed/added to backup the entire configuration ?
> 
> 1.1.1.1;palo-alto;up

Please use the built-in type for PAN: paloalto.  if that is still lacking,
please be more specific about what commands are missing.  it collects

show system info;show chassis inventory;show config running

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Watchguard xml file

2019-07-08 Thread &#x27;john heasley' 
Wed, Jul 03, 2019 at 06:49:20PM +, Wayne Eisenberg:
> -Original Message-
> From: 'john heasley'  
> Sent: Wednesday, July 03, 2019 1:41 PM
> To: Wayne Eisenberg 
> Cc: 'john heasley' ; 'rancid-discuss@shrubbery.net' 
> 
> Subject: Re: [rancid] Watchguard xml file
> 
> 
> >> However, in the xtm.pm module, line 102 defines it again. 
> 
> >i'm not familiar with this device, but redefining (or refining) the prompt 
> >is normal.  the filter functions and login scripts begin with something 
> >loose, and once it sees the prompt, it can be refined to be more precise, 
> >and >may later further refine it (eg: in run_commands) to match the prompt 
> >when/if it changes in config or other modes that are platform dependent.
> 
> Ah, if I only had that skill.
> 
> >> ---
> >> while (/\s*($cmds_regexp)\s*$/) {
> >>$cmd = $1;
> >>$prompt = ">>";
> this is probably a mistake; should be part of the 
> while() regex.  I suspect it might be here because the author could not make 
> the regex below match correctly.
> 
> >>if (!defined($prompt)) {
> >>$prompt = ($_ =~ /^([^>]+>)/)[0];
> >>$prompt =~ s/([][}{)(\\])/\\$1/g;
> >>print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
> >>}
> >> ---
> >> Once you get to the sub ShowConfiguration section, on line 199 if it sees 
> >> the prompt, end. Guess what? The "#" character is inside the config (there 
> >> is some html code in one of the xml sections) and that is where the config 
> >> ends.
> 
> >seems that the prompt is ">>".
> 
> Yes, in this example. I wanted to show the original file, not something that 
> I modded. In my current version, the line is
> $prompt = ">>|#"
> which works, but causes the problem of the config getting truncated because 
> it sees "#" as the prompt. The $prompt should either be the entire thing or 
> some string that ends in #.

yes, this is why it refines the prompt match to be the complete thing, but
it has to see one before it can extract it.  and your inloop set is at the
top of the loop, so it never refines it to be the whole prompt.

> >> ---
> >> sub ShowConfiguration {
> >> my($INPUT, $OUTPUT, $cmd) = @_;
> >> my($lines) = 0;
> >> my($snmp) = 0;
> >> print STDERR "In ShowConfiguration: $_" if ($debug);
> >> # We don't care about password filtering as passwords are hashed
> >> # So don't use this if you need it (or develop the functionality).
> >> if ($filter_pwds >= 1){
> >> print STDERR "WARNING: Password filtering isn't implemented 
> >> yet!\n";
> >> print STDERR "Either disable password filtering in rancid.conf";
> >> print STDERR " or don't use this plugin.\n";
> >> }
> >> s/^[a-z]+@//;
> >> ProcessHistory("","","","# $_");
> >> while (<$INPUT>) {
> >>tr/\015//d;
> >>next if (/^\s*$/);
> >># end of config - hopefully.
> >># end-of-config tag.  appears to end with "\nPROMPT:~$".
> >>if (/$prompt/) {
> >>$found_end++;
> >>last;
> >>}
> >> ---
> >> 
> >> So I'm thinking if I can figure out a different way to define the prompt 
> >> to be more than just the # sign (at least in the xtm.pm), that should do 
> >> the trick? Can you do something like $prompt = "#$" ?

it has to be as a set (regex or glob), like; [#$].  but that is a single
atom; if your prompt is or may be ">>", then you likely need to use a
group atom, like (>>|#).

