Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RANCID: Users

F5 load balancer support

 

 

First page Previous page 1 2 Next page Last page  View All RANCID users RSS feed   Index | Next | Previous | View Threaded


smunzani at comcast

Jul 13, 2007, 11:45 AM

Post #1 of 38 (2567 views)
Permalink
F5 load balancer support

Hi,

Did anybody happened to hack one of Cisco scripts to support BigIP F5
boxes? It should be pretty simple. All I want to do is login and type "b
list" which is equivalent of "show run" on cisco.

However for some reason things not working. All I did was copied clogin
to f5login, copied rancid to f5rancid and added following to rancid-fe.
elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".

For some reason its not working. I can post my configs here if somebody
like to see them.

Thanks,
Sam


rancid at gheek

Jul 13, 2007, 12:28 PM

Post #2 of 38 (2512 views)
Permalink
Re: F5 load balancer support [In reply to]

What error(s) do you get when you try to run your f5rancid?

Where does it fail if you debug your f5login?


-lance

> -------- Original Message --------
> Subject: [rancid] F5 load balancer support
> From: Sam Munzani <smunzani at comcast.net>
> Date: Fri, July 13, 2007 12:45 pm
> To: rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> boxes? It should be pretty simple. All I want to do is login and type "b
> list" which is equivalent of "show run" on cisco.
>
> However for some reason things not working. All I did was copied clogin
> to f5login, copied rancid to f5rancid and added following to rancid-fe.
> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
>
> Then modified f5 rancid file and kept only one command in list of
> commands "b list".
>
> For some reason its not working. I can post my configs here if somebody
> like to see them.
>
> Thanks,
> Sam
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


smunzani at comcast

Jul 13, 2007, 1:30 PM

Post #3 of 38 (2513 views)
Permalink
Re: F5 load balancer support [In reply to]

Lance,

F5 login works fine with a minor error.

$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
root
[root at test-f5-01:Active] config # root
-bash: root: command not found
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #

I don't know how to debug otherwise I would turn on debug too. If you
can provide some hints on debug, I would appreciate it.

Thanks,
Sam
> What error(s) do you get when you try to run your f5rancid?
>
> Where does it fail if you debug your f5login?
>
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: [rancid] F5 load balancer support
>> From: Sam Munzani <smunzani at comcast.net>
>> Date: Fri, July 13, 2007 12:45 pm
>> To: rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to hack one of Cisco scripts to support BigIP F5
>> boxes? It should be pretty simple. All I want to do is login and type "b
>> list" which is equivalent of "show run" on cisco.
>>
>> However for some reason things not working. All I did was copied clogin
>> to f5login, copied rancid to f5rancid and added following to rancid-fe.
>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
>>
>> Then modified f5 rancid file and kept only one command in list of
>> commands "b list".
>>
>> For some reason its not working. I can post my configs here if somebody
>> like to see them.
>>
>> Thanks,
>> Sam
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070713/b8496639/attachment.html


smunzani at comcast

Jul 13, 2007, 1:43 PM

Post #4 of 38 (2534 views)
Permalink
Re: F5 load balancer support [In reply to]

Lance,

I edited f5login file and added "-d" on expect line. Below is what I see
in debug.
clearf5login test-f5-01
expect version 5.43.0

argv[0] = /usr/local/bin/expect argv[1] = -d argv[2] =
/opt/rancid/bin/f5login argv[3] = test-f5-01

set argc 1

set argv0 "/opt/rancid/bin/f5login"

set argv "test-f5-01"

executing commands from command file /opt/rancid/bin/f5login

test-f5-01
spawn ssh -c 3des -x -l root test-f5-01


using master pty /dev/ptyp2
parent: waiting for sync byte

parent: telling child to go ahead

parent: now unsynchronized from child

spawn: returns {30412}



expect: does "" (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no



expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| \(enable\))"? no

"Login invalid"? no

Password:

expect: does "Password: " (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does "Password: " (spawn_id exp4) match glob pattern "unknown
host\r"? no



expect: does "Password: " (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? yes

expect: set expect_out(0,string) "Password:"

expect: set expect_out(1,string) "Password"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) "Password:"

send: sending "***********\r" to { exp4 }

expect: continuing expect



expect: does " " (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no



expect: does " " (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| \(enable\))"? no

"Login invalid"? no





expect: does " \r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no



expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| \(enable\))"? no

"Login invalid"? no

Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12




expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no



expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast login:"

send: sending "root\r" to { exp4 }

expect: continuing expect



expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match regular expression "(Connection refused|Secure
connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match glob pattern "unknown host\r"? no



expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match glob pattern "Host is unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| \(enable\))"? no

"Login invalid"? no

[root at test-f5-01:Active] config #

expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4)
match regular expression "(Connection refused|Secure connection [^\n\r]+
refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no



expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4)
match glob pattern "unknown host\r"? no



expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config # " (spawn_id exp4)
match glob pattern "Host is unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| \(enable\))"? yes

expect: set expect_out(0,string) "#"

expect: set expect_out(1,string) "#"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[root at test-f5-01:Active] config #"

send: sending "\r" to { exp4 }



expect: does " " (spawn_id exp4) match regular expression "[\r\n]+"? no

"^(.+:)1 (#| \(enable\))"? no

"^.+(#| \(enable\))"? no

"^.+> \(enable\)"? no

ro

expect: does " ro" (spawn_id exp4) match regular expression "[\r\n]+"? no

"^(.+:)1 (#| \(enable\))"? no

"^.+(#| \(enable\))"? no

"^.+> \(enable\)"? no

ot

-bash: root: command not found

[root at test-f5-01:Active] config #

expect: does " root\r\n-bash: root: command not
found\r\n[root at test-f5-01:Active] config # " (spawn_id exp4) match
regular expression "[\r\n]+"? yes

expect: set expect_out(0,string) "\r\n"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " root\r\n"

expect: continuing expect



expect: does "-bash: root: command not found\r\n[root at test-f5-01:Active]
config # " (spawn_id exp4) match regular expression "[\r\n]+"? yes

expect: set expect_out(0,string) "\r\n"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) "-bash: root: command not found\r\n"

expect: continuing expect



expect: does "[root at test-f5-01:Active] config # " (spawn_id exp4) match
regular expression "[\r\n]+"? no

"^(.+:)1 (#| \(enable\))"? no

"^.+(#| \(enable\))"? yes

expect: set expect_out(0,string) "[root at test-f5-01:Active] config #"

expect: set expect_out(1,string) "#"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) "[root at test-f5-01:Active] config #"

tty_raw_noecho: was raw = 0 echo = 1

spawn id exp4 sent <\r\n>

spawn id exp4 sent <[root at test-f5-01:Active] config # >
[root at test-f5-01:Active] config # spawn id exp0 sent <\r>
spawn id exp4 sent <\r\n>

spawn id exp4 sent <[root at test-f5-01:Active] config # >
[root at test-f5-01:Active] config # spawn id exp0 sent <e>
spawn id exp4 sent <e>
espawn id exp0 sent <x>
spawn id exp4 sent <x>
xspawn id exp0 sent <i>
spawn id exp4 sent <i>
ispawn id exp0 sent <t>
spawn id exp4 sent <t>
tspawn id exp0 sent <\r>
spawn id exp4 sent <\r\nlogout\r\n>

logout
spawn id exp4 sent <\u001b[.H\u001b[.J>
[.H[.Jspawn id exp4 sent <Connection to test-f5-01 closed.\r\r\n>
Connection to test-f5-01 closed.

interact: received eof from spawn_id exp4
tty_set: raw = 0, echo = 1

tty_set: raw = 3, echo = 0


$
$

> What error(s) do you get when you try to run your f5rancid?
>
> Where does it fail if you debug your f5login?
>
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: [rancid] F5 load balancer support
>> From: Sam Munzani <smunzani at comcast.net>
>> Date: Fri, July 13, 2007 12:45 pm
>> To: rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to hack one of Cisco scripts to support BigIP F5
>> boxes? It should be pretty simple. All I want to do is login and type "b
>> list" which is equivalent of "show run" on cisco.
>>
>> However for some reason things not working. All I did was copied clogin
>> to f5login, copied rancid to f5rancid and added following to rancid-fe.
>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
>>
>> Then modified f5 rancid file and kept only one command in list of
>> commands "b list".
>>
>> For some reason its not working. I can post my configs here if somebody
>> like to see them.
>>
>> Thanks,
>> Sam
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070713/b49e1dc7/attachment.html


rancid at gheek

Jul 14, 2007, 11:11 AM

Post #5 of 38 (2518 views)
Permalink
Re: F5 load balancer support [In reply to]

Sam,

Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.

Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.

I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.

# Figure out prompts
set u_prompt [.find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login. but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]


Let me know if this works for you.

-Lance

> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer support
> From: Sam Munzani <smunzani at comcast.net>
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance <rancid at gheek.net>
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I would turn on debug too. If you
> can provide some hints on debug, I would appreciate it.
>
> Thanks,
> Sam
> > What error(s) do you get when you try to run your f5rancid?
> >
> > Where does it fail if you debug your f5login?
> >
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: [rancid] F5 load balancer support
> >> From: Sam Munzani <smunzani at comcast.net>
> >> Date: Fri, July 13, 2007 12:45 pm
> >> To: rancid-discuss at shrubbery.net
> >>
> >> Hi,
> >>
> >> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> >> boxes? It should be pretty simple. All I want to do is login and
> type "b
> >> list" which is equivalent of "show run" on cisco.
> >>
> >> However for some reason things not working. All I did was copied
> clogin
> >> to f5login, copied rancid to f5rancid and added following to
> rancid-fe.
> >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
> >>
> >> Then modified f5 rancid file and kept only one command in list of
> >> commands "b list".
> >>
> >> For some reason its not working. I can post my configs here if
> somebody
> >> like to see them.
> >>
> >> Thanks,
> >> Sam
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >
> >
> >


david at infotrek

Jul 15, 2007, 4:43 AM

Post #6 of 38 (2513 views)
Permalink
Re: F5 load balancer support [In reply to]

Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since it's
using SSH and therefore doesn't need a username prompt, solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd (<- something that won't get sent during login)

Regards,

David

On 14/07/07, Lance <rancid at gheek.net> wrote:
> Sam,
>
> Have you tried using telnet to login, if the f5 has it enabled.
> You may also want to set auto enable in your .cloginrc for this device
> as it looks to clogin as you are already in a cisco equivalent equal to
> enable since your prompt has a # sign in it.
>
> Looking at your next email along with this one it looks like you are
> already in a cisco equivalent of enable after you login. f5login seems
> to be sending your username of root as a command after you get connected
> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> 172.24.100.12" and it matches on the word "Login". See below.
>
> "(Username|Login|login|user name):"? yes
>
> expect: set expect_out(0,string) "login:"
>
> expect: set expect_out(1,string) "login"
>
> expect: set expect_out(spawn_id) "exp4"
>
> expect: set expect_out(buffer) " \r\nLast login:"
>
> send: sending "root\r" to { exp4 }
>
> expect: continuing expect
>
> You are just using a Cisco login/parsing script so it expects prompts
> from a Cisco device and in this case you have a *nix SSH banner that
> gets interrupted. I know you can use RANCID to backup *nix systems. So
> it knows how to understand connecting to a *nix system. You might want
> to try this email thread which asks about backing up Linux conifgs.
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> Or you could modify the existing f5login like so.
>
> I think you have to use the carrot before the () to work. I haven't
> checked this as I am at home and not on a UNIX system right now. Sorry
> to lazy to check it out right now. You might want to uncomment the line
> below 3. and comment out the line below 2. and see if that works. This
> is the only point in the code that I see it look for login in any line.
> If that doesn't work send me back the debug and I will see what I can
> do. I am sure some people that use expect more often then I can probably
> quickly tell you what to use as syntax there.
>
> # Figure out prompts
> set u_prompt [.find userprompt $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt "^(Username|Login|login|user name):"
> #2. Modified to read for a line beginning with Username,Login,login, or
> user name.
> set u_prompt "^(Username|Login|login|user name):"
> #3. Modified to read for a line beginning with Login or login. but I
> may be wrong
> #set u_prompt "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join [lindex $u_prompt 0] ""]
>
>
> Let me know if this works for you.
>
> -Lance
>
> > -------- Original Message --------
> > Subject: Re: [rancid] F5 load balancer support
> > From: Sam Munzani <smunzani at comcast.net>
> > Date: Fri, July 13, 2007 2:30 pm
> > To: Lance <rancid at gheek.net>
> > Cc: rancid-discuss at shrubbery.net
> >
> > Lance,
> >
> > F5 login works fine with a minor error.
> >
> > $ f5login test-f5-01
> > test-f5-01
> > spawn ssh -c 3des -x -l root test-f5-01
> > Password:
> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> > root
> > [root at test-f5-01:Active] config # root
> > -bash: root: command not found
> > [root at test-f5-01:Active] config #
> > [root at test-f5-01:Active] config #
> > [root at test-f5-01:Active] config #
> >
> > I don't know how to debug otherwise I would turn on debug too. If you
> > can provide some hints on debug, I would appreciate it.
> >
> > Thanks,
> > Sam
> > > What error(s) do you get when you try to run your f5rancid?
> > >
> > > Where does it fail if you debug your f5login?
> > >
> > >
> > > -lance
> > >
> > >
> > >> -------- Original Message --------
> > >> Subject: [rancid] F5 load balancer support
> > >> From: Sam Munzani <smunzani at comcast.net>
> > >> Date: Fri, July 13, 2007 12:45 pm
> > >> To: rancid-discuss at shrubbery.net
> > >>
> > >> Hi,
> > >>
> > >> Did anybody happened to hack one of Cisco scripts to support BigIP F5
> > >> boxes? It should be pretty simple. All I want to do is login and
> > type "b
> > >> list" which is equivalent of "show run" on cisco.
> > >>
> > >> However for some reason things not working. All I did was copied
> > clogin
> > >> to f5login, copied rancid to f5rancid and added following to
> > rancid-fe.
> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
> > >>
> > >> Then modified f5 rancid file and kept only one command in list of
> > >> commands "b list".
> > >>
> > >> For some reason its not working. I can post my configs here if
> > somebody
> > >> like to see them.
> > >>
> > >> Thanks,
> > >> Sam
> > >> _______________________________________________
> > >> Rancid-discuss mailing list
> > >> Rancid-discuss at shrubbery.net
> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>
> > >
> > >
> > >
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>


mashcraft at omniture

Jul 16, 2007, 7:39 AM

Post #7 of 38 (2518 views)
Permalink
Re: F5 load balancer support [In reply to]

Sam,

I've been working on a f5rancid script for some time now. One of my
targets was to work with the standard cisco login script [clogin].

The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:

add user hostname username
add userprompt hostname sshONLYnoPrompt #Any string without a match
works
add autoenable hostname 1
add method hostname ssh
add password hostname password

Hope this helps,

Mike

-----Original Message-----
From: rancid-discuss-bounces [at] shrubbery
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance
Sent: Saturday, July 14, 2007 1:11 PM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support

Sam,

Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.

Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
Or you could modify the existing f5login like so.

I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.

# Figure out prompts
set u_prompt [.find userprompt $router if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]


Let me know if this works for you.

-Lance

> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer support
> From: Sam Munzani <smunzani at comcast.net>
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance <rancid at gheek.net>
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I would turn on debug too. If you
> can provide some hints on debug, I would appreciate it.
>
> Thanks,
> Sam
> > What error(s) do you get when you try to run your f5rancid?
> >
> > Where does it fail if you debug your f5login?
> >
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: [rancid] F5 load balancer support
> >> From: Sam Munzani <smunzani at comcast.net>
> >> Date: Fri, July 13, 2007 12:45 pm
> >> To: rancid-discuss at shrubbery.net
> >>
> >> Hi,
> >>
> >> Did anybody happened to hack one of Cisco scripts to support BigIP
> >> F5 boxes? It should be pretty simple. All I want to do is login and
> type "b
> >> list" which is equivalent of "show run" on cisco.
> >>
> >> However for some reason things not working. All I did was copied
> clogin
> >> to f5login, copied rancid to f5rancid and added following to
> rancid-fe.
> >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
$router); }
> >>
> >> Then modified f5 rancid file and kept only one command in list of
> >> commands "b list".
> >>
> >> For some reason its not working. I can post my configs here if
> somebody
> >> like to see them.
> >>
> >> Thanks,
> >> Sam
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >
> >
> >

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


smunzani at comcast

Jul 16, 2007, 8:48 AM

Post #8 of 38 (2517 views)
Permalink
Re: F5 load balancer support [In reply to]

David,

Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?

Thanks,
Sam
> Thanks for this tip, turns out that this is also the reason the
> username gets entered at a prompt on the cisco IPS devices. Since it's
> using SSH and therefore doesn't need a username prompt, solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net> wrote:
>> Sam,
>>
>> Have you tried using telnet to login, if the f5 has it enabled.
>> You may also want to set auto enable in your .cloginrc for this device
>> as it looks to clogin as you are already in a cisco equivalent equal to
>> enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one it looks like you are
>> already in a cisco equivalent of enable after you login. f5login seems
>> to be sending your username of root as a command after you get connected
>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>> 172.24.100.12" and it matches on the word "Login". See below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script so it expects prompts
>> from a Cisco device and in this case you have a *nix SSH banner that
>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>> it knows how to understand connecting to a *nix system. You might want
>> to try this email thread which asks about backing up Linux conifgs.
>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>
>> Or you could modify the existing f5login like so.
>>
>> I think you have to use the carrot before the () to work. I haven't
>> checked this as I am at home and not on a UNIX system right now. Sorry
>> to lazy to check it out right now. You might want to uncomment the line
>> below 3. and comment out the line below 2. and see if that works. This
>> is the only point in the code that I see it look for login in any line.
>> If that doesn't work send me back the debug and I will see what I can
>> do. I am sure some people that use expect more often then I can probably
>> quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>> set u_prompt [.find userprompt $router
>> if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt "^(Username|Login|login|user name):"
>> #2. Modified to read for a line beginning with
>> Username,Login,login, or
>> user name.
>> set u_prompt "^(Username|Login|login|user name):"
>> #3. Modified to read for a line beginning with Login or login.
>> but I
>> may be wrong
>> #set u_prompt "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0] ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>> > -------- Original Message --------
>> > Subject: Re: [rancid] F5 load balancer support
>> > From: Sam Munzani <smunzani at comcast.net>
>> > Date: Fri, July 13, 2007 2:30 pm
>> > To: Lance <rancid at gheek.net>
>> > Cc: rancid-discuss at shrubbery.net
>> >
>> > Lance,
>> >
>> > F5 login works fine with a minor error.
>> >
>> > $ f5login test-f5-01
>> > test-f5-01
>> > spawn ssh -c 3des -x -l root test-f5-01
>> > Password:
>> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>> > root
>> > [root at test-f5-01:Active] config # root
>> > -bash: root: command not found
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> >
>> > I don't know how to debug otherwise I would turn on debug too. If you
>> > can provide some hints on debug, I would appreciate it.
>> >
>> > Thanks,
>> > Sam
>> > > What error(s) do you get when you try to run your f5rancid?
>> > >
>> > > Where does it fail if you debug your f5login?
>> > >
>> > >
>> > > -lance
>> > >
>> > >
>> > >> -------- Original Message --------
>> > >> Subject: [rancid] F5 load balancer support
>> > >> From: Sam Munzani <smunzani at comcast.net>
>> > >> Date: Fri, July 13, 2007 12:45 pm
>> > >> To: rancid-discuss at shrubbery.net
>> > >>
>> > >> Hi,
>> > >>
>> > >> Did anybody happened to hack one of Cisco scripts to support
>> BigIP F5
>> > >> boxes? It should be pretty simple. All I want to do is login and
>> > type "b
>> > >> list" which is equivalent of "show run" on cisco.
>> > >>
>> > >> However for some reason things not working. All I did was copied
>> > clogin
>> > >> to f5login, copied rancid to f5rancid and added following to
>> > rancid-fe.
>> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>> $router); }
>> > >>
>> > >> Then modified f5 rancid file and kept only one command in list of
>> > >> commands "b list".
>> > >>
>> > >> For some reason its not working. I can post my configs here if
>> > somebody
>> > >> like to see them.
>> > >>
>> > >> Thanks,
>> > >> Sam
>> > >> _______________________________________________
>> > >> Rancid-discuss mailing list
>> > >> Rancid-discuss at shrubbery.net
>> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> > >>
>> > >
>> > >
>> > >
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>


sam at munzani

Jul 16, 2007, 8:57 AM

Post #9 of 38 (2513 views)
Permalink
Re: F5 load balancer support [In reply to]

BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes much more
> cleaner and the "root" doesn't set sent again. I still have other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how does it do
> this miracle?
>
> Thanks,
> Sam
>
>> Thanks for this tip, turns out that this is also the reason the
>> username gets entered at a prompt on the cisco IPS devices. Since it's
>> using SSH and therefore doesn't need a username prompt, solution was
>> to simply add in .cloginrc:
>>
>> add userprompt ids* bldshgalsjd (<- something that won't get sent
>> during login)
>>
>> Regards,
>>
>> David
>>
>> On 14/07/07, Lance <rancid at gheek.net> wrote:
>>
>>> Sam,
>>>
>>> Have you tried using telnet to login, if the f5 has it enabled.
>>> You may also want to set auto enable in your .cloginrc for this device
>>> as it looks to clogin as you are already in a cisco equivalent equal to
>>> enable since your prompt has a # sign in it.
>>>
>>> Looking at your next email along with this one it looks like you are
>>> already in a cisco equivalent of enable after you login. f5login seems
>>> to be sending your username of root as a command after you get connected
>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>>> 172.24.100.12" and it matches on the word "Login". See below.
>>>
>>> "(Username|Login|login|user name):"? yes
>>>
>>> expect: set expect_out(0,string) "login:"
>>>
>>> expect: set expect_out(1,string) "login"
>>>
>>> expect: set expect_out(spawn_id) "exp4"
>>>
>>> expect: set expect_out(buffer) " \r\nLast login:"
>>>
>>> send: sending "root\r" to { exp4 }
>>>
>>> expect: continuing expect
>>>
>>> You are just using a Cisco login/parsing script so it expects prompts
>>> from a Cisco device and in this case you have a *nix SSH banner that
>>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>>> it knows how to understand connecting to a *nix system. You might want
>>> to try this email thread which asks about backing up Linux conifgs.
>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>>
>>> Or you could modify the existing f5login like so.
>>>
>>> I think you have to use the carrot before the () to work. I haven't
>>> checked this as I am at home and not on a UNIX system right now. Sorry
>>> to lazy to check it out right now. You might want to uncomment the line
>>> below 3. and comment out the line below 2. and see if that works. This
>>> is the only point in the code that I see it look for login in any line.
>>> If that doesn't work send me back the debug and I will see what I can
>>> do. I am sure some people that use expect more often then I can probably
>>> quickly tell you what to use as syntax there.
>>>
>>> # Figure out prompts
>>> set u_prompt [.find userprompt $router
>>> if { "$u_prompt" == "" } {
>>> #1. ORIGINAL
>>> #set u_prompt "^(Username|Login|login|user name):"
>>> #2. Modified to read for a line beginning with
>>> Username,Login,login, or
>>> user name.
>>> set u_prompt "^(Username|Login|login|user name):"
>>> #3. Modified to read for a line beginning with Login or login.
>>> but I
>>> may be wrong
>>> #set u_prompt "^(Username|^Login|^login|user name):"
>>> } else {
>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>>
>>>
>>> Let me know if this works for you.
>>>
>>> -Lance
>>>
>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [rancid] F5 load balancer support
>>>> From: Sam Munzani <smunzani at comcast.net>
>>>> Date: Fri, July 13, 2007 2:30 pm
>>>> To: Lance <rancid at gheek.net>
>>>> Cc: rancid-discuss at shrubbery.net
>>>>
>>>> Lance,
>>>>
>>>> F5 login works fine with a minor error.
>>>>
>>>> $ f5login test-f5-01
>>>> test-f5-01
>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>> Password:
>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>>>> root
>>>> [root at test-f5-01:Active] config # root
>>>> -bash: root: command not found
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>> [root at test-f5-01:Active] config #
>>>>
>>>> I don't know how to debug otherwise I would turn on debug too. If you
>>>> can provide some hints on debug, I would appreciate it.
>>>>
>>>> Thanks,
>>>> Sam
>>>>
>>>>> What error(s) do you get when you try to run your f5rancid?
>>>>>
>>>>> Where does it fail if you debug your f5login?
>>>>>
>>>>>
>>>>> -lance
>>>>>
>>>>>
>>>>>
>>>>>> -------- Original Message --------
>>>>>> Subject: [rancid] F5 load balancer support
>>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>>> To: rancid-discuss at shrubbery.net
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Did anybody happened to hack one of Cisco scripts to support
>>>>>>
>>> BigIP F5
>>>
>>>>>> boxes? It should be pretty simple. All I want to do is login and
>>>>>>
>>>> type "b
>>>>
>>>>>> list" which is equivalent of "show run" on cisco.
>>>>>>
>>>>>> However for some reason things not working. All I did was copied
>>>>>>
>>>> clogin
>>>>
>>>>>> to f5login, copied rancid to f5rancid and added following to
>>>>>>
>>>> rancid-fe.
>>>>
>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>>>>>>
>>> $router); }
>>>
>>>>>> Then modified f5 rancid file and kept only one command in list of
>>>>>> commands "b list".
>>>>>>
>>>>>> For some reason its not working. I can post my configs here if
>>>>>>
>>>> somebody
>>>>
>>>>>> like to see them.
>>>>>>
>>>>>> Thanks,
>>>>>> Sam
>>>>>> _______________________________________________
>>>>>> Rancid-discuss mailing list
>>>>>> Rancid-discuss at shrubbery.net
>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>>
>>>>>>
>>>>>
>>>>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/36447911/attachment.html


rancid at gheek

Jul 16, 2007, 9:20 AM

Post #10 of 38 (2530 views)
Permalink
Re: F5 load balancer support [In reply to]

Sam,

What bldshgalsjd is the prompt is looks for before it sends the
username.

Example, if the the device prompted you for a username like so, you
would use the following.

Your User name:

#.cloginrc line
add userprompt f5* "Your User name:"

This would only send your username if it found the prompt of "Your User
name:" (minus the ""). So the likely hood that it will find bldshgalsjd
would be slim to almost impossible.

-lance

> -------- Original Message --------
> Subject: Re: [rancid] Re: F5 load balancer support
> From: Sam Munzani <smunzani at comcast.net>
> Date: Mon, July 16, 2007 9:48 am
> To: David Croft <david at infotrek.co.uk>
> Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
>
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes much more
> cleaner and the "root" doesn't set sent again. I still have other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how does it do
> this miracle?
>
> Thanks,
> Sam
> > Thanks for this tip, turns out that this is also the reason the
> > username gets entered at a prompt on the cisco IPS devices. Since it's
> > using SSH and therefore doesn't need a username prompt, solution was
> > to simply add in .cloginrc:
> >
> > add userprompt ids* bldshgalsjd (<- something that won't get sent
> > during login)
> >
> > Regards,
> >
> > David
> >
> > On 14/07/07, Lance <rancid at gheek.net> wrote:
> >> Sam,
> >>
> >> Have you tried using telnet to login, if the f5 has it enabled.
> >> You may also want to set auto enable in your .cloginrc for this device
> >> as it looks to clogin as you are already in a cisco equivalent
> equal to
> >> enable since your prompt has a # sign in it.
> >>
> >> Looking at your next email along with this one it looks like you are
> >> already in a cisco equivalent of enable after you login. f5login seems
> >> to be sending your username of root as a command after you get
> connected
> >> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >> 172.24.100.12" and it matches on the word "Login". See below.
> >>
> >> "(Username|Login|login|user name):"? yes
> >>
> >> expect: set expect_out(0,string) "login:"
> >>
> >> expect: set expect_out(1,string) "login"
> >>
> >> expect: set expect_out(spawn_id) "exp4"
> >>
> >> expect: set expect_out(buffer) " \r\nLast login:"
> >>
> >> send: sending "root\r" to { exp4 }
> >>
> >> expect: continuing expect
> >>
> >> You are just using a Cisco login/parsing script so it expects prompts
> >> from a Cisco device and in this case you have a *nix SSH banner that
> >> gets interrupted. I know you can use RANCID to backup *nix systems. So
> >> it knows how to understand connecting to a *nix system. You might want
> >> to try this email thread which asks about backing up Linux conifgs.
> >> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>
> >>
> >> Or you could modify the existing f5login like so.
> >>
> >> I think you have to use the carrot before the () to work. I haven't
> >> checked this as I am at home and not on a UNIX system right now. Sorry
> >> to lazy to check it out right now. You might want to uncomment the
> line
> >> below 3. and comment out the line below 2. and see if that works. This
> >> is the only point in the code that I see it look for login in any
> line.
> >> If that doesn't work send me back the debug and I will see what I can
> >> do. I am sure some people that use expect more often then I can
> probably
> >> quickly tell you what to use as syntax there.
> >>
> >> # Figure out prompts
> >> set u_prompt [.find userprompt $router
> >> if { "$u_prompt" == "" } {
> >> #1. ORIGINAL
> >> #set u_prompt "^(Username|Login|login|user name):"
> >> #2. Modified to read for a line beginning with
> >> Username,Login,login, or
> >> user name.
> >> set u_prompt "^(Username|Login|login|user name):"
> >> #3. Modified to read for a line beginning with Login or login.
> >> but I
> >> may be wrong
> >> #set u_prompt "^(Username|^Login|^login|user name):"
> >> } else {
> >> set u_prompt [join [lindex $u_prompt 0] ""]
> >>
> >>
> >> Let me know if this works for you.
> >>
> >> -Lance
> >>
> >> > -------- Original Message --------
> >> > Subject: Re: [rancid] F5 load balancer support
> >> > From: Sam Munzani <smunzani at comcast.net>
> >> > Date: Fri, July 13, 2007 2:30 pm
> >> > To: Lance <rancid at gheek.net>
> >> > Cc: rancid-discuss at shrubbery.net
> >> >
> >> > Lance,
> >> >
> >> > F5 login works fine with a minor error.
> >> >
> >> > $ f5login test-f5-01
> >> > test-f5-01
> >> > spawn ssh -c 3des -x -l root test-f5-01
> >> > Password:
> >> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >> > root
> >> > [root at test-f5-01:Active] config # root
> >> > -bash: root: command not found
> >> > [root at test-f5-01:Active] config #
> >> > [root at test-f5-01:Active] config #
> >> > [root at test-f5-01:Active] config #
> >> >
> >> > I don't know how to debug otherwise I would turn on debug too. If
> you
> >> > can provide some hints on debug, I would appreciate it.
> >> >
> >> > Thanks,
> >> > Sam
> >> > > What error(s) do you get when you try to run your f5rancid?
> >> > >
> >> > > Where does it fail if you debug your f5login?
> >> > >
> >> > >
> >> > > -lance
> >> > >
> >> > >
> >> > >> -------- Original Message --------
> >> > >> Subject: [rancid] F5 load balancer support
> >> > >> From: Sam Munzani <smunzani at comcast.net>
> >> > >> Date: Fri, July 13, 2007 12:45 pm
> >> > >> To: rancid-discuss at shrubbery.net
> >> > >>
> >> > >> Hi,
> >> > >>
> >> > >> Did anybody happened to hack one of Cisco scripts to support
> >> BigIP F5
> >> > >> boxes? It should be pretty simple. All I want to do is login and
> >> > type "b
> >> > >> list" which is equivalent of "show run" on cisco.
> >> > >>
> >> > >> However for some reason things not working. All I did was copied
> >> > clogin
> >> > >> to f5login, copied rancid to f5rancid and added following to
> >> > rancid-fe.
> >> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >> $router); }
> >> > >>
> >> > >> Then modified f5 rancid file and kept only one command in list of
> >> > >> commands "b list".
> >> > >>
> >> > >> For some reason its not working. I can post my configs here if
> >> > somebody
> >> > >> like to see them.
> >> > >>
> >> > >> Thanks,
> >> > >> Sam
> >> > >> _______________________________________________
> >> > >> Rancid-discuss mailing list
> >> > >> Rancid-discuss at shrubbery.net
> >> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >> > >>
> >> > >
> >> > >
> >> > >
> >>
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>
> >


mashcraft at omniture

Jul 16, 2007, 9:21 AM

Post #11 of 38 (2522 views)
Permalink
Re: F5 load balancer support [In reply to]

Sam,

I've been working on a f5rancid script for some time now. One of my
targets was to work with the standard cisco login script [clogin].

The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:

add user hostname username

add userprompt hostname sshONLYnoPrompt #Any string without a match
works

add autoenable hostname 1

add method hostname ssh add password hostname password



Hope this helps,

Mike

-----Original Message-----
From: rancid-discuss-bounces [at] shrubbery
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:49 AM
To: David Croft
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support

David,

Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?

Thanks,
Sam
> Thanks for this tip, turns out that this is also the reason the
> username gets entered at a prompt on the cisco IPS devices. Since it's

> using SSH and therefore doesn't need a username prompt, solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net> wrote:
>> Sam,
>>
>> Have you tried using telnet to login, if the f5 has it enabled.
>> You may also want to set auto enable in your .cloginrc for this
>> device as it looks to clogin as you are already in a cisco equivalent

>> equal to enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one it looks like you are
>> already in a cisco equivalent of enable after you login. f5login
>> seems to be sending your username of root as a command after you get
>> connected because it sees this line "Last login: Fri Jul 13 14:38:03
>> 2007 from 172.24.100.12" and it matches on the word "Login". See
below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script so it expects prompts

>> from a Cisco device and in this case you have a *nix SSH banner that
>> gets interrupted. I know you can use RANCID to backup *nix systems.
>> So it knows how to understand connecting to a *nix system. You might
>> want to try this email thread which asks about backing up Linux
conifgs.
>>
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
>>
>> Or you could modify the existing f5login like so.
>>
>> I think you have to use the carrot before the () to work. I haven't
>> checked this as I am at home and not on a UNIX system right now.
>> Sorry to lazy to check it out right now. You might want to uncomment
>> the line below 3. and comment out the line below 2. and see if that
>> works. This is the only point in the code that I see it look for
login in any line.
>> If that doesn't work send me back the debug and I will see what I can

>> do. I am sure some people that use expect more often then I can
>> probably quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>> set u_prompt [.find userprompt $router if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt "^(Username|Login|login|user name):"
>> #2. Modified to read for a line beginning with
>> Username,Login,login, or user name.
>> set u_prompt "^(Username|Login|login|user name):"
>> #3. Modified to read for a line beginning with Login or login.