> >its better to anchor it and have it be as complete as reasonable.  eg:
> >not #
> >not hostname#
> >but ^hostname#
> 
> >look at ios.pm.
> 
> Looking, but I don't see anywhere that it defines the prompt. It uses it a 
> lot, but doesn't define it.

its starts with [>#] in the while() (and exit match); then refines it to be
a match the entire prompt with regex atoms escaped in the
if(!defined($prompt)).  after that, it anchors the prompt match when
appropiate; /^$prompt/.

you should do similarly for this watchguard device.  I suspect that you can
just steal the ios.pm inloop() and modify the initial prompt matching.  It
could be kinkier, but it is a good starting point.

i think i;ve answered everything.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

2019-07-08 Thread john heasley 
Fri, Jul 05, 2019 at 07:16:35AM -0600, Kevin Morales:
> Thanks John!
> 
> The configuration finish in some case with:
> 
> !
> ZXR10-01#
> 
> $
> !
> ZXR10-02#
> 
> $
> !
> ZXR10-03#
> 
> and sorry, I don't have experience with programation..,

it would need to handle the check like exos.pm; by counting valid output.
Maybe try just using that module with a private device type like:

zte;script;rancid -t zte
zte;login;xlogin
zte;module;exos
zte;inloop;exos::inloop  
zte;command;exos::ShowVersion;show version
zte;command;exos::WriteTerm;show configuration

> Thanks!
> 
> On Wed, Jul 3, 2019 at 6:10 PM john heasley  wrote:
> 
> > Wed, Jul 03, 2019 at 02:53:14PM -0600, Kevin Morales:
> > > Yes, my Router is ZTE and I am using CISCO type, because the command is
> > the
> > > same to see the configuration..show running-config
> >
> > I have no idea what ZTE is; does it behave *exactly* the same as IOS?
> > It seems not.
> >
> > > > > > found end means that it found the end of the config; for type
> > cisco,
> > > > > > that means "^end".
> >
> > Does it's config end with:
> >
> > "
> > end
> > "?
> >
> > > > > > clean run means that it found the cli logout; for type cisco, that
> > > > > > means "prompt[>#] exit$"
> >
> > in your .raw file, does the last prompt where clogin exited the cli, match
> > the regex
> >
> > "prompt[>#] exit$"
> > ?
> >
> > clearly these sanity checks are not working with your ZTE device.  You
> > need to figure-out why and correct it, likely by creating your own
> > rancid module for ZTE with a customized inloop() function.  you can
> > probably use the parsing functions from the ios module, like the
> > 'ciscoshtech' example that comes with rancid uses 2 modules.
> >
> > > On Wed, Jul 3, 2019 at 2:52 PM Piegorsch, Weylin William 
> > > wrote:
> > >
> > > > Hi Kevin,
> > > >
> > > > I think you said this is a ZTE device, but that you’re using -t cisco.
> > is
> > > > ZTE a cisco device?
> > > >
> > > > weylin
> > > >
> > > >
> > > >
> > > > *From: *Kevin Morales 
> > > > *Date: *Wednesday, July 3, 2019 at 3:18 PM
> > > > *To: *john heasley 
> > > > *Cc: *Weylin Piegorsch , Nick Nauwelaerts <
> > > > nick.nauwelae...@aquafin.be>, "rancid-discuss@shrubbery.net" <
> > > > rancid-discuss@shrubbery.net>
> > > > *Subject: *Re: [rancid] Unable to figure out "end of run not found"
> > > >
> > > >
> > > >
> > > > I am sorry, I dont get you, What do you want I do?
> > > >
> > > >
> > > >
> > > > on my Rancid Server I execute:
> > > >
> > > > [rancid@localhost bin]$ NOPIPE=yes ./rancid -d -t  cisco 172.17.1.6
> > > >
> > > >
> > > >
> > > > On Wed, Jul 3, 2019 at 12:43 PM john heasley 
> > wrote:
> > > >
> > > > Wed, Jul 03, 2019 at 11:33:08AM -0600, Kevin Morales:
> > > > > Thanks Piegorsh,
> > > > >
> > > > > I did it..
> > > > >
> > > > > NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> > > > >
> > > > > but in the two file 172.17.1.6.new and 172.17.1.6.raw don't see
> > anything
> > > > > about this error. both show the correct command output.
> > > >
> > > > correct command output and matching the criteria that i described below
> > > > for type cisco are not necessarily the same thing.  read it again.
> > > >
> > > > > On Wed, Jul 3, 2019 at 11:29 AM Piegorsch, Weylin William <
> > wey...@bu.edu
> > > > >
> > > > > wrote:
> > > > > > > *172.17.1.6 <http://172.17.1.6>: End of run not found*
> > > > > > > 172.17.1.6: clean_run is false
> > > > > > > 172.17.1.6: found_end is false
> > > > > > > !
> > > > > >
> > > > > > found end means that it found the end of the config; for type
> > cisco,
> > > > > > that means "^end".
> > > > > >
> > > > > > clean run means that it found the cli logout; for type cisco, that
> > > > > > means "prompt[>#] exit$"
> >
> 
> 
> -- 
> *Kevin Morales*