>> but I
>> may be wrong
>> #set u_prompt "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0] ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>> > -------- Original Message --------
>> > Subject: Re: [rancid] F5 load balancer support
>> > From: Sam Munzani <smunzani at comcast.net>
>> > Date: Fri, July 13, 2007 2:30 pm
>> > To: Lance <rancid at gheek.net>
>> > Cc: rancid-discuss at shrubbery.net
>> >
>> > Lance,
>> >
>> > F5 login works fine with a minor error.
>> >
>> > $ f5login test-f5-01
>> > test-f5-01
>> > spawn ssh -c 3des -x -l root test-f5-01
>> > Password:
>> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
>> > [root at test-f5-01:Active] config # root
>> > -bash: root: command not found
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> >
>> > I don't know how to debug otherwise I would turn on debug too. If
>> > you can provide some hints on debug, I would appreciate it.
>> >
>> > Thanks,
>> > Sam
>> > > What error(s) do you get when you try to run your f5rancid?
>> > >
>> > > Where does it fail if you debug your f5login?
>> > >
>> > >
>> > > -lance
>> > >
>> > >
>> > >> -------- Original Message --------
>> > >> Subject: [rancid] F5 load balancer support
>> > >> From: Sam Munzani <smunzani at comcast.net>
>> > >> Date: Fri, July 13, 2007 12:45 pm
>> > >> To: rancid-discuss at shrubbery.net
>> > >>
>> > >> Hi,
>> > >>
>> > >> Did anybody happened to hack one of Cisco scripts to support
>> BigIP F5
>> > >> boxes? It should be pretty simple. All I want to do is login and
>> > type "b
>> > >> list" which is equivalent of "show run" on cisco.
>> > >>
>> > >> However for some reason things not working. All I did was copied
>> > clogin
>> > >> to f5login, copied rancid to f5rancid and added following to
>> > rancid-fe.
>> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>> $router); }
>> > >>
>> > >> Then modified f5 rancid file and kept only one command in list
>> > >> of commands "b list".
>> > >>
>> > >> For some reason its not working. I can post my configs here if
>> > somebody
>> > >> like to see them.
>> > >>
>> > >> Thanks,
>> > >> Sam
>> > >> _______________________________________________
>> > >> Rancid-discuss mailing list
>> > >> Rancid-discuss at shrubbery.net
>> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> > >>
>> > >
>> > >
>> > >
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


smunzani at comcast

Jul 16, 2007, 10:00 AM

Post #12 of 38 (2514 views)
Permalink
Re: F5 load balancer support [In reply to]

Lance,

That makes perfect sense. Thanks a lot for a very good logical explanation.

BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.

# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);

while (<INPUT>) {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the

}
# The ContentEngine lacks a definitive "end of config" marker. If we
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}

return(0);
}

# dummy function
sub DoNothing {print STDOUT;}

# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
$cisco_cmds=join(";", at commands);
$cmds_regexp=join("|", at commands);

All I did was changed "write term" to "b list" and changed function name
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.

starting: Mon Jul 16 12:49:05 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 12:49:32 CDT 2007

Any hints would be appreciated.

Thanks,
Sam
> Sam,
>
> What bldshgalsjd is the prompt is looks for before it sends the
> username.
>
> Example, if the the device prompted you for a username like so, you
> would use the following.
>
> Your User name:
>
> #.cloginrc line
> add userprompt f5* "Your User name:"
>
> This would only send your username if it found the prompt of "Your User
> name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> would be slim to almost impossible.
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: Re: [rancid] Re: F5 load balancer support
>> From: Sam Munzani <smunzani at comcast.net>
>> Date: Mon, July 16, 2007 9:48 am
>> To: David Croft <david at infotrek.co.uk>
>> Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
>>
>> David,
>>
>> Thanks a lot for the tip. This worked well. Now f5login goes much more
>> cleaner and the "root" doesn't set sent again. I still have other issues
>> where rancid-run is backing up config properly but I am still
>> troubleshooting it.
>>
>> Now here is a question. What does "bldshgalsjd" mean and how does it do
>> this miracle?
>>
>> Thanks,
>> Sam
>>
>>> Thanks for this tip, turns out that this is also the reason the
>>> username gets entered at a prompt on the cisco IPS devices. Since it's
>>> using SSH and therefore doesn't need a username prompt, solution was
>>> to simply add in .cloginrc:
>>>
>>> add userprompt ids* bldshgalsjd (<- something that won't get sent
>>> during login)
>>>
>>> Regards,
>>>
>>> David
>>>
>>> On 14/07/07, Lance <rancid at gheek.net> wrote:
>>>
>>>> Sam,
>>>>
>>>> Have you tried using telnet to login, if the f5 has it enabled.
>>>> You may also want to set auto enable in your .cloginrc for this device
>>>> as it looks to clogin as you are already in a cisco equivalent
>>>>
>> equal to
>>
>>>> enable since your prompt has a # sign in it.
>>>>
>>>> Looking at your next email along with this one it looks like you are
>>>> already in a cisco equivalent of enable after you login. f5login seems
>>>> to be sending your username of root as a command after you get
>>>>
>> connected
>>
>>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>>>> 172.24.100.12" and it matches on the word "Login". See below.
>>>>
>>>> "(Username|Login|login|user name):"? yes
>>>>
>>>> expect: set expect_out(0,string) "login:"
>>>>
>>>> expect: set expect_out(1,string) "login"
>>>>
>>>> expect: set expect_out(spawn_id) "exp4"
>>>>
>>>> expect: set expect_out(buffer) " \r\nLast login:"
>>>>
>>>> send: sending "root\r" to { exp4 }
>>>>
>>>> expect: continuing expect
>>>>
>>>> You are just using a Cisco login/parsing script so it expects prompts
>>>> from a Cisco device and in this case you have a *nix SSH banner that
>>>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>>>> it knows how to understand connecting to a *nix system. You might want
>>>> to try this email thread which asks about backing up Linux conifgs.
>>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>>>
>>>> Or you could modify the existing f5login like so.
>>>>
>>>> I think you have to use the carrot before the () to work. I haven't
>>>> checked this as I am at home and not on a UNIX system right now. Sorry
>>>> to lazy to check it out right now. You might want to uncomment the
>>>>
>> line
>>
>>>> below 3. and comment out the line below 2. and see if that works. This
>>>> is the only point in the code that I see it look for login in any
>>>>
>> line.
>>
>>>> If that doesn't work send me back the debug and I will see what I can
>>>> do. I am sure some people that use expect more often then I can
>>>>
>> probably
>>
>>>> quickly tell you what to use as syntax there.
>>>>
>>>> # Figure out prompts
>>>> set u_prompt [.find userprompt $router
>>>> if { "$u_prompt" == "" } {
>>>> #1. ORIGINAL
>>>> #set u_prompt "^(Username|Login|login|user name):"
>>>> #2. Modified to read for a line beginning with
>>>> Username,Login,login, or
>>>> user name.
>>>> set u_prompt "^(Username|Login|login|user name):"
>>>> #3. Modified to read for a line beginning with Login or login.
>>>> but I
>>>> may be wrong
>>>> #set u_prompt "^(Username|^Login|^login|user name):"
>>>> } else {
>>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>>>
>>>>
>>>> Let me know if this works for you.
>>>>
>>>> -Lance
>>>>
>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: [rancid] F5 load balancer support
>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>> Date: Fri, July 13, 2007 2:30 pm
>>>>> To: Lance <rancid at gheek.net>
>>>>> Cc: rancid-discuss at shrubbery.net
>>>>>
>>>>> Lance,
>>>>>
>>>>> F5 login works fine with a minor error.
>>>>>
>>>>> $ f5login test-f5-01
>>>>> test-f5-01
>>>>> spawn ssh -c 3des -x -l root test-f5-01
>>>>> Password:
>>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>>>>> root
>>>>> [root at test-f5-01:Active] config # root
>>>>> -bash: root: command not found
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>> [root at test-f5-01:Active] config #
>>>>>
>>>>> I don't know how to debug otherwise I would turn on debug too. If
>>>>>
>> you
>>
>>>>> can provide some hints on debug, I would appreciate it.
>>>>>
>>>>> Thanks,
>>>>> Sam
>>>>>
>>>>>> What error(s) do you get when you try to run your f5rancid?
>>>>>>
>>>>>> Where does it fail if you debug your f5login?
>>>>>>
>>>>>>
>>>>>> -lance
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -------- Original Message --------
>>>>>>> Subject: [rancid] F5 load balancer support
>>>>>>> From: Sam Munzani <smunzani at comcast.net>
>>>>>>> Date: Fri, July 13, 2007 12:45 pm
>>>>>>> To: rancid-discuss at shrubbery.net
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Did anybody happened to hack one of Cisco scripts to support
>>>>>>>
>>>> BigIP F5
>>>>
>>>>>>> boxes? It should be pretty simple. All I want to do is login and
>>>>>>>
>>>>> type "b
>>>>>
>>>>>>> list" which is equivalent of "show run" on cisco.
>>>>>>>
>>>>>>> However for some reason things not working. All I did was copied
>>>>>>>
>>>>> clogin
>>>>>
>>>>>>> to f5login, copied rancid to f5rancid and added following to
>>>>>>>
>>>>> rancid-fe.
>>>>>
>>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>>>>>>>
>>>> $router); }
>>>>
>>>>>>> Then modified f5 rancid file and kept only one command in list of
>>>>>>> commands "b list".
>>>>>>>
>>>>>>> For some reason its not working. I can post my configs here if
>>>>>>>
>>>>> somebody
>>>>>
>>>>>>> like to see them.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Sam
>>>>>>> _______________________________________________
>>>>>>> Rancid-discuss mailing list
>>>>>>> Rancid-discuss at shrubbery.net
>>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>>
>>>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/dfdac047/attachment.html


mashcraft at omniture

Jul 16, 2007, 10:48 AM

Post #13 of 38 (2527 views)
Permalink
Re: F5 load balancer support [In reply to]

Sam,

I have a working f5rancid that I have been using for a number of months
now. I have one minor bug related to tracking installed SSL certs
which you probably don't care about. Other than that, it works great.

I did encounter and solve all the problems you have been discussing on
the list.

Let me know if you are interested in trying what I have. I have tested
it with Big-IP 9.1.2.

Mike

________________________________

From: rancid-discuss-bounces [at] shrubbery
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support


BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam


David,

Thanks a lot for the tip. This worked well. Now f5login goes
much more
cleaner and the "root" doesn't set sent again. I still have
other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd" mean and how
does it do
this miracle?

Thanks,
Sam


Thanks for this tip, turns out that this is also the
reason the
username gets entered at a prompt on the cisco IPS
devices. Since it's
using SSH and therefore doesn't need a username prompt,
solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd (<- something that
won't get sent
during login)

Regards,

David

On 14/07/07, Lance <rancid at gheek.net>
<mailto:rancid at gheek.net> wrote:


Sam,

Have you tried using telnet to login, if the f5
has it enabled.
You may also want to set auto enable in your
.cloginrc for this device
as it looks to clogin as you are already in a
cisco equivalent equal to
enable since your prompt has a # sign in it.

Looking at your next email along with this one
it looks like you are
already in a cisco equivalent of enable after
you login. f5login seems
to be sending your username of root as a command
after you get connected
because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on the word
"Login". See below.

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast
login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

You are just using a Cisco login/parsing script
so it expects prompts
from a Cisco device and in this case you have a
*nix SSH banner that
gets interrupted. I know you can use RANCID to
backup *nix systems. So
it knows how to understand connecting to a *nix
system. You might want
to try this email thread which asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

Or you could modify the existing f5login like
so.

I think you have to use the carrot before the ()
to work. I haven't
checked this as I am at home and not on a UNIX
system right now. Sorry
to lazy to check it out right now. You might
want to uncomment the line
below 3. and comment out the line below 2. and
see if that works. This
is the only point in the code that I see it look
for login in any line.
If that doesn't work send me back the debug and
I will see what I can
do. I am sure some people that use expect more
often then I can probably
quickly tell you what to use as syntax there.

# Figure out prompts
set u_prompt [.find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for a line beginning
with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user
name):"
#3. Modified to read for a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0]
""]


Let me know if this works for you.

-Lance



-------- Original Message --------
Subject: Re: [rancid] F5 load balancer
support
From: Sam Munzani <smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007 2:30 pm
To: Lance <rancid at gheek.net>
<mailto:rancid at gheek.net>
Cc: rancid-discuss at shrubbery.net

Lance,

F5 login works fine with a minor error.

$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
root
[root at test-f5-01:Active] config # root
-bash: root: command not found
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #
[root at test-f5-01:Active] config #

I don't know how to debug otherwise I
would turn on debug too. If you
can provide some hints on debug, I would
appreciate it.

Thanks,
Sam


What error(s) do you get when you try to
run your f5rancid?

Where does it fail if you debug your
f5login?


-lance




-------- Original Message --------
Subject: [rancid] F5 load balancer
support
From: Sam Munzani <smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007 12:45 pm
To: rancid-discuss at shrubbery.net

Hi,

Did anybody happened to hack one of
Cisco scripts to support


BigIP F5


boxes? It should be pretty simple. All I
want to do is login and


type "b


list" which is equivalent of "show run"
on cisco.

However for some reason things not
working. All I did was copied


clogin


to f5login, copied rancid to f5rancid
and added following to


rancid-fe.


elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid',


$router); }


Then modified f5 rancid file and kept
only one command in list of
commands "b list".

For some reason its not working. I can
post my configs here if


somebody


like to see them.

Thanks,
Sam

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss






_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss




_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/788b0a25/attachment.html


rancid at gheek

Jul 16, 2007, 10:54 AM

Post #14 of 38 (2512 views)
Permalink
Re: F5 load balancer support [In reply to]

Sam,

Is that the whole file? Attach the whole file to make sure you aren't
missing anything.

Does the f5 have a pager of sort? Meaning if you run b list does it have
a <-- More --> prompt or anything else other than the config that may
show up?

Email me your IM names and we might be able to solve it faster and then
post back to the list?

-lance

> -------- Original Message --------
> Subject: Re: [rancid] Re: F5 load balancer support
> From: Sam Munzani <smunzani at comcast.net>
> Date: Mon, July 16, 2007 11:00 am
> To: Lance <rancid at gheek.net>
> Cc: rancid-discuss at shrubbery.net, David Croft <david at infotrek.co.uk>
>
> Lance,
>
> That makes perfect sense. Thanks a lot for a very good logical
> explanation.
>
> BTW, this is what I did in f5rancid(a copy of rancid). Modified it as
> below.
>
> # This routine processes a "write term"
> sub BList {
> print STDERR " In BList: $_" if ($debug);
> my($lineauto,$comment,$linecnt) = (0,0,0);
>
> while (<INPUT>) {
> tr/\015//d;
> last if(/^$prompt/);
> return(-1) if (/command not found/i);
> $linecnt++;
> $lineauto = 0 if (/^[^ ]/);
> # some versions have other crap mixed in with the bits in the
>
> }
> # The ContentEngine lacks a definitive "end of config" marker. If we
> # know that it is a CE and we have seen at least 5 lines of b list
> # o/p, we can be reasonably sure that we got the config.
> if ($linecnt > 5) {
> $found_end = 1;
> return(1);
> }
>
> return(0);
> }
>
> # dummy function
> sub DoNothing {print STDOUT;}
>
> # Main
> %commands=(
> 'b list' => "BList"
> );
> # keys() doesnt return things in the order entered and the order of the
> # cmds is important (show version first and write term last). pita
> @commands=(
> "b list"
> );
> $cisco_cmds=join(";", at commands);
> $cmds_regexp=join("|", at commands);
>
> All I did was changed "write term" to "b list" and changed function name
> too. I also changed a little bit around finding the end of input
> variable. However it still doesn't work. I get following in my logs.
>
> starting: Mon Jul 16 12:49:05 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> !
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 12:49:32 CDT 2007
>
> Any hints would be appreciated.
>
> Thanks,
> Sam
> > Sam,
> >
> > What bldshgalsjd is the prompt is looks for before it sends the
> > username.
> >
> > Example, if the the device prompted you for a username like so, you
> > would use the following.
> >
> > Your User name:
> >
> > #.cloginrc line
> > add userprompt f5* "Your User name:"
> >
> > This would only send your username if it found the prompt of "Your User
> > name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> > would be slim to almost impossible.
> >
> > -lance
> >
> >
> >> -------- Original Message --------
> >> Subject: Re: [rancid] Re: F5 load balancer support
> >> From: Sam Munzani <smunzani at comcast.net>
> >> Date: Mon, July 16, 2007 9:48 am
> >> To: David Croft <david at infotrek.co.uk>
> >> Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
> >>
> >> David,
> >>
> >> Thanks a lot for the tip. This worked well. Now f5login goes much
> more
> >> cleaner and the "root" doesn't set sent again. I still have other
> issues
> >> where rancid-run is backing up config properly but I am still
> >> troubleshooting it.
> >>
> >> Now here is a question. What does "bldshgalsjd" mean and how does
> it do
> >> this miracle?
> >>
> >> Thanks,
> >> Sam
> >>
> >>> Thanks for this tip, turns out that this is also the reason the
> >>> username gets entered at a prompt on the cisco IPS devices. Since
> it's
> >>> using SSH and therefore doesn't need a username prompt, solution was
> >>> to simply add in .cloginrc:
> >>>
> >>> add userprompt ids* bldshgalsjd (<- something that won't get sent
> >>> during login)
> >>>
> >>> Regards,
> >>>
> >>> David
> >>>
> >>> On 14/07/07, Lance <rancid at gheek.net> wrote:
> >>>
> >>>> Sam,
> >>>>
> >>>> Have you tried using telnet to login, if the f5 has it enabled.
> >>>> You may also want to set auto enable in your .cloginrc for this
> device
> >>>> as it looks to clogin as you are already in a cisco equivalent
> >>>>
> >> equal to
> >>
> >>>> enable since your prompt has a # sign in it.
> >>>>
> >>>> Looking at your next email along with this one it looks like you are
> >>>> already in a cisco equivalent of enable after you login. f5login
> seems
> >>>> to be sending your username of root as a command after you get
> >>>>
> >> connected
> >>
> >>>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >>>> 172.24.100.12" and it matches on the word "Login". See below.
> >>>>
> >>>> "(Username|Login|login|user name):"? yes
> >>>>
> >>>> expect: set expect_out(0,string) "login:"
> >>>>
> >>>> expect: set expect_out(1,string) "login"
> >>>>
> >>>> expect: set expect_out(spawn_id) "exp4"
> >>>>
> >>>> expect: set expect_out(buffer) " \r\nLast login:"
> >>>>
> >>>> send: sending "root\r" to { exp4 }
> >>>>
> >>>> expect: continuing expect
> >>>>
> >>>> You are just using a Cisco login/parsing script so it expects
> prompts
> >>>> from a Cisco device and in this case you have a *nix SSH banner that
> >>>> gets interrupted. I know you can use RANCID to backup *nix
> systems. So
> >>>> it knows how to understand connecting to a *nix system. You might
> want
> >>>> to try this email thread which asks about backing up Linux conifgs.
> >>>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> >>>>
> >>>> Or you could modify the existing f5login like so.
> >>>>
> >>>> I think you have to use the carrot before the () to work. I haven't
> >>>> checked this as I am at home and not on a UNIX system right now.
> Sorry
> >>>> to lazy to check it out right now. You might want to uncomment the
> >>>>
> >> line
> >>
> >>>> below 3. and comment out the line below 2. and see if that works.
> This
> >>>> is the only point in the code that I see it look for login in any
> >>>>
> >> line.
> >>
> >>>> If that doesn't work send me back the debug and I will see what I
> can
> >>>> do. I am sure some people that use expect more often then I can
> >>>>
> >> probably
> >>
> >>>> quickly tell you what to use as syntax there.
> >>>>
> >>>> # Figure out prompts
> >>>> set u_prompt [.find userprompt $router
> >>>> if { "$u_prompt" == "" } {
> >>>> #1. ORIGINAL
> >>>> #set u_prompt "^(Username|Login|login|user name):"
> >>>> #2. Modified to read for a line beginning with
> >>>> Username,Login,login, or
> >>>> user name.
> >>>> set u_prompt "^(Username|Login|login|user name):"
> >>>> #3. Modified to read for a line beginning with Login or
> login.
> >>>> but I
> >>>> may be wrong
> >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> >>>> } else {
> >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> >>>>
> >>>>
> >>>> Let me know if this works for you.
> >>>>
> >>>> -Lance
> >>>>
> >>>>
> >>>>> -------- Original Message --------
> >>>>> Subject: Re: [rancid] F5 load balancer support
> >>>>> From: Sam Munzani <smunzani at comcast.net>
> >>>>> Date: Fri, July 13, 2007 2:30 pm
> >>>>> To: Lance <rancid at gheek.net>
> >>>>> Cc: rancid-discuss at shrubbery.net
> >>>>>
> >>>>> Lance,
> >>>>>
> >>>>> F5 login works fine with a minor error.
> >>>>>
> >>>>> $ f5login test-f5-01
> >>>>> test-f5-01
> >>>>> spawn ssh -c 3des -x -l root test-f5-01
> >>>>> Password:
> >>>>> Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >>>>> root
> >>>>> [root at test-f5-01:Active] config # root
> >>>>> -bash: root: command not found
> >>>>> [root at test-f5-01:Active] config #
> >>>>> [root at test-f5-01:Active] config #
> >>>>> [root at test-f5-01:Active] config #
> >>>>>
> >>>>> I don't know how to debug otherwise I would turn on debug too. If
> >>>>>
> >> you
> >>
> >>>>> can provide some hints on debug, I would appreciate it.
> >>>>>
> >>>>> Thanks,
> >>>>> Sam
> >>>>>
> >>>>>> What error(s) do you get when you try to run your f5rancid?
> >>>>>>
> >>>>>> Where does it fail if you debug your f5login?
> >>>>>>
> >>>>>>
> >>>>>> -lance
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> -------- Original Message --------
> >>>>>>> Subject: [rancid] F5 load balancer support
> >>>>>>> From: Sam Munzani <smunzani at comcast.net>
> >>>>>>> Date: Fri, July 13, 2007 12:45 pm
> >>>>>>> To: rancid-discuss at shrubbery.net
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> Did anybody happened to hack one of Cisco scripts to support
> >>>>>>>
> >>>> BigIP F5
> >>>>
> >>>>>>> boxes? It should be pretty simple. All I want to do is login and
> >>>>>>>
> >>>>> type "b
> >>>>>
> >>>>>>> list" which is equivalent of "show run" on cisco.
> >>>>>>>
> >>>>>>> However for some reason things not working. All I did was copied
> >>>>>>>
> >>>>> clogin
> >>>>>
> >>>>>>> to f5login, copied rancid to f5rancid and added following to
> >>>>>>>
> >>>>> rancid-fe.
> >>>>>
> >>>>>>> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >>>>>>>
> >>>> $router); }
> >>>>
> >>>>>>> Then modified f5 rancid file and kept only one command in list of
> >>>>>>> commands "b list".
> >>>>>>>
> >>>>>>> For some reason its not working. I can post my configs here if
> >>>>>>>
> >>>>> somebody
> >>>>>
> >>>>>>> like to see them.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Sam
> >>>>>>> _______________________________________________
> >>>>>>> Rancid-discuss mailing list
> >>>>>>> Rancid-discuss at shrubbery.net
> >>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>> _______________________________________________
> >>>> Rancid-discuss mailing list
> >>>> Rancid-discuss at shrubbery.net
> >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>
> >>>>
> >
> >
> >


heas at shrubbery

Jul 16, 2007, 1:55 PM

Post #15 of 38 (2523 views)
Permalink
Re: F5 load balancer support [In reply to]

A user gave me access to a f5, but I ran out of time and access was removed.
So, I have a nearly complete script for it that I'd like to be completed.
I'll send it to you separately.

Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani:
> Lance,
>
> That makes perfect sense. Thanks a lot for a very good logical explanation.
>
> BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.
>
> # This routine processes a "write term"
> sub BList {
> print STDERR " In BList: $_" if ($debug);
> my($lineauto,$comment,$linecnt) = (0,0,0);
>
> while (<INPUT>) {
> tr/\015//d;
> last if(/^$prompt/);
> return(-1) if (/command not found/i);
> $linecnt++;
> $lineauto = 0 if (/^[^ ]/);
> # some versions have other crap mixed in with the bits in the
>
> }
> # The ContentEngine lacks a definitive "end of config" marker. If we
> # know that it is a CE and we have seen at least 5 lines of b list
> # o/p, we can be reasonably sure that we got the config.
> if ($linecnt > 5) {
> $found_end = 1;
> return(1);
> }
>
> return(0);
> }
>
> # dummy function
> sub DoNothing {print STDOUT;}
>
> # Main
> %commands=(
> 'b list' => "BList"
> );
> # keys() doesnt return things in the order entered and the order of the
> # cmds is important (show version first and write term last). pita
> @commands=(
> "b list"
> );
> $cisco_cmds=join(";", at commands);
> $cmds_regexp=join("|", at commands);
>
> All I did was changed "write term" to "b list" and changed function name
> too. I also changed a little bit around finding the end of input
> variable. However it still doesn't work. I get following in my logs.
>
> starting: Mon Jul 16 12:49:05 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> !
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> !
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 12:49:32 CDT 2007
>
> Any hints would be appreciated.
>
> Thanks,
> Sam
> >Sam,
> >
> >What bldshgalsjd is the prompt is looks for before it sends the
> >username.
> >
> >Example, if the the device prompted you for a username like so, you
> >would use the following.
> >
> >Your User name:
> >
> >#.cloginrc line
> >add userprompt f5* "Your User name:"
> >
> >This would only send your username if it found the prompt of "Your User
> >name:" (minus the ""). So the likely hood that it will find bldshgalsjd
> >would be slim to almost impossible.
> >
> >-lance
> >
> >
> >>-------- Original Message --------
> >>Subject: Re: [rancid] Re: F5 load balancer support
> >>From: Sam Munzani <smunzani at comcast.net>
> >>Date: Mon, July 16, 2007 9:48 am
> >>To: David Croft <david at infotrek.co.uk>
> >>Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
> >>
> >>David,
> >>
> >>Thanks a lot for the tip. This worked well. Now f5login goes much more
> >>cleaner and the "root" doesn't set sent again. I still have other issues
> >>where rancid-run is backing up config properly but I am still
> >>troubleshooting it.
> >>
> >>Now here is a question. What does "bldshgalsjd" mean and how does it do
> >>this miracle?
> >>
> >>Thanks,
> >>Sam
> >>
> >>>Thanks for this tip, turns out that this is also the reason the
> >>>username gets entered at a prompt on the cisco IPS devices. Since it's
> >>>using SSH and therefore doesn't need a username prompt, solution was
> >>>to simply add in .cloginrc:
> >>>
> >>>add userprompt ids* bldshgalsjd (<- something that won't get sent
> >>>during login)
> >>>
> >>>Regards,
> >>>
> >>>David
> >>>
> >>>On 14/07/07, Lance <rancid at gheek.net> wrote:
> >>>
> >>>>Sam,
> >>>>
> >>>>Have you tried using telnet to login, if the f5 has it enabled.
> >>>>You may also want to set auto enable in your .cloginrc for this device
> >>>>as it looks to clogin as you are already in a cisco equivalent
> >>>>
> >>equal to
> >>
> >>>>enable since your prompt has a # sign in it.
> >>>>
> >>>>Looking at your next email along with this one it looks like you are
> >>>>already in a cisco equivalent of enable after you login. f5login seems
> >>>>to be sending your username of root as a command after you get
> >>>>
> >>connected
> >>
> >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
> >>>>172.24.100.12" and it matches on the word "Login". See below.
> >>>>
> >>>>"(Username|Login|login|user name):"? yes
> >>>>
> >>>>expect: set expect_out(0,string) "login:"
> >>>>
> >>>>expect: set expect_out(1,string) "login"
> >>>>
> >>>>expect: set expect_out(spawn_id) "exp4"
> >>>>
> >>>>expect: set expect_out(buffer) " \r\nLast login:"
> >>>>
> >>>>send: sending "root\r" to { exp4 }
> >>>>
> >>>>expect: continuing expect
> >>>>
> >>>>You are just using a Cisco login/parsing script so it expects prompts
> >>>>from a Cisco device and in this case you have a *nix SSH banner that
> >>>>gets interrupted. I know you can use RANCID to backup *nix systems. So
> >>>>it knows how to understand connecting to a *nix system. You might want
> >>>>to try this email thread which asks about backing up Linux conifgs.
> >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> >>>>
> >>>>Or you could modify the existing f5login like so.
> >>>>
> >>>>I think you have to use the carrot before the () to work. I haven't
> >>>>checked this as I am at home and not on a UNIX system right now. Sorry
> >>>>to lazy to check it out right now. You might want to uncomment the
> >>>>
> >>line
> >>
> >>>>below 3. and comment out the line below 2. and see if that works. This
> >>>>is the only point in the code that I see it look for login in any
> >>>>
> >>line.
> >>
> >>>>If that doesn't work send me back the debug and I will see what I can
> >>>>do. I am sure some people that use expect more often then I can
> >>>>
> >>probably
> >>
> >>>>quickly tell you what to use as syntax there.
> >>>>
> >>>># Figure out prompts
> >>>> set u_prompt [.find userprompt $router
> >>>>if { "$u_prompt" == "" } {
> >>>> #1. ORIGINAL
> >>>> #set u_prompt "^(Username|Login|login|user name):"
> >>>> #2. Modified to read for a line beginning with
> >>>>Username,Login,login, or
> >>>>user name.
> >>>> set u_prompt "^(Username|Login|login|user name):"
> >>>> #3. Modified to read for a line beginning with Login or login.
> >>>>but I
> >>>>may be wrong
> >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> >>>> } else {
> >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> >>>>
> >>>>
> >>>>Let me know if this works for you.
> >>>>
> >>>>-Lance
> >>>>
> >>>>
> >>>>>-------- Original Message --------
> >>>>>Subject: Re: [rancid] F5 load balancer support
> >>>>>From: Sam Munzani <smunzani at comcast.net>
> >>>>>Date: Fri, July 13, 2007 2:30 pm
> >>>>>To: Lance <rancid at gheek.net>
> >>>>>Cc: rancid-discuss at shrubbery.net
> >>>>>
> >>>>>Lance,
> >>>>>
> >>>>>F5 login works fine with a minor error.
> >>>>>
> >>>>>$ f5login test-f5-01
> >>>>>test-f5-01
> >>>>>spawn ssh -c 3des -x -l root test-f5-01
> >>>>>Password:
> >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> >>>>>root
> >>>>>[root at test-f5-01:Active] config # root
> >>>>>-bash: root: command not found
> >>>>>[root at test-f5-01:Active] config #
> >>>>>[root at test-f5-01:Active] config #
> >>>>>[root at test-f5-01:Active] config #
> >>>>>
> >>>>>I don't know how to debug otherwise I would turn on debug too. If
> >>>>>
> >>you
> >>
> >>>>>can provide some hints on debug, I would appreciate it.
> >>>>>
> >>>>>Thanks,
> >>>>>Sam
> >>>>>
> >>>>>>What error(s) do you get when you try to run your f5rancid?
> >>>>>>
> >>>>>>Where does it fail if you debug your f5login?
> >>>>>>
> >>>>>>
> >>>>>>-lance
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>-------- Original Message --------
> >>>>>>>Subject: [rancid] F5 load balancer support
> >>>>>>>From: Sam Munzani <smunzani at comcast.net>
> >>>>>>>Date: Fri, July 13, 2007 12:45 pm
> >>>>>>>To: rancid-discuss at shrubbery.net
> >>>>>>>
> >>>>>>>Hi,
> >>>>>>>
> >>>>>>>Did anybody happened to hack one of Cisco scripts to support
> >>>>>>>
> >>>>BigIP F5
> >>>>
> >>>>>>>boxes? It should be pretty simple. All I want to do is login and
> >>>>>>>
> >>>>>type "b
> >>>>>
> >>>>>>>list" which is equivalent of "show run" on cisco.
> >>>>>>>
> >>>>>>>However for some reason things not working. All I did was copied
> >>>>>>>
> >>>>>clogin
> >>>>>
> >>>>>>>to f5login, copied rancid to f5rancid and added following to
> >>>>>>>
> >>>>>rancid-fe.
> >>>>>
> >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> >>>>>>>
> >>>>$router); }
> >>>>
> >>>>>>>Then modified f5 rancid file and kept only one command in list of
> >>>>>>>commands "b list".
> >>>>>>>
> >>>>>>>For some reason its not working. I can post my configs here if
> >>>>>>>
> >>>>>somebody
> >>>>>
> >>>>>>>like to see them.
> >>>>>>>
> >>>>>>>Thanks,
> >>>>>>>Sam
> >>>>>>>_______________________________________________
> >>>>>>>Rancid-discuss mailing list
> >>>>>>>Rancid-discuss at shrubbery.net
> >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>_______________________________________________
> >>>>Rancid-discuss mailing list
> >>>>Rancid-discuss at shrubbery.net
> >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >>>>
> >>>>
> >
> >
> >
>

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


teun at teun

Jul 16, 2007, 2:21 PM

Post #16 of 38 (2517 views)
Permalink
Re: F5 load balancer support [In reply to]

On Mon, 2007-07-16 at 21:55 +0000, john heasley wrote:
> A user gave me access to a f5, but I ran out of time and access was removed.
> So, I have a nearly complete script for it that I'd like to be completed.
> I'll send it to you separately.


If you like someone else to test it as well, feel free to send me a
copy. Unfortunately I can't provide access to a live box due to access
policies.

Regards,
Teun


rancid at gheek

Jul 16, 2007, 2:22 PM

Post #17 of 38 (2510 views)
Permalink
Re: F5 load balancer support [In reply to]

Nice that should be helpful. I just wish I had access to an F5 still. 2
years ago I did, now I don't as I changed companies. hehe.