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

2019-07-05 Thread john heasley 
Thu, Jul 04, 2019 at 08:23:51AM +, STUART WALTON:
> Hi
> 
> Has anyone used a backup from Rancid to restore a Palo Alto Firewall?
> 
> If so how have you done it?  (I have the backup but it does not appear to be 
> in the correct format)
> 
> I have searched the discussion but cannot seem to find the answer. Any help 
> would be appreciated.

I do not know much of anything about PAN devices.  However, be aware that,
depending upon your rancid configuration, passwords may be removed.  Also,
see the FAQ S1 Q5 for another caveat that may apply to PAN.

Also, include the error you received when attempting to load the config.
It might provide clue to someone with more experience with PAN.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

2019-07-03 Thread john heasley 
Wed, Jul 03, 2019 at 02:53:14PM -0600, Kevin Morales:
> Yes, my Router is ZTE and I am using CISCO type, because the command is the
> same to see the configuration..show running-config

I have no idea what ZTE is; does it behave *exactly* the same as IOS?
It seems not.

> > > > found end means that it found the end of the config; for type cisco,
> > > > that means "^end".

Does it's config end with:

"
end
"?

> > > > clean run means that it found the cli logout; for type cisco, that
> > > > means "prompt[>#] exit$"

in your .raw file, does the last prompt where clogin exited the cli, match
the regex

"prompt[>#] exit$"
?

clearly these sanity checks are not working with your ZTE device.  You
need to figure-out why and correct it, likely by creating your own
rancid module for ZTE with a customized inloop() function.  you can
probably use the parsing functions from the ios module, like the
'ciscoshtech' example that comes with rancid uses 2 modules.

> On Wed, Jul 3, 2019 at 2:52 PM Piegorsch, Weylin William 
> wrote:
> 
> > Hi Kevin,
> >
> > I think you said this is a ZTE device, but that you’re using -t cisco. is
> > ZTE a cisco device?
> >
> > weylin
> >
> >
> >
> > *From: *Kevin Morales 
> > *Date: *Wednesday, July 3, 2019 at 3:18 PM
> > *To: *john heasley 
> > *Cc: *Weylin Piegorsch , Nick Nauwelaerts <
> > nick.nauwelae...@aquafin.be>, "rancid-discuss@shrubbery.net" <
> > rancid-discuss@shrubbery.net>
> > *Subject: *Re: [rancid] Unable to figure out "end of run not found"
> >
> >
> >
> > I am sorry, I dont get you, What do you want I do?
> >
> >
> >
> > on my Rancid Server I execute:
> >
> > [rancid@localhost bin]$ NOPIPE=yes ./rancid -d -t  cisco 172.17.1.6
> >
> >
> >
> > On Wed, Jul 3, 2019 at 12:43 PM john heasley  wrote:
> >
> > Wed, Jul 03, 2019 at 11:33:08AM -0600, Kevin Morales:
> > > Thanks Piegorsh,
> > >
> > > I did it..
> > >
> > > NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> > >
> > > but in the two file 172.17.1.6.new and 172.17.1.6.raw don't see anything
> > > about this error. both show the correct command output.
> >
> > correct command output and matching the criteria that i described below
> > for type cisco are not necessarily the same thing.  read it again.
> >
> > > On Wed, Jul 3, 2019 at 11:29 AM Piegorsch, Weylin William  > >
> > > wrote:
> > > > > *172.17.1.6 <http://172.17.1.6>: End of run not found*
> > > > > 172.17.1.6: clean_run is false
> > > > > 172.17.1.6: found_end is false
> > > > > !
> > > >
> > > > found end means that it found the end of the config; for type cisco,
> > > > that means "^end".
> > > >
> > > > clean run means that it found the cli logout; for type cisco, that
> > > > means "prompt[>#] exit$"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

2019-07-03 Thread john heasley 
Wed, Jul 03, 2019 at 11:33:08AM -0600, Kevin Morales:
> Thanks Piegorsh,
> 
> I did it..
> 
> NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> 
> but in the two file 172.17.1.6.new and 172.17.1.6.raw don't see anything
> about this error. both show the correct command output.

correct command output and matching the criteria that i described below
for type cisco are not necessarily the same thing.  read it again.