-Lance

> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: john heasley <heas at shrubbery.net>
> Date: Mon, July 16, 2007 2:55 pm
> To: Sam Munzani <smunzani at comcast.net>
> Cc: rancid-discuss at shrubbery.net
>
> A user gave me access to a f5, but I ran out of time and access was
> removed.
> So, I have a nearly complete script for it that I'd like to be completed.
> I'll send it to you separately.
>
> Mon, Jul 16, 2007 at 01:00:04PM -0500, Sam Munzani:
> > Lance,
> >
> > That makes perfect sense. Thanks a lot for a very good logical
> explanation.
> >
> > BTW, this is what I did in f5rancid(a copy of rancid). Modified it
> as below.
> >
> > # This routine processes a "write term"
> > sub BList {
> > print STDERR " In BList: $_" if ($debug);
> > my($lineauto,$comment,$linecnt) = (0,0,0);
> >
> > while (<INPUT>) {
> > tr/\015//d;
> > last if(/^$prompt/);
> > return(-1) if (/command not found/i);
> > $linecnt++;
> > $lineauto = 0 if (/^[^ ]/);
> > # some versions have other crap mixed in with the bits in the
> >
> > }
> > # The ContentEngine lacks a definitive "end of config" marker.
> If we
> > # know that it is a CE and we have seen at least 5 lines of b list
> > # o/p, we can be reasonably sure that we got the config.
> > if ($linecnt > 5) {
> > $found_end = 1;
> > return(1);
> > }
> >
> > return(0);
> > }
> >
> > # dummy function
> > sub DoNothing {print STDOUT;}
> >
> > # Main
> > %commands=(
> > 'b list' => "BList"
> > );
> > # keys() doesnt return things in the order entered and the order of the
> > # cmds is important (show version first and write term last). pita
> > @commands=(
> > "b list"
> > );
> > $cisco_cmds=join(";", at commands);
> > $cmds_regexp=join("|", at commands);
> >
> > All I did was changed "write term" to "b list" and changed function
> name
> > too. I also changed a little bit around finding the end of input
> > variable. However it still doesn't work. I get following in my logs.
> >
> > starting: Mon Jul 16 12:49:05 CDT 2007
> >
> >
> >
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > !
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > !
> >
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > cvs diff: cannot find configs/test-f5-01
> > cvs commit: Examining .
> > cvs commit: Examining configs
> > cvs commit: Up-to-date check failed for `configs/test-f5-01'
> > cvs [commit aborted]: correct above errors first!
> > ls: test-f5-01: No such file or directory
> >
> > ending: Mon Jul 16 12:49:32 CDT 2007
> >
> > Any hints would be appreciated.
> >
> > Thanks,
> > Sam
> > >Sam,
> > >
> > >What bldshgalsjd is the prompt is looks for before it sends the
> > >username.
> > >
> > >Example, if the the device prompted you for a username like so, you
> > >would use the following.
> > >
> > >Your User name:
> > >
> > >#.cloginrc line
> > >add userprompt f5* "Your User name:"
> > >
> > >This would only send your username if it found the prompt of "Your
> User
> > >name:" (minus the ""). So the likely hood that it will find
> bldshgalsjd
> > >would be slim to almost impossible.
> > >
> > >-lance
> > >
> > >
> > >>-------- Original Message --------
> > >>Subject: Re: [rancid] Re: F5 load balancer support
> > >>From: Sam Munzani <smunzani at comcast.net>
> > >>Date: Mon, July 16, 2007 9:48 am
> > >>To: David Croft <david at infotrek.co.uk>
> > >>Cc: Lance <rancid at gheek.net>, rancid-discuss at shrubbery.net
> > >>
> > >>David,
> > >>
> > >>Thanks a lot for the tip. This worked well. Now f5login goes much
> more
> > >>cleaner and the "root" doesn't set sent again. I still have other
> issues
> > >>where rancid-run is backing up config properly but I am still
> > >>troubleshooting it.
> > >>
> > >>Now here is a question. What does "bldshgalsjd" mean and how does
> it do
> > >>this miracle?
> > >>
> > >>Thanks,
> > >>Sam
> > >>
> > >>>Thanks for this tip, turns out that this is also the reason the
> > >>>username gets entered at a prompt on the cisco IPS devices. Since
> it's
> > >>>using SSH and therefore doesn't need a username prompt, solution was
> > >>>to simply add in .cloginrc:
> > >>>
> > >>>add userprompt ids* bldshgalsjd (<- something that won't get sent
> > >>>during login)
> > >>>
> > >>>Regards,
> > >>>
> > >>>David
> > >>>
> > >>>On 14/07/07, Lance <rancid at gheek.net> wrote:
> > >>>
> > >>>>Sam,
> > >>>>
> > >>>>Have you tried using telnet to login, if the f5 has it enabled.
> > >>>>You may also want to set auto enable in your .cloginrc for this
> device
> > >>>>as it looks to clogin as you are already in a cisco equivalent
> > >>>>
> > >>equal to
> > >>
> > >>>>enable since your prompt has a # sign in it.
> > >>>>
> > >>>>Looking at your next email along with this one it looks like you
> are
> > >>>>already in a cisco equivalent of enable after you login. f5login
> seems
> > >>>>to be sending your username of root as a command after you get
> > >>>>
> > >>connected
> > >>
> > >>>>because it sees this line "Last login: Fri Jul 13 14:38:03 2007
> from
> > >>>>172.24.100.12" and it matches on the word "Login". See below.
> > >>>>
> > >>>>"(Username|Login|login|user name):"? yes
> > >>>>
> > >>>>expect: set expect_out(0,string) "login:"
> > >>>>
> > >>>>expect: set expect_out(1,string) "login"
> > >>>>
> > >>>>expect: set expect_out(spawn_id) "exp4"
> > >>>>
> > >>>>expect: set expect_out(buffer) " \r\nLast login:"
> > >>>>
> > >>>>send: sending "root\r" to { exp4 }
> > >>>>
> > >>>>expect: continuing expect
> > >>>>
> > >>>>You are just using a Cisco login/parsing script so it expects
> prompts
> > >>>>from a Cisco device and in this case you have a *nix SSH banner
> that
> > >>>>gets interrupted. I know you can use RANCID to backup *nix
> systems. So
> > >>>>it knows how to understand connecting to a *nix system. You
> might want
> > >>>>to try this email thread which asks about backing up Linux conifgs.
> > >>>>"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
> > >>>>
> > >>>>Or you could modify the existing f5login like so.
> > >>>>
> > >>>>I think you have to use the carrot before the () to work. I haven't
> > >>>>checked this as I am at home and not on a UNIX system right now.
> Sorry
> > >>>>to lazy to check it out right now. You might want to uncomment the
> > >>>>
> > >>line
> > >>
> > >>>>below 3. and comment out the line below 2. and see if that
> works. This
> > >>>>is the only point in the code that I see it look for login in any
> > >>>>
> > >>line.
> > >>
> > >>>>If that doesn't work send me back the debug and I will see what
> I can
> > >>>>do. I am sure some people that use expect more often then I can
> > >>>>
> > >>probably
> > >>
> > >>>>quickly tell you what to use as syntax there.
> > >>>>
> > >>>># Figure out prompts
> > >>>> set u_prompt [.find userprompt $router
> > >>>>if { "$u_prompt" == "" } {
> > >>>> #1. ORIGINAL
> > >>>> #set u_prompt "^(Username|Login|login|user name):"
> > >>>> #2. Modified to read for a line beginning with
> > >>>>Username,Login,login, or
> > >>>>user name.
> > >>>> set u_prompt "^(Username|Login|login|user name):"
> > >>>> #3. Modified to read for a line beginning with Login or
> login.
> > >>>>but I
> > >>>>may be wrong
> > >>>> #set u_prompt "^(Username|^Login|^login|user name):"
> > >>>> } else {
> > >>>> set u_prompt [join [lindex $u_prompt 0] ""]
> > >>>>
> > >>>>
> > >>>>Let me know if this works for you.
> > >>>>
> > >>>>-Lance
> > >>>>
> > >>>>
> > >>>>>-------- Original Message --------
> > >>>>>Subject: Re: [rancid] F5 load balancer support
> > >>>>>From: Sam Munzani <smunzani at comcast.net>
> > >>>>>Date: Fri, July 13, 2007 2:30 pm
> > >>>>>To: Lance <rancid at gheek.net>
> > >>>>>Cc: rancid-discuss at shrubbery.net
> > >>>>>
> > >>>>>Lance,
> > >>>>>
> > >>>>>F5 login works fine with a minor error.
> > >>>>>
> > >>>>>$ f5login test-f5-01
> > >>>>>test-f5-01
> > >>>>>spawn ssh -c 3des -x -l root test-f5-01
> > >>>>>Password:
> > >>>>>Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
> > >>>>>root
> > >>>>>[root at test-f5-01:Active] config # root
> > >>>>>-bash: root: command not found
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>[root at test-f5-01:Active] config #
> > >>>>>
> > >>>>>I don't know how to debug otherwise I would turn on debug too. If
> > >>>>>
> > >>you
> > >>
> > >>>>>can provide some hints on debug, I would appreciate it.
> > >>>>>
> > >>>>>Thanks,
> > >>>>>Sam
> > >>>>>
> > >>>>>>What error(s) do you get when you try to run your f5rancid?
> > >>>>>>
> > >>>>>>Where does it fail if you debug your f5login?
> > >>>>>>
> > >>>>>>
> > >>>>>>-lance
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>>-------- Original Message --------
> > >>>>>>>Subject: [rancid] F5 load balancer support
> > >>>>>>>From: Sam Munzani <smunzani at comcast.net>
> > >>>>>>>Date: Fri, July 13, 2007 12:45 pm
> > >>>>>>>To: rancid-discuss at shrubbery.net
> > >>>>>>>
> > >>>>>>>Hi,
> > >>>>>>>
> > >>>>>>>Did anybody happened to hack one of Cisco scripts to support
> > >>>>>>>
> > >>>>BigIP F5
> > >>>>
> > >>>>>>>boxes? It should be pretty simple. All I want to do is login and
> > >>>>>>>
> > >>>>>type "b
> > >>>>>
> > >>>>>>>list" which is equivalent of "show run" on cisco.
> > >>>>>>>
> > >>>>>>>However for some reason things not working. All I did was copied
> > >>>>>>>
> > >>>>>clogin
> > >>>>>
> > >>>>>>>to f5login, copied rancid to f5rancid and added following to
> > >>>>>>>
> > >>>>>rancid-fe.
> > >>>>>
> > >>>>>>>elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
> > >>>>>>>
> > >>>>$router); }
> > >>>>
> > >>>>>>>Then modified f5 rancid file and kept only one command in
> list of
> > >>>>>>>commands "b list".
> > >>>>>>>
> > >>>>>>>For some reason its not working. I can post my configs here if
> > >>>>>>>
> > >>>>>somebody
> > >>>>>
> > >>>>>>>like to see them.
> > >>>>>>>
> > >>>>>>>Thanks,
> > >>>>>>>Sam
> > >>>>>>>_______________________________________________
> > >>>>>>>Rancid-discuss mailing list
> > >>>>>>>Rancid-discuss at shrubbery.net
> > >>>>>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>>>>>>
> > >>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>_______________________________________________
> > >>>>Rancid-discuss mailing list
> > >>>>Rancid-discuss at shrubbery.net
> > >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >>>>
> > >>>>
> > >
> > >
> > >
> >
>
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


rancid at gheek

Jul 16, 2007, 4:32 PM

Post #18 of 38 (2531 views)
Permalink
Re: F5 load balancer support [In reply to]

I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.

Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.

-lance

> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Mon, July 16, 2007 11:48 am
> To: <sam at munzani.com>
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a number of months
> now. I have one minor bug related to tracking installed SSL certs
> which you probably don't care about. Other than that, it works great.
>
> I did encounter and solve all the problems you have been discussing on
> the list.
>
> Let me know if you are interested in trying what I have. I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run now. That means
> the f5rancid file(hacked copy of rancid) is still missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I still have
> other issues
> where rancid-run is backing up config properly but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd" mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this is also the
> reason the
> username gets entered at a prompt on the cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net> wrote:
>
>
> Sam,
>
> Have you tried using telnet to login, if the f5
> has it enabled.
> You may also want to set auto enable in your
> .cloginrc for this device
> as it looks to clogin as you are already in a
> cisco equivalent equal to
> enable since your prompt has a # sign in it.
>
> Looking at your next email along with this one
> it looks like you are
> already in a cisco equivalent of enable after
> you login. f5login seems
> to be sending your username of root as a command
> after you get connected
> because it sees this line "Last login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on the word
> "Login". See below.
>
> "(Username|Login|login|user name):"? yes
>
> expect: set expect_out(0,string) "login:"
>
> expect: set expect_out(1,string) "login"
>
> expect: set expect_out(spawn_id) "exp4"
>
> expect: set expect_out(buffer) " \r\nLast
> login:"
>
> send: sending "root\r" to { exp4 }
>
> expect: continuing expect
>
> You are just using a Cisco login/parsing script
> so it expects prompts
> from a Cisco device and in this case you have a
> *nix SSH banner that
> gets interrupted. I know you can use RANCID to
> backup *nix systems. So
> it knows how to understand connecting to a *nix
> system. You might want
> to try this email thread which asks about
> backing up Linux conifgs.
>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> Or you could modify the existing f5login like
> so.
>
> I think you have to use the carrot before the ()
> to work. I haven't
> checked this as I am at home and not on a UNIX
> system right now. Sorry
> to lazy to check it out right now. You might
> want to uncomment the line
> below 3. and comment out the line below 2. and
> see if that works. This
> is the only point in the code that I see it look
> for login in any line.
> If that doesn't work send me back the debug and
> I will see what I can
> do. I am sure some people that use expect more
> often then I can probably
> quickly tell you what to use as syntax there.
>
> # Figure out prompts
> set u_prompt [.find userprompt $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt "^(Username|Login|login|user
> name):"
> #3. Modified to read for a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for you.
>
> -Lance
>
>
>
> -------- Original Message --------
> Subject: Re: [rancid] F5 load balancer
> support
> From: Sam Munzani <smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007 2:30 pm
> To: Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net>
> Cc: rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l root test-f5-01
> Password:
> Last login: Fri Jul 13 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active] config # root
> -bash: root: command not found
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
> [root at test-f5-01:Active] config #
>
> I don't know how to debug otherwise I
> would turn on debug too. If you
> can provide some hints on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get when you try to
> run your f5rancid?
>
> Where does it fail if you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original Message --------
> Subject: [rancid] F5 load balancer
> support
> From: Sam Munzani <smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007 12:45 pm
> To: rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is equivalent of "show run"
> on cisco.
>
> However for some reason things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~ /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


sam at munzani

Jul 16, 2007, 5:49 PM

Post #19 of 38 (2510 views)
Permalink
Re: F5 load balancer support [In reply to]

Lance,

Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.

All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam
> I have helped Sam get a working f5rancid which requires a f5login (only
> because it doesn't recognize the prompt with a space and exit, unless
> you enter a return before the exit). He is cleaning up all the unused
> functions and will post it.
>
> Once John H. sends out his script I will look at it and see how it
> differs from the one I did with Sam. I will even help Sam get it working
> for his setup. We will let you know when it is all working.
>
> -lance
>
>
>> -------- Original Message --------
>> Subject: [rancid] Re: F5 load balancer support
>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>> Date: Mon, July 16, 2007 11:48 am
>> To: <sam at munzani.com>
>> Cc: rancid-discuss at shrubbery.net
>>
>> Sam,
>>
>> I have a working f5rancid that I have been using for a number of months
>> now. I have one minor bug related to tracking installed SSL certs
>> which you probably don't care about. Other than that, it works great.
>>
>> I did encounter and solve all the problems you have been discussing on
>> the list.
>>
>> Let me know if you are interested in trying what I have. I have tested
>> it with Big-IP 9.1.2.
>>
>> Mike
>>
>> ________________________________
>>
>> From: rancid-discuss-bounces at shrubbery.net
>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani
>> Sent: Monday, July 16, 2007 10:58 AM
>> To: smunzani at comcast.net
>> Cc: rancid-discuss at shrubbery.net
>> Subject: [rancid] Re: F5 load balancer support
>>
>>
>> BTW, this is what I see in the log when I do rancid-run now. That means
>> the f5rancid file(hacked copy of rancid) is still missing something.
>>
>> more nfl.20070716.114842
>> starting: Mon Jul 16 11:48:42 CDT 2007
>>
>>
>>
>> Trying to get all of the configs.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 1.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 2.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 3.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 4.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>>
>> cvs diff: Diffing .
>> cvs diff: Diffing configs
>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
>>
>>
>>
>> Trying to get all of the configs.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 1.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 2.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 3.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 4.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>>
>> cvs diff: Diffing .
>> cvs diff: Diffing configs
>> cvs diff: cannot find configs/test-f5-01
>> cvs commit: Examining .
>> cvs commit: Examining configs
>> cvs commit: Up-to-date check failed for `configs/test-f5-01'
>> cvs [commit aborted]: correct above errors first!
>> ls: test-f5-01: No such file or directory
>>
>> ending: Mon Jul 16 11:49:41 CDT 2007
>>
>> Thanks,
>> Sam
>>
>>
>> David,
>>
>> Thanks a lot for the tip. This worked well. Now f5login goes
>> much more
>> cleaner and the "root" doesn't set sent again. I still have
>> other issues
>> where rancid-run is backing up config properly but I am still
>> troubleshooting it.
>>
>> Now here is a question. What does "bldshgalsjd" mean and how
>> does it do
>> this miracle?
>>
>> Thanks,
>> Sam
>>
>>
>> Thanks for this tip, turns out that this is also the
>> reason the
>> username gets entered at a prompt on the cisco IPS
>> devices. Since it's
>> using SSH and therefore doesn't need a username prompt,
>> solution was
>> to simply add in .cloginrc:
>>
>> add userprompt ids* bldshgalsjd (<- something that
>> won't get sent
>> during login)
>>
>> Regards,
>>
>> David
>>
>> On 14/07/07, Lance <rancid at gheek.net>
>> <mailto:rancid at gheek.net> wrote:
>>
>>
>> Sam,
>>
>> Have you tried using telnet to login, if the f5
>> has it enabled.
>> You may also want to set auto enable in your
>> .cloginrc for this device
>> as it looks to clogin as you are already in a
>> cisco equivalent equal to
>> enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one
>> it looks like you are
>> already in a cisco equivalent of enable after
>> you login. f5login seems
>> to be sending your username of root as a command
>> after you get connected
>> because it sees this line "Last login: Fri Jul
>> 13 14:38:03 2007 from
>> 172.24.100.12" and it matches on the word
>> "Login". See below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast
>> login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script
>> so it expects prompts
>> from a Cisco device and in this case you have a
>> *nix SSH banner that
>> gets interrupted. I know you can use RANCID to
>> backup *nix systems. So
>> it knows how to understand connecting to a *nix
>> system. You might want
>> to try this email thread which asks about
>> backing up Linux conifgs.
>>
>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>> ml"
>> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>> ml>
>>
>> Or you could modify the existing f5login like
>> so.
>>
>> I think you have to use the carrot before the ()
>> to work. I haven't
>> checked this as I am at home and not on a UNIX
>> system right now. Sorry
>> to lazy to check it out right now. You might
>> want to uncomment the line
>> below 3. and comment out the line below 2. and
>> see if that works. This
>> is the only point in the code that I see it look
>> for login in any line.
>> If that doesn't work send me back the debug and
>> I will see what I can
>> do. I am sure some people that use expect more
>> often then I can probably
>> quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>> set u_prompt [.find userprompt $router
>> if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt
>> "^(Username|Login|login|user name):"
>> #2. Modified to read for a line beginning
>> with
>> Username,Login,login, or
>> user name.
>> set u_prompt "^(Username|Login|login|user
>> name):"
>> #3. Modified to read for a line beginning
>> with Login or login.
>> but I
>> may be wrong
>> #set u_prompt
>> "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0]
>> ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>>
>>
>> -------- Original Message --------
>> Subject: Re: [rancid] F5 load balancer
>> support
>> From: Sam Munzani <smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> Date: Fri, July 13, 2007 2:30 pm
>> To: Lance <rancid at gheek.net>
>> <mailto:rancid at gheek.net>
>> Cc: rancid-discuss at shrubbery.net
>>
>> Lance,
>>
>> F5 login works fine with a minor error.
>>
>> $ f5login test-f5-01
>> test-f5-01
>> spawn ssh -c 3des -x -l root test-f5-01
>> Password:
>> Last login: Fri Jul 13 14:26:28 2007
>> from 172.24.100.12
>> root
>> [root at test-f5-01:Active] config # root
>> -bash: root: command not found
>> [root at test-f5-01:Active] config #
>> [root at test-f5-01:Active] config #
>> [root at test-f5-01:Active] config #
>>
>> I don't know how to debug otherwise I
>> would turn on debug too. If you
>> can provide some hints on debug, I would
>> appreciate it.
>>
>> Thanks,
>> Sam
>>
>>
>> What error(s) do you get when you try to
>> run your f5rancid?
>>
>> Where does it fail if you debug your
>> f5login?
>>
>>
>> -lance
>>
>>
>>
>>
>> -------- Original Message --------
>> Subject: [rancid] F5 load balancer
>> support
>> From: Sam Munzani <smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> Date: Fri, July 13, 2007 12:45 pm
>> To: rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to hack one of
>> Cisco scripts to support
>>
>>
>> BigIP F5
>>
>>
>> boxes? It should be pretty simple. All I
>> want to do is login and
>>
>>
>> type "b
>>
>>
>> list" which is equivalent of "show run"
>> on cisco.
>>
>> However for some reason things not
>> working. All I did was copied
>>
>>
>> clogin
>>
>>
>> to f5login, copied rancid to f5rancid
>> and added following to
>>
>>
>> rancid-fe.
>>
>>
>> elsif ($vendor =~ /^f5$/i)
>> { exec('f5rancid',
>>
>>
>> $router); }
>>
>>
>> Then modified f5 rancid file and kept
>> only one command in list of
>> commands "b list".
>>
>> For some reason its not working. I can
>> post my configs here if
>>
>>
>> somebody
>>
>>
>> like to see them.
>>
>> Thanks,
>> Sam
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: f5login
Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: f5rancid
Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment-0001.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rancid-fe
Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070716/fc2a7394/attachment-0002.ksh


mashcraft at omniture

Jul 17, 2007, 9:49 AM

Post #20 of 38 (2522 views)
Permalink
Re: F5 load balancer support [In reply to]

I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort.

It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.

This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a tech
out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.

I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly from
the command line on all devices [making it difficult to track down]. I
mention this because it may be an appropriate fix for other intermittent
problems sometimes discussed on this list.

Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.

Thanks,

Mike



________________________________

From: Sam Munzani [mailto:sam [at] munzani]
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support


Lance,

Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.

All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam


I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.

Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.

-lance



-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <mashcraft at omniture.com>
<mailto:mashcraft at omniture.com>
Date: Mon, July 16, 2007 11:48 am
To: <sam at munzani.com> <mailto:sam at munzani.com>
Cc: rancid-discuss at shrubbery.net

Sam,

I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.

I did encounter and solve all the problems you have been
discussing on
the list.

Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.

Mike

________________________________

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: smunzani at comcast.net
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: F5 load balancer support


BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007



Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam


David,

Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?

Thanks,
Sam


Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)

Regards,

David

On 14/07/07, Lance <rancid at gheek.net>
<mailto:rancid at gheek.net>
<mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
wrote:


Sam,

Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.

Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.

"(Username|Login|login|user
name):"? yes

expect: set expect_out(0,string)
"login:"

expect: set expect_out(1,string)
"login"

expect: set expect_out(spawn_id)
"exp4"

expect: set expect_out(buffer) "
\r\nLast
login:"

send: sending "root\r" to { exp4
}

expect: continuing expect

You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.


"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

Or you could modify the existing
f5login like
so.

I think you have to use the
carrot before the ()
to work. I haven't
checked this as I am at home and
not on a UNIX
system right now. Sorry
to lazy to check it out right
now. You might
want to uncomment the line
below 3. and comment out the
line below 2. and
see if that works. This
is the only point in the code
that I see it look
for login in any line.
If that doesn't work send me
back the debug and
I will see what I can
do. I am sure some people that
use expect more
often then I can probably
quickly tell you what to use as
syntax there.

# Figure out prompts
set u_prompt [.find userprompt
$router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for
a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to read for
a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join
[lindex $u_prompt 0]
""]


Let me know if this works for
you.

-Lance



-------- Original
Message --------
Subject: Re: [rancid]
F5 load balancer
support
From: Sam Munzani
<smunzani at comcast.net> <mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007
2:30 pm
To: Lance
<rancid at gheek.net> <mailto:rancid at gheek.net>
<mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
Cc:
rancid-discuss at shrubbery.net

Lance,

F5 login works fine with
a minor error.

$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l
root test-f5-01
Password:
Last login: Fri Jul 13
14:26:28 2007
from 172.24.100.12
root
[root at test-f5-01:Active]
config # root
-bash: root: command not
found
[root at test-f5-01:Active]
config #
[root at test-f5-01:Active]
config #
[root at test-f5-01:Active]
config #

I don't know how to
debug otherwise I
would turn on debug too. If you
can provide some hints
on debug, I would
appreciate it.

Thanks,
Sam


What error(s) do you get
when you try to
run your f5rancid?

Where does it fail if
you debug your
f5login?


-lance




-------- Original
Message --------
Subject: [rancid] F5
load balancer
support
From: Sam Munzani
<smunzani at comcast.net> <mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
<mailto:smunzani at comcast.net>
Date: Fri, July 13, 2007
12:45 pm
To:
rancid-discuss at shrubbery.net

Hi,

Did anybody happened to
hack one of
Cisco scripts to support


BigIP F5


boxes? It should be
pretty simple. All I
want to do is login and


type "b


list" which is
equivalent of "show run"
on cisco.

However for some reason
things not
working. All I did was copied


clogin


to f5login, copied
rancid to f5rancid
and added following to


rancid-fe.


elsif ($vendor =~
/^f5$/i)
{ exec('f5rancid',


$router); }


Then modified f5 rancid
file and kept
only one command in list of
commands "b list".

For some reason its not
working. I can
post my configs here if


somebody


like to see them.

Thanks,
Sam

_______________________________________________
Rancid-discuss mailing
list

Rancid-discuss at shrubbery.net


http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss







_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net


http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss




_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
_______________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: f5rancid
Type: application/octet-stream
Size: 8752 bytes
Desc: f5rancid
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/dfa722e0/attachment.obj


rancid at gheek

Jul 17, 2007, 10:00 AM

Post #21 of 38 (2523 views)
Permalink
Re: F5 load balancer support [In reply to]

Mike,

Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".

-Lance

> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Tue, July 17, 2007 10:49 am
> To: <sam at munzani.com>, "Lance" <rancid at gheek.net>
> Cc: <rancid-discuss at shrubbery.net>
>
> I have been on vacation for the last couple of weeks or I would have
> posted this sooner and possibly saved some of you a bit of effort.
>
> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly from
> the command line on all devices [making it difficult to track down]. I
> mention this because it may be an appropriate fix for other intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
>
> Thanks,
>
> Mike
>
>
>
> ________________________________
>
> From: Sam Munzani [mailto:sam at munzani.com]
> Sent: Monday, July 16, 2007 7:49 PM
> To: Lance
> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: F5 load balancer support
>
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while I
> watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some basic
> functions(non platform specific) just in case we expand this script to
> do a lot more than just "b list" output. In rancid-fe, we defined a new
> device type "f5", f5login was copied from clogin and remarked some "term
> length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are not
> parsing anything at all. All its doing is basic function of running "b
> list" command and capturing its output. As I expand more on this, I will
> be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>
>
> I have helped Sam get a working f5rancid which requires a
> f5login (only
> because it doesn't recognize the prompt with a space and exit,
> unless
> you enter a return before the exit). He is cleaning up all the
> unused
> functions and will post it.
>
> Once John H. sends out his script I will look at it and see how
> it
> differs from the one I did with Sam. I will even help Sam get it
> working
> for his setup. We will let you know when it is all working.
>
> -lance
>
>
>
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> <mailto:mashcraft at omniture.com>
> Date: Mon, July 16, 2007 11:48 am
> To: <sam at munzani.com> <mailto:sam at munzani.com>
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a
> number of months
> now. I have one minor bug related to tracking
> installed SSL certs
> which you probably don't care about. Other than that,
> it works great.
>
> I did encounter and solve all the problems you have been
> discussing on
> the list.
>
> Let me know if you are interested in trying what I have.
> I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run
> now. That means
> the f5rancid file(hacked copy of rancid) is still
> missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for
> `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now
> f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I
> still have
> other issues
> where rancid-run is backing up config properly
> but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd"
> mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this
> is also the
> reason the
> username gets entered at a prompt on the
> cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a
> username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<-
> something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net>
> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> wrote:
>
>
> Sam,
>
> Have you tried using telnet to
> login, if the f5
> has it enabled.
> You may also want to set auto
> enable in your
> .cloginrc for this device
> as it looks to clogin as you are
> already in a
> cisco equivalent equal to
> enable since your prompt has a #
> sign in it.
>
> Looking at your next email along
> with this one
> it looks like you are
> already in a cisco equivalent of
> enable after
> you login. f5login seems
> to be sending your username of
> root as a command
> after you get connected
> because it sees this line "Last
> login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on
> the word
> "Login". See below.
>
> "(Username|Login|login|user
> name):"? yes
>
> expect: set expect_out(0,string)
> "login:"
>
> expect: set expect_out(1,string)
> "login"
>
> expect: set expect_out(spawn_id)
> "exp4"
>
> expect: set expect_out(buffer) "
> \r\nLast
> login:"
>
> send: sending "root\r" to { exp4
> }
>
> expect: continuing expect
>
> You are just using a Cisco
> login/parsing script
> so it expects prompts
> from a Cisco device and in this
> case you have a
> *nix SSH banner that
> gets interrupted. I know you can
> use RANCID to
> backup *nix systems. So
> it knows how to understand
> connecting to a *nix
> system. You might want
> to try this email thread which
> asks about
> backing up Linux conifgs.
>
>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> Or you could modify the existing
> f5login like
> so.
>
> I think you have to use the
> carrot before the ()
> to work. I haven't
> checked this as I am at home and
> not on a UNIX
> system right now. Sorry
> to lazy to check it out right
> now. You might
> want to uncomment the line
> below 3. and comment out the
> line below 2. and
> see if that works. This
> is the only point in the code
> that I see it look
> for login in any line.
> If that doesn't work send me
> back the debug and
> I will see what I can
> do. I am sure some people that
> use expect more
> often then I can probably
> quickly tell you what to use as
> syntax there.
>
> # Figure out prompts
> set u_prompt [.find userprompt
> $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for
> a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt
> "^(Username|Login|login|user
> name):"
> #3. Modified to read for
> a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join
> [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for
> you.
>
> -Lance
>
>
>
> -------- Original
> Message --------
> Subject: Re: [rancid]
> F5 load balancer
> support
> From: Sam Munzani
> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007
> 2:30 pm
> To: Lance
> <rancid at gheek.net> <mailto:rancid at gheek.net>
> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> Cc:
> rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with
> a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l
> root test-f5-01
> Password:
> Last login: Fri Jul 13
> 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active]
> config # root
> -bash: root: command not
> found
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
>
> I don't know how to
> debug otherwise I
> would turn on debug too. If you
> can provide some hints
> on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get
> when you try to
> run your f5rancid?
>
> Where does it fail if
> you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original
> Message --------
> Subject: [rancid] F5
> load balancer
> support
> From: Sam Munzani
> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007
> 12:45 pm
> To:
> rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to
> hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be
> pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is
> equivalent of "show run"
> on cisco.
>
> However for some reason
> things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied
> rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~
> /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid
> file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not
> working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing
> list
>
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
> _______________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


rmordasiewicz at samuelmanutech

Jul 17, 2007, 11:31 AM

Post #22 of 38 (2523 views)
Permalink
Re: F5 load balancer support [In reply to]

On Tue, 17 Jul 2007, Mike Ashcraft wrote:

> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly from
> the command line on all devices [making it difficult to track down]. I
> mention this because it may be an appropriate fix for other intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.

I just installed the file and followed the instructions and it worked.
One thing you might want to add in the instructions is that the user must
edit the rancid-fe file to assiciate the device type with executing this
file, however if this becomes part of the main distribution then it will
just work.


--


mashcraft at omniture

Jul 17, 2007, 11:35 AM

Post #23 of 38 (2523 views)
Permalink
Re: F5 load balancer support [In reply to]

Lance,

Thanks for the feedback.

"b list" and "cat bigip.conf" are equivalent with the exception that b
list may reflect changes made in the cli that are not saved and will be
lost on reboot. Changes made using the web configuration tool are
automatically saved. "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights. This
file has the software configuration.

The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.

One could debate whether the f5rancid script should get the saved
configuration files or the running config or both. For cisco devices,
rancid obtains both. I'll look at adding both.

Mike

-----Original Message-----
From: Lance [mailto:rancid [at] gheek]
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Cc: rancid-discuss at shrubbery.net; sam at munzani.com
Subject: RE: [rancid] Re: F5 load balancer support

Mike,

Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".