> On Wed, Jul 3, 2019 at 11:29 AM Piegorsch, Weylin William 
> wrote:
> > > *172.17.1.6 : End of run not found*
> > > 172.17.1.6: clean_run is false
> > > 172.17.1.6: found_end is false
> > > !
> >
> > found end means that it found the end of the config; for type cisco,
> > that means "^end".
> >
> > clean run means that it found the cli logout; for type cisco, that
> > means "prompt[>#] exit$"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Watchguard xml file

2019-07-03 Thread &#x27;john heasley' 
Wed, Jul 03, 2019 at 04:18:25PM +, Wayne Eisenberg:
> If I run the export command manually, it just dumps the whole thing to the 
> screen without any breaks or requests to 'hit space to continue' or things 
> like that, so I don't *think* it's a page length type setting?
> 
> Actually, I just did another review and I'm thinking that it has something to 
> do with the prompt definition. Just so we're looking at the same thing, the 
> files are here: https://github.com/hillscott/rancid-watchguard. Forked from 
> https://bitbucket.org/aquerubin/rancid-vyatta. 
> 
> In the xtmlogin file, it sets the prompt (line 436) to something I don't see. 
> In this original state, xtmlogin never recognized it finished the login. When 
> I changed that line to
> set prompt ">>|#"
> then xtmlogin completes successfully. (The prompt for this watchguard 
> firewall is "WG#")
> 

> However, in the xtm.pm module, line 102 defines it again. 

i'm not familiar with this device, but redefining (or refining) the
prompt is normal.  the filter functions and login scripts begin with
something loose, and once it sees the prompt, it can be refined to be
more precise, and may later further refine it (eg: in run_commands) to
match the prompt when/if it changes in config or other modes that are
platform dependent.

> ---
> while (/\s*($cmds_regexp)\s*$/) {
>   $cmd = $1;
>   $prompt = ">>";
    this is probably a mistake; should be part of
the while() regex.  I suspect it might be here because the author could
not make the regex below match correctly.

>   if (!defined($prompt)) {
>   $prompt = ($_ =~ /^([^>]+>)/)[0];
>   $prompt =~ s/([][}{)(\\])/\\$1/g;
>   print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
>   }
>   print STDERR ("HIT COMMAND:$_") if ($debug);
>   if (! defined($commands{$cmd})) {
>   print STDERR "$host: found unexpected command - \"$cmd\"\n";
>   $clean_run = 0;
>   last TOP;
>   }
>   $rval = &{$commands{$cmd}}($INPUT, $OUTPUT, $cmd);
>   delete($commands{$cmd});
>   if ($rval == -1) {
>   $clean_run = 0;
>   last TOP;
>   }
>   }
> ---
> Once you get to the sub ShowConfiguration section, on line 199 if it sees the 
> prompt, end. Guess what? The "#" character is inside the config (there is 
> some html code in one of the xml sections) and that is where the config ends.

seems that the prompt is ">>".

> ---
> sub ShowConfiguration {
> my($INPUT, $OUTPUT, $cmd) = @_;
> my($lines) = 0;
> my($snmp) = 0;
> print STDERR "In ShowConfiguration: $_" if ($debug);
> # We don't care about password filtering as passwords are hashed
> # So don't use this if you need it (or develop the functionality).
> if ($filter_pwds >= 1){
> print STDERR "WARNING: Password filtering isn't implemented yet!\n";
> print STDERR "Either disable password filtering in rancid.conf";
> print STDERR " or don't use this plugin.\n";
> }
> s/^[a-z]+@//;
> ProcessHistory("","","","# $_");
> while (<$INPUT>) {
>   tr/\015//d;
>   next if (/^\s*$/);
>   # end of config - hopefully.
>   # end-of-config tag.  appears to end with "\nPROMPT:~$".
>   if (/$prompt/) {
>   $found_end++;
>   last;
>   }
> ---
> 
> So I'm thinking if I can figure out a different way to define the prompt to 
> be more than just the # sign (at least in the xtm.pm), that should do the 
> trick? Can you do something like $prompt = "#$" ?