-Lance

> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Tue, July 17, 2007 10:49 am
> To: <sam at munzani.com>, "Lance" <rancid at gheek.net>
> Cc: <rancid-discuss at shrubbery.net>
>
> I have been on vacation for the last couple of weeks or I would have
> posted this sooner and possibly saved some of you a bit of effort.
>
> It sounds like Lance and Sam have put together a working f5rancid with
> basic functionality which Sam posted last night. I have attached my
> f5rancid which I have been running for a few months. Installation
> instructions are included as comments in the file. This version uses
> clogin so that a separate f5login script is not required.
>
> This version formats and processes the output to make it more usable.
> As far as what is captured, I based this on the F5 equivalent of a
tech
> out. It grabs a copy of all the configuration files, hardware
> configuration and software version as well as the timestamps and file
> sizes for SSL certs hosted on the device. This facilitates rebuilding
> from scratch as quickly as possible if this is ever needed.
>
> I was able to resolve the bug I mentioned yesterday by increasing the
> clogin timeout. On a small number of devices it failed to process the
> last few commands when running from cron but always worked properly
from
> the command line on all devices [making it difficult to track down].
I
> mention this because it may be an appropriate fix for other
intermittent
> problems sometimes discussed on this list.
>
> Any feedback is appreciated. I hope to get f5 support added to future
> releases of rancid.
>
> Thanks,
>
> Mike
>
>
>
> ________________________________
>
> From: Sam Munzani [mailto:sam at munzani.com]
> Sent: Monday, July 16, 2007 7:49 PM
> To: Lance
> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: F5 load balancer support
>
>
> Lance,
>
> Thanks a lot for all your help. Pretty much you did all the work while
I
> watched what you are doing :-)..
>
> Attached are cleaned up files. In f5rancid file, I have left some
basic
> functions(non platform specific) just in case we expand this script to
> do a lot more than just "b list" output. In rancid-fe, we defined a
new
> device type "f5", f5login was copied from clogin and remarked some
"term
> length" statements we don't need on F5.
>
> All 3 files are attached and working great. Please be aware, we are
not
> parsing anything at all. All its doing is basic function of running "b
> list" command and capturing its output. As I expand more on this, I
will
> be sure to share with the audience here.
>
> Again, thanks a lot for all your help today.
>
> Regards,
> Sam
>
>
> I have helped Sam get a working f5rancid which requires a
> f5login (only
> because it doesn't recognize the prompt with a space and exit,
> unless
> you enter a return before the exit). He is cleaning up all the
> unused
> functions and will post it.
>
> Once John H. sends out his script I will look at it and see how
> it
> differs from the one I did with Sam. I will even help Sam get it
> working
> for his setup. We will let you know when it is all working.
>
> -lance
>
>
>
> -------- Original Message --------
> Subject: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> <mailto:mashcraft at omniture.com>
> Date: Mon, July 16, 2007 11:48 am
> To: <sam at munzani.com> <mailto:sam at munzani.com>
> Cc: rancid-discuss at shrubbery.net
>
> Sam,
>
> I have a working f5rancid that I have been using for a
> number of months
> now. I have one minor bug related to tracking
> installed SSL certs
> which you probably don't care about. Other than that,
> it works great.
>
> I did encounter and solve all the problems you have been
> discussing on
> the list.
>
> Let me know if you are interested in trying what I have.
> I have tested
> it with Big-IP 9.1.2.
>
> Mike
>
> ________________________________
>
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> Of Sam Munzani
> Sent: Monday, July 16, 2007 10:58 AM
> To: smunzani at comcast.net
> Cc: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: F5 load balancer support
>
>
> BTW, this is what I see in the log when I do rancid-run
> now. That means
> the f5rancid file(hacked copy of rancid) is still
> missing something.
>
> more nfl.20070716.114842
> starting: Mon Jul 16 11:48:42 CDT 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> 2007
>
>
>
> Trying to get all of the configs.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 1.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 2.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 3.
> test-f5-01: End of run not found
> -bash: write: command not found
> =====================================
> Getting missed routers: round 4.
> test-f5-01: End of run not found
> -bash: write: command not found
>
> cvs diff: Diffing .
> cvs diff: Diffing configs
> cvs diff: cannot find configs/test-f5-01
> cvs commit: Examining .
> cvs commit: Examining configs
> cvs commit: Up-to-date check failed for
> `configs/test-f5-01'
> cvs [commit aborted]: correct above errors first!
> ls: test-f5-01: No such file or directory
>
> ending: Mon Jul 16 11:49:41 CDT 2007
>
> Thanks,
> Sam
>
>
> David,
>
> Thanks a lot for the tip. This worked well. Now
> f5login goes
> much more
> cleaner and the "root" doesn't set sent again. I
> still have
> other issues
> where rancid-run is backing up config properly
> but I am still
> troubleshooting it.
>
> Now here is a question. What does "bldshgalsjd"
> mean and how
> does it do
> this miracle?
>
> Thanks,
> Sam
>
>
> Thanks for this tip, turns out that this
> is also the
> reason the
> username gets entered at a prompt on the
> cisco IPS
> devices. Since it's
> using SSH and therefore doesn't need a
> username prompt,
> solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<-
> something that
> won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net>
> <mailto:rancid at gheek.net>
> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> wrote:
>
>
> Sam,
>
> Have you tried using telnet to
> login, if the f5
> has it enabled.
> You may also want to set auto
> enable in your
> .cloginrc for this device
> as it looks to clogin as you are
> already in a
> cisco equivalent equal to
> enable since your prompt has a #
> sign in it.
>
> Looking at your next email along
> with this one
> it looks like you are
> already in a cisco equivalent of
> enable after
> you login. f5login seems
> to be sending your username of
> root as a command
> after you get connected
> because it sees this line "Last
> login: Fri Jul
> 13 14:38:03 2007 from
> 172.24.100.12" and it matches on
> the word
> "Login". See below.
>
> "(Username|Login|login|user
> name):"? yes
>
> expect: set expect_out(0,string)
> "login:"
>
> expect: set expect_out(1,string)
> "login"
>
> expect: set expect_out(spawn_id)
> "exp4"
>
> expect: set expect_out(buffer) "
> \r\nLast
> login:"
>
> send: sending "root\r" to { exp4
> }
>
> expect: continuing expect
>
> You are just using a Cisco
> login/parsing script
> so it expects prompts
> from a Cisco device and in this
> case you have a
> *nix SSH banner that
> gets interrupted. I know you can
> use RANCID to
> backup *nix systems. So
> it knows how to understand
> connecting to a *nix
> system. You might want
> to try this email thread which
> asks about
> backing up Linux conifgs.
>
>
>
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml"
>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> ml>
>
> Or you could modify the existing
> f5login like
> so.
>
> I think you have to use the
> carrot before the ()
> to work. I haven't
> checked this as I am at home and
> not on a UNIX
> system right now. Sorry
> to lazy to check it out right
> now. You might
> want to uncomment the line
> below 3. and comment out the
> line below 2. and
> see if that works. This
> is the only point in the code
> that I see it look
> for login in any line.
> If that doesn't work send me
> back the debug and
> I will see what I can
> do. I am sure some people that
> use expect more
> often then I can probably
> quickly tell you what to use as
> syntax there.
>
> # Figure out prompts
> set u_prompt [.find userprompt
> $router
> if { "$u_prompt" == "" } {
> #1. ORIGINAL
> #set u_prompt
> "^(Username|Login|login|user name):"
> #2. Modified to read for
> a line beginning
> with
> Username,Login,login, or
> user name.
> set u_prompt
> "^(Username|Login|login|user
> name):"
> #3. Modified to read for
> a line beginning
> with Login or login.
> but I
> may be wrong
> #set u_prompt
> "^(Username|^Login|^login|user name):"
> } else {
> set u_prompt [join
> [lindex $u_prompt 0]
> ""]
>
>
> Let me know if this works for
> you.
>
> -Lance
>
>
>
> -------- Original
> Message --------
> Subject: Re: [rancid]
> F5 load balancer
> support
> From: Sam Munzani
> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007
> 2:30 pm
> To: Lance
> <rancid at gheek.net> <mailto:rancid at gheek.net>
> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> Cc:
> rancid-discuss at shrubbery.net
>
> Lance,
>
> F5 login works fine with
> a minor error.
>
> $ f5login test-f5-01
> test-f5-01
> spawn ssh -c 3des -x -l
> root test-f5-01
> Password:
> Last login: Fri Jul 13
> 14:26:28 2007
> from 172.24.100.12
> root
> [root at test-f5-01:Active]
> config # root
> -bash: root: command not
> found
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
> [root at test-f5-01:Active]
> config #
>
> I don't know how to
> debug otherwise I
> would turn on debug too. If you
> can provide some hints
> on debug, I would
> appreciate it.
>
> Thanks,
> Sam
>
>
> What error(s) do you get
> when you try to
> run your f5rancid?
>
> Where does it fail if
> you debug your
> f5login?
>
>
> -lance
>
>
>
>
> -------- Original
> Message --------
> Subject: [rancid] F5
> load balancer
> support
> From: Sam Munzani
> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> <mailto:smunzani at comcast.net>
> Date: Fri, July 13, 2007
> 12:45 pm
> To:
> rancid-discuss at shrubbery.net
>
> Hi,
>
> Did anybody happened to
> hack one of
> Cisco scripts to support
>
>
> BigIP F5
>
>
> boxes? It should be
> pretty simple. All I
> want to do is login and
>
>
> type "b
>
>
> list" which is
> equivalent of "show run"
> on cisco.
>
> However for some reason
> things not
> working. All I did was copied
>
>
> clogin
>
>
> to f5login, copied
> rancid to f5rancid
> and added following to
>
>
> rancid-fe.
>
>
> elsif ($vendor =~
> /^f5$/i)
> { exec('f5rancid',
>
>
> $router); }
>
>
> Then modified f5 rancid
> file and kept
> only one command in list of
> commands "b list".
>
> For some reason its not
> working. I can
> post my configs here if
>
>
> somebody
>
>
> like to see them.
>
> Thanks,
> Sam
>
> _______________________________________________
> Rancid-discuss mailing
> list
>
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
>
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
> _______________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


sam at munzani

Jul 17, 2007, 11:59 AM

Post #24 of 38 (2511 views)
Permalink
Re: F5 load balancer support [In reply to]

Mike,

I am curious how did you get around using clogin without any changes.
Lance and I ran in to "term length" command issue. clogin was trying to
run that command on f5 which set errors and F5 never declared it a clean
run until we remarked out "term length" line. That's why we thought
having a separate f5login was good idea to filter out cisco specific
login routines :-)

BTW, your script is working great and I have started using it. Your
script do a little more than "b list" I had. Specially "cat
bigip_base.conf" which is needed to rebuild the box.

Thanks,
Sam
> Lance,
>
> Thanks for the feedback.
>
> "b list" and "cat bigip.conf" are equivalent with the exception that b
> list may reflect changes made in the cli that are not saved and will be
> lost on reboot. Changes made using the web configuration tool are
> automatically saved. "b list" may also limit what the rancid user can
> see to a partial view if the user is not given sufficient rights. This
> file has the software configuration.
>
> The other file, bigip_base.conf contains interface configuration,
> management IP addresses, routing, VLANs etc.
>
> One could debate whether the f5rancid script should get the saved
> configuration files or the running config or both. For cisco devices,
> rancid obtains both. I'll look at adding both.
>
> Mike
>
> -----Original Message-----
> From: Lance [mailto:rancid at gheek.net]
> Sent: Tuesday, July 17, 2007 12:00 PM
> To: Mike Ashcraft
> Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> Subject: RE: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Looks really nice. I am guessing the bigip.conf or the other file is
> what is displayed with "b list".
>
> -Lance
>
>
>> -------- Original Message --------
>> Subject: RE: [rancid] Re: F5 load balancer support
>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>> Date: Tue, July 17, 2007 10:49 am
>> To: <sam at munzani.com>, "Lance" <rancid at gheek.net>
>> Cc: <rancid-discuss at shrubbery.net>
>>
>> I have been on vacation for the last couple of weeks or I would have
>> posted this sooner and possibly saved some of you a bit of effort.
>>
>> It sounds like Lance and Sam have put together a working f5rancid with
>> basic functionality which Sam posted last night. I have attached my
>> f5rancid which I have been running for a few months. Installation
>> instructions are included as comments in the file. This version uses
>> clogin so that a separate f5login script is not required.
>>
>> This version formats and processes the output to make it more usable.
>> As far as what is captured, I based this on the F5 equivalent of a
>>
> tech
>
>> out. It grabs a copy of all the configuration files, hardware
>> configuration and software version as well as the timestamps and file
>> sizes for SSL certs hosted on the device. This facilitates rebuilding
>> from scratch as quickly as possible if this is ever needed.
>>
>> I was able to resolve the bug I mentioned yesterday by increasing the
>> clogin timeout. On a small number of devices it failed to process the
>> last few commands when running from cron but always worked properly
>>
> from
>
>> the command line on all devices [making it difficult to track down].
>>
> I
>
>> mention this because it may be an appropriate fix for other
>>
> intermittent
>
>> problems sometimes discussed on this list.
>>
>> Any feedback is appreciated. I hope to get f5 support added to future
>> releases of rancid.
>>
>> Thanks,
>>
>> Mike
>>
>>
>>
>> ________________________________
>>
>> From: Sam Munzani [mailto:sam at munzani.com]
>> Sent: Monday, July 16, 2007 7:49 PM
>> To: Lance
>> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] Re: F5 load balancer support
>>
>>
>> Lance,
>>
>> Thanks a lot for all your help. Pretty much you did all the work while
>>
> I
>
>> watched what you are doing :-)..
>>
>> Attached are cleaned up files. In f5rancid file, I have left some
>>
> basic
>
>> functions(non platform specific) just in case we expand this script to
>> do a lot more than just "b list" output. In rancid-fe, we defined a
>>
> new
>
>> device type "f5", f5login was copied from clogin and remarked some
>>
> "term
>
>> length" statements we don't need on F5.
>>
>> All 3 files are attached and working great. Please be aware, we are
>>
> not
>
>> parsing anything at all. All its doing is basic function of running "b
>> list" command and capturing its output. As I expand more on this, I
>>
> will
>
>> be sure to share with the audience here.
>>
>> Again, thanks a lot for all your help today.
>>
>> Regards,
>> Sam
>>
>>
>> I have helped Sam get a working f5rancid which requires a
>> f5login (only
>> because it doesn't recognize the prompt with a space and exit,
>> unless
>> you enter a return before the exit). He is cleaning up all the
>> unused
>> functions and will post it.
>>
>> Once John H. sends out his script I will look at it and see how
>> it
>> differs from the one I did with Sam. I will even help Sam get it
>> working
>> for his setup. We will let you know when it is all working.
>>
>> -lance
>>
>>
>>
>> -------- Original Message --------
>> Subject: [rancid] Re: F5 load balancer support
>> From: "Mike Ashcraft" <mashcraft at omniture.com>
>> <mailto:mashcraft at omniture.com>
>> Date: Mon, July 16, 2007 11:48 am
>> To: <sam at munzani.com> <mailto:sam at munzani.com>
>> Cc: rancid-discuss at shrubbery.net
>>
>> Sam,
>>
>> I have a working f5rancid that I have been using for a
>> number of months
>> now. I have one minor bug related to tracking
>> installed SSL certs
>> which you probably don't care about. Other than that,
>> it works great.
>>
>> I did encounter and solve all the problems you have been
>> discussing on
>> the list.
>>
>> Let me know if you are interested in trying what I have.
>> I have tested
>> it with Big-IP 9.1.2.
>>
>> Mike
>>
>> ________________________________
>>
>> From: rancid-discuss-bounces at shrubbery.net
>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
>> Of Sam Munzani
>> Sent: Monday, July 16, 2007 10:58 AM
>> To: smunzani at comcast.net
>> Cc: rancid-discuss at shrubbery.net
>> Subject: [rancid] Re: F5 load balancer support
>>
>>
>> BTW, this is what I see in the log when I do rancid-run
>> now. That means
>> the f5rancid file(hacked copy of rancid) is still
>> missing something.
>>
>> more nfl.20070716.114842
>> starting: Mon Jul 16 11:48:42 CDT 2007
>>
>>
>>
>> Trying to get all of the configs.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 1.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 2.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 3.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 4.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>>
>> cvs diff: Diffing .
>> cvs diff: Diffing configs
>> nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
>> 2007
>>
>>
>>
>> Trying to get all of the configs.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 1.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 2.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 3.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>> =====================================
>> Getting missed routers: round 4.
>> test-f5-01: End of run not found
>> -bash: write: command not found
>>
>> cvs diff: Diffing .
>> cvs diff: Diffing configs
>> cvs diff: cannot find configs/test-f5-01
>> cvs commit: Examining .
>> cvs commit: Examining configs
>> cvs commit: Up-to-date check failed for
>> `configs/test-f5-01'
>> cvs [commit aborted]: correct above errors first!
>> ls: test-f5-01: No such file or directory
>>
>> ending: Mon Jul 16 11:49:41 CDT 2007
>>
>> Thanks,
>> Sam
>>
>>
>> David,
>>
>> Thanks a lot for the tip. This worked well. Now
>> f5login goes
>> much more
>> cleaner and the "root" doesn't set sent again. I
>> still have
>> other issues
>> where rancid-run is backing up config properly
>> but I am still
>> troubleshooting it.
>>
>> Now here is a question. What does "bldshgalsjd"
>> mean and how
>> does it do
>> this miracle?
>>
>> Thanks,
>> Sam
>>
>>
>> Thanks for this tip, turns out that this
>> is also the
>> reason the
>> username gets entered at a prompt on the
>> cisco IPS
>> devices. Since it's
>> using SSH and therefore doesn't need a
>> username prompt,
>> solution was
>> to simply add in .cloginrc:
>>
>> add userprompt ids* bldshgalsjd (<-
>> something that
>> won't get sent
>> during login)
>>
>> Regards,
>>
>> David
>>
>> On 14/07/07, Lance <rancid at gheek.net>
>> <mailto:rancid at gheek.net>
>> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
>> wrote:
>>
>>
>> Sam,
>>
>> Have you tried using telnet to
>> login, if the f5
>> has it enabled.
>> You may also want to set auto
>> enable in your
>> .cloginrc for this device
>> as it looks to clogin as you are
>> already in a
>> cisco equivalent equal to
>> enable since your prompt has a #
>> sign in it.
>>
>> Looking at your next email along
>> with this one
>> it looks like you are
>> already in a cisco equivalent of
>> enable after
>> you login. f5login seems
>> to be sending your username of
>> root as a command
>> after you get connected
>> because it sees this line "Last
>> login: Fri Jul
>> 13 14:38:03 2007 from
>> 172.24.100.12" and it matches on
>> the word
>> "Login". See below.
>>
>> "(Username|Login|login|user
>> name):"? yes
>>
>> expect: set expect_out(0,string)
>> "login:"
>>
>> expect: set expect_out(1,string)
>> "login"
>>
>> expect: set expect_out(spawn_id)
>> "exp4"
>>
>> expect: set expect_out(buffer) "
>> \r\nLast
>> login:"
>>
>> send: sending "root\r" to { exp4
>> }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco
>> login/parsing script
>> so it expects prompts
>> from a Cisco device and in this
>> case you have a
>> *nix SSH banner that
>> gets interrupted. I know you can
>> use RANCID to
>> backup *nix systems. So
>> it knows how to understand
>> connecting to a *nix
>> system. You might want
>> to try this email thread which
>> asks about
>> backing up Linux conifgs.
>>
>>
>>
>>
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml"
>>
>>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml>
>>
>>
>>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml>
>>
>>
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
>
>> ml>
>>
>> Or you could modify the existing
>> f5login like
>> so.
>>
>> I think you have to use the
>> carrot before the ()
>> to work. I haven't
>> checked this as I am at home and
>> not on a UNIX
>> system right now. Sorry
>> to lazy to check it out right
>> now. You might
>> want to uncomment the line
>> below 3. and comment out the
>> line below 2. and
>> see if that works. This
>> is the only point in the code
>> that I see it look
>> for login in any line.
>> If that doesn't work send me
>> back the debug and
>> I will see what I can
>> do. I am sure some people that
>> use expect more
>> often then I can probably
>> quickly tell you what to use as
>> syntax there.
>>
>> # Figure out prompts
>> set u_prompt [.find userprompt
>> $router
>> if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt
>> "^(Username|Login|login|user name):"
>> #2. Modified to read for
>> a line beginning
>> with
>> Username,Login,login, or
>> user name.
>> set u_prompt
>> "^(Username|Login|login|user
>> name):"
>> #3. Modified to read for
>> a line beginning
>> with Login or login.
>> but I
>> may be wrong
>> #set u_prompt
>> "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join
>> [lindex $u_prompt 0]
>> ""]
>>
>>
>> Let me know if this works for
>> you.
>>
>> -Lance
>>
>>
>>
>> -------- Original
>> Message --------
>> Subject: Re: [rancid]
>> F5 load balancer
>> support
>> From: Sam Munzani
>> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> Date: Fri, July 13, 2007
>> 2:30 pm
>> To: Lance
>> <rancid at gheek.net> <mailto:rancid at gheek.net>
>> <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
>> Cc:
>> rancid-discuss at shrubbery.net
>>
>> Lance,
>>
>> F5 login works fine with
>> a minor error.
>>
>> $ f5login test-f5-01
>> test-f5-01
>> spawn ssh -c 3des -x -l
>> root test-f5-01
>> Password:
>> Last login: Fri Jul 13
>> 14:26:28 2007
>> from 172.24.100.12
>> root
>> [root at test-f5-01:Active]
>> config # root
>> -bash: root: command not
>> found
>> [root at test-f5-01:Active]
>> config #
>> [root at test-f5-01:Active]
>> config #
>> [root at test-f5-01:Active]
>> config #
>>
>> I don't know how to
>> debug otherwise I
>> would turn on debug too. If you
>> can provide some hints
>> on debug, I would
>> appreciate it.
>>
>> Thanks,
>> Sam
>>
>>
>> What error(s) do you get
>> when you try to
>> run your f5rancid?
>>
>> Where does it fail if
>> you debug your
>> f5login?
>>
>>
>> -lance
>>
>>
>>
>>
>> -------- Original
>> Message --------
>> Subject: [rancid] F5
>> load balancer
>> support
>> From: Sam Munzani
>> <smunzani at comcast.net> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> <mailto:smunzani at comcast.net>
>> Date: Fri, July 13, 2007
>> 12:45 pm
>> To:
>> rancid-discuss at shrubbery.net
>>
>> Hi,
>>
>> Did anybody happened to
>> hack one of
>> Cisco scripts to support
>>
>>
>> BigIP F5
>>
>>
>> boxes? It should be
>> pretty simple. All I
>> want to do is login and
>>
>>
>> type "b
>>
>>
>> list" which is
>> equivalent of "show run"
>> on cisco.
>>
>> However for some reason
>> things not
>> working. All I did was copied
>>
>>
>> clogin
>>
>>
>> to f5login, copied
>> rancid to f5rancid
>> and added following to
>>
>>
>> rancid-fe.
>>
>>
>> elsif ($vendor =~
>> /^f5$/i)
>> { exec('f5rancid',
>>
>>
>> $router); }
>>
>>
>> Then modified f5 rancid
>> file and kept
>> only one command in list of
>> commands "b list".
>>
>> For some reason its not
>> working. I can
>> post my configs here if
>>
>>
>> somebody
>>
>>
>> like to see them.
>>
>> Thanks,
>> Sam
>>
>> _______________________________________________
>> Rancid-discuss mailing
>> list
>>
>> Rancid-discuss at shrubbery.net
>>
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>>
>>
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
>
>> _______________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>>
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070717/b7342fe8/attachment.html


rancid at gheek

Jul 17, 2007, 1:34 PM

Post #25 of 38 (2516 views)
Permalink
Re: F5 load balancer support [In reply to]

Mike,

I would also like to bring up a few other things.

1.) If you are using the default clogin file you are going to have term
length and term width commands executed. They will not do anything but
they will show up as commands that would be attempted to run. So it
would be best to have a separate f5login script/modified clogin so it
has a clean login.

2.) You don't seem to check if you have reached end of file and have run
clean. You seem to just blindly set these values, which removes the
whole purpose they are there. It would be better to read the whole
output similar to how the cssrancid script is done or the f5rancid
script done.

Other than thsoe I think your script is nice. I am sure it can be
expanded on like a lot of the stuff but lets get some product that has
all the checking, and prompt detection between each command and then
lets look at adding it to the distribution. Obviously John H. and
company has the final say on that one.

-lance

> -------- Original Message --------
> Subject: RE: [rancid] Re: F5 load balancer support
> From: "Mike Ashcraft" <mashcraft at omniture.com>
> Date: Tue, July 17, 2007 12:35 pm
> To: "Lance" <rancid at gheek.net>
> Cc: <rancid-discuss at shrubbery.net>, <sam at munzani.com>
>
> Lance,
>
> Thanks for the feedback.
>
> "b list" and "cat bigip.conf" are equivalent with the exception that b
> list may reflect changes made in the cli that are not saved and will be
> lost on reboot. Changes made using the web configuration tool are
> automatically saved. "b list" may also limit what the rancid user can
> see to a partial view if the user is not given sufficient rights. This
> file has the software configuration.
>
> The other file, bigip_base.conf contains interface configuration,
> management IP addresses, routing, VLANs etc.
>
> One could debate whether the f5rancid script should get the saved
> configuration files or the running config or both. For cisco devices,
> rancid obtains both. I'll look at adding both.
>
> Mike
>
> -----Original Message-----
> From: Lance [mailto:rancid at gheek.net]
> Sent: Tuesday, July 17, 2007 12:00 PM
> To: Mike Ashcraft
> Cc: rancid-discuss at shrubbery.net; sam at munzani.com
> Subject: RE: [rancid] Re: F5 load balancer support
>
> Mike,
>
> Looks really nice. I am guessing the bigip.conf or the other file is
> what is displayed with "b list".
>
> -Lance
>
> > -------- Original Message --------
> > Subject: RE: [rancid] Re: F5 load balancer support
> > From: "Mike Ashcraft" <mashcraft at omniture.com>
> > Date: Tue, July 17, 2007 10:49 am
> > To: <sam at munzani.com>, "Lance" <rancid at gheek.net>
> > Cc: <rancid-discuss at shrubbery.net>
> >
> > I have been on vacation for the last couple of weeks or I would have
> > posted this sooner and possibly saved some of you a bit of effort.
> >
> > It sounds like Lance and Sam have put together a working f5rancid with
> > basic functionality which Sam posted last night. I have attached my
> > f5rancid which I have been running for a few months. Installation
> > instructions are included as comments in the file. This version uses
> > clogin so that a separate f5login script is not required.
> >
> > This version formats and processes the output to make it more usable.
> > As far as what is captured, I based this on the F5 equivalent of a
> tech
> > out. It grabs a copy of all the configuration files, hardware
> > configuration and software version as well as the timestamps and file
> > sizes for SSL certs hosted on the device. This facilitates rebuilding
> > from scratch as quickly as possible if this is ever needed.
> >
> > I was able to resolve the bug I mentioned yesterday by increasing the
> > clogin timeout. On a small number of devices it failed to process the
> > last few commands when running from cron but always worked properly
> from
> > the command line on all devices [making it difficult to track down].
> I
> > mention this because it may be an appropriate fix for other
> intermittent
> > problems sometimes discussed on this list.
> >
> > Any feedback is appreciated. I hope to get f5 support added to future
> > releases of rancid.
> >
> > Thanks,
> >
> > Mike
> >
> >
> >
> > ________________________________
> >
> > From: Sam Munzani [mailto:sam at munzani.com]
> > Sent: Monday, July 16, 2007 7:49 PM
> > To: Lance
> > Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> > Subject: Re: [rancid] Re: F5 load balancer support
> >
> >
> > Lance,
> >
> > Thanks a lot for all your help. Pretty much you did all the work while
> I
> > watched what you are doing :-)..
> >
> > Attached are cleaned up files. In f5rancid file, I have left some
> basic
> > functions(non platform specific) just in case we expand this script to
> > do a lot more than just "b list" output. In rancid-fe, we defined a
> new
> > device type "f5", f5login was copied from clogin and remarked some
> "term
> > length" statements we don't need on F5.
> >
> > All 3 files are attached and working great. Please be aware, we are
> not
> > parsing anything at all. All its doing is basic function of running "b
> > list" command and capturing its output. As I expand more on this, I
> will
> > be sure to share with the audience here.
> >
> > Again, thanks a lot for all your help today.
> >
> > Regards,
> > Sam
> >
> >
> > I have helped Sam get a working f5rancid which requires a
> > f5login (only
> > because it doesn't recognize the prompt with a space and exit,
> > unless
> > you enter a return before the exit). He is cleaning up all the
> > unused
> > functions and will post it.
> >
> > Once John H. sends out his script I will look at it and see how
> > it
> > differs from the one I did with Sam. I will even help Sam get it
> > working
> > for his setup. We will let you know when it is all working.
> >
> > -lance
> >
> >
> >
> > -------- Original Message --------
> > Subject: [rancid] Re: F5 load balancer support
> > From: "Mike Ashcraft" <mashcraft at omniture.com>
> > <mailto:mashcraft at omniture.com>
> > Date: Mon, July 16, 2007 11:48 am
> > To: <sam at munzani.com> <mailto:sam at munzani.com>
> > Cc: rancid-discuss at shrubbery.net
> >
> > Sam,
> >
> > I have a working f5rancid that I have been using for a
> > number of months
> > now. I have one minor bug related to tracking
> > installed SSL certs
> > which you probably don't care about. Other than that,
> > it works great.
> >
> > I did encounter and solve all the problems you have been
> > discussing on
> > the list.
> >
> > Let me know if you are interested in trying what I have.
> > I have tested
> > it with Big-IP 9.1.2.
> >
> > Mike
> >
> > ________________________________
> >
> > From: rancid-discuss-bounces at shrubbery.net
> > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
> > Of Sam Munzani
> > Sent: Monday, July 16, 2007 10:58 AM
> > To: smunzani at comcast.net
> > Cc: rancid-discuss at shrubbery.net
> > Subject: [rancid] Re: F5 load balancer support
> >
> >
> > BTW, this is what I see in the log when I do rancid-run
> > now. That means
> > the f5rancid file(hacked copy of rancid) is still
> > missing something.
> >
> > more nfl.20070716.114842
> > starting: Mon Jul 16 11:48:42 CDT 2007
> >
> >
> >
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> >
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
> > 2007
> >
> >
> >
> > Trying to get all of the configs.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 1.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 2.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 3.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> > =====================================
> > Getting missed routers: round 4.
> > test-f5-01: End of run not found
> > -bash: write: command not found
> >
> > cvs diff: Diffing .
> > cvs diff: Diffing configs
> > cvs diff: cannot find configs/test-f5-01
> > cvs commit: Examining .
> > cvs commit: Examining configs
> > cvs commit: Up-to-date check failed for
> > `configs/test-f5-01'
> > cvs [commit aborted]: correct above errors first!
> > ls: test-f5-01: No such file or directory
> >
> > ending: Mon Jul 16 11:49:41 CDT 2007
> >
> > Thanks,
> > Sam
> >
> >
> > David,
> >
> > Thanks a lot for the tip. This worked well. Now
> > f5login goes
> > much more
> > cleaner and the "root" doesn't set sent again. I
> > still have
> > other issues
> > where rancid-run is backing up config properly
> > but I am still
> > troubleshooting it.
> >
> > Now here is a question. What does "bldshgalsjd"
> > mean and how
> > does it do
> > this miracle?
> >
> > Thanks,
> > Sam
> >
> >
> > Thanks for this tip, turns out that this
> > is also the
> > reason the
> > username gets entered at a prompt on the
> > cisco IPS
> > devices. Since it's
> > using SSH and therefore doesn't need a
> > username prompt,
> > solution was
> > to simply add in .cloginrc:
> >
> > add userprompt ids* bldshgalsjd (<-
> > something that
> > won't get sent
> > during login)
> >
> > Regards,
> >
> > David
> >
> > On 14/07/07, Lance <rancid at gheek.net>
> > <mailto:rancid at gheek.net>
> > <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> > wrote:
> >
> >
> > Sam,
> >
> > Have you tried using telnet to
> > login, if the f5
> > has it enabled.
> > You may also want to set auto
> > enable in your
> > .cloginrc for this device
> > as it looks to clogin as you are
> > already in a
> > cisco equivalent equal to
> > enable since your prompt has a #
> > sign in it.
> >
> > Looking at your next email along
> > with this one
> > it looks like you are
> > already in a cisco equivalent of
> > enable after
> > you login. f5login seems
> > to be sending your username of
> > root as a command
> > after you get connected
> > because it sees this line "Last
> > login: Fri Jul
> > 13 14:38:03 2007 from
> > 172.24.100.12" and it matches on
> > the word
> > "Login". See below.
> >
> > "(Username|Login|login|user
> > name):"? yes
> >
> > expect: set expect_out(0,string)
> > "login:"
> >
> > expect: set expect_out(1,string)
> > "login"
> >
> > expect: set expect_out(spawn_id)
> > "exp4"
> >
> > expect: set expect_out(buffer) "
> > \r\nLast
> > login:"
> >
> > send: sending "root\r" to { exp4
> > }
> >
> > expect: continuing expect
> >
> > You are just using a Cisco
> > login/parsing script
> > so it expects prompts
> > from a Cisco device and in this
> > case you have a
> > *nix SSH banner that
> > gets interrupted. I know you can
> > use RANCID to
> > backup *nix systems. So
> > it knows how to understand
> > connecting to a *nix
> > system. You might want
> > to try this email thread which
> > asks about
> > backing up Linux conifgs.
> >
> >
> >
> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > ml"
> >
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > ml>
> >
> >
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > ml>
> >
> <http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
> > ml>
> >
> > Or you could modify the existing
> > f5login like
> > so.
> >
> > I think you have to use the
> > carrot before the ()
> > to work. I haven't
> > checked this as I am at home and
> > not on a UNIX
> > system right now. Sorry
> > to lazy to check it out right
> > now. You might
> > want to uncomment the line
> > below 3. and comment out the
> > line below 2. and
> > see if that works. This
> > is the only point in the code
> > that I see it look
> > for login in any line.
> > If that doesn't work send me
> > back the debug and
> > I will see what I can
> > do. I am sure some people that
> > use expect more
> > often then I can probably
> > quickly tell you what to use as
> > syntax there.
> >
> > # Figure out prompts
> > set u_prompt [.find userprompt
> > $router
> > if { "$u_prompt" == "" } {
> > #1. ORIGINAL
> > #set u_prompt
> > "^(Username|Login|login|user name):"
> > #2. Modified to read for
> > a line beginning
> > with
> > Username,Login,login, or
> > user name.
> > set u_prompt
> > "^(Username|Login|login|user
> > name):"
> > #3. Modified to read for
> > a line beginning
> > with Login or login.
> > but I
> > may be wrong
> > #set u_prompt
> > "^(Username|^Login|^login|user name):"
> > } else {
> > set u_prompt [join
> > [lindex $u_prompt 0]
> > ""]
> >
> >
> > Let me know if this works for
> > you.
> >
> > -Lance
> >
> >
> >
> > -------- Original
> > Message --------
> > Subject: Re: [rancid]
> > F5 load balancer
> > support
> > From: Sam Munzani
> > <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> > <mailto:smunzani at comcast.net>
> > <mailto:smunzani at comcast.net>
> > Date: Fri, July 13, 2007
> > 2:30 pm
> > To: Lance
> > <rancid at gheek.net> <mailto:rancid at gheek.net>
> > <mailto:rancid at gheek.net> <mailto:rancid at gheek.net>
> > Cc:
> > rancid-discuss at shrubbery.net
> >
> > Lance,
> >
> > F5 login works fine with
> > a minor error.
> >
> > $ f5login test-f5-01
> > test-f5-01
> > spawn ssh -c 3des -x -l
> > root test-f5-01
> > Password:
> > Last login: Fri Jul 13
> > 14:26:28 2007
> > from 172.24.100.12
> > root
> > [root at test-f5-01:Active]
> > config # root
> > -bash: root: command not
> > found
> > [root at test-f5-01:Active]
> > config #
> > [root at test-f5-01:Active]
> > config #
> > [root at test-f5-01:Active]
> > config #
> >
> > I don't know how to
> > debug otherwise I
> > would turn on debug too. If you