its better to anchor it and have it be as complete as reasonable.  eg:
not #
not hostname#
but ^hostname#

look at ios.pm.
.
> Wayne
> 
> 
> 
> -Original Message-
> From: john heasley  
> Sent: Tuesday, July 02, 2019 7:48 PM
> To: Wayne Eisenberg 
> Cc: 'rancid-discuss@shrubbery.net' 
> Subject: Re: [rancid] Watchguard xml file
> 
> Sat, Jun 29, 2019 at 11:46:23AM +, Wayne Eisenberg:
> > Hi,
> > 
> > OK, so I can get into the firewall and pull the config with "export config 
> > to console". However, the config file is a very large xml file, this one is 
> > about 2MB in size. However, it seems like it only recorded the first 388KB 
> > of data. Is there a size limit on what rancid can process, or maybe there 
> > was a character in the xml that rancid didn't like and it just aborted 
> > processing it? How would I go about troubleshooting this?
> > 
> 
> there is no such limit.  I would suspect a PAGER is involved, causing the 
> output to cease.
> 

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

2019-07-03 Thread john heasley 
Wed, Jul 03, 2019 at 07:48:09AM -0600, Kevin Morales:
> Hello!,
> 
> How I can fix the problem when I run rancid for ZTE Router?. I get this
> error: *End of run not found*
> 
> the two file 172.17.1.6.new and 172.17.1.6.raw don't show any error!.
> 
> NOPIPE=yes ./rancid -d -t cisco 172.17.1.6
> 
> loadtype: device type cisco
> loadtype: found device type cisco in /usr/local/rancid/etc/rancid.types.base
> executing clogin -t 90 -c"show version;show install active;show vlan;show
> running-config" 172.17.1.6
> PROMPT MATCH: RT-ZTE#
> HIT COMMAND: RT-ZTE  #show version
> In ShowVersion:  RT-ZTE  #show version
> HIT COMMAND: RT-ZTE  #show install active
> In ShowInstallActive:  RT-ZTE  #show install active
> HIT COMMAND: RT-ZTE  #show vlan
> In ShowVLAN:  RT-ZTE  #show vlan
> HIT COMMAND: RT-ZTE  #show running-config
> In WriteTerm:  RT-ZTE  #show running-config
> *172.17.1.6 : End of run not found*
> 172.17.1.6: clean_run is false
> 172.17.1.6: found_end is false
> !

found end means that it found the end of the config; for type cisco,
that means "^end".

clean run means that it found the cli logout; for type cisco, that
means "prompt[>#] exit$"

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Watchguard xml file

2019-07-02 Thread john heasley 
Sat, Jun 29, 2019 at 11:46:23AM +, Wayne Eisenberg:
> Hi,
> 
> OK, so I can get into the firewall and pull the config with "export config to 
> console". However, the config file is a very large xml file, this one is 
> about 2MB in size. However, it seems like it only recorded the first 388KB of 
> data. Is there a size limit on what rancid can process, or maybe there was a 
> character in the xml that rancid didn't like and it just aborted processing 
> it? How would I go about troubleshooting this?
> 

there is no such limit.  I would suspect a PAGER is involved, causing the
output to cease.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Notifications on Errors

2019-06-19 Thread john heasley 
Wed, Jun 19, 2019 at 12:03:42PM +0100, Craig Hopkins:
> Each one has a specific role. They don't duplicate.

It is not the errors themselves that are sent to the admin list.  it
sends notification about devices added/removed (which is duplicated
to the diff list in diff form of router.db) and when the age of a
device's collection exceed rancid.conf(5):OLDTIME time.  Off the top,
that is all that goes to admin.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Rancid running numerous times for each group? Getting ~40 config fetcher email alerts for same group in a night

2019-05-24 Thread john heasley 
Fri, May 24, 2019 at 04:17:09PM +, Ni Ne:
> Running ranicd 3.8 on CentOS 6.10, using git as the repo type.
> 
> It appears rancid is running numerous times against the same group in a given 
> night - at least if config fetches fail.
> 
> For instance, I have one group with some problematic devices, and I got 39 
> "config fetcher" emails for that same group. Looking at logs, it appears 
> rancid is parsing every group approximately the same number of times.
> 
> There is only one cronjob that kicks off rancid on the entire system:
> 
> * 0 * * * /usr/local/rancid/bin/rancid-run

man 5 crontab

min hr dom mon dow cmd

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss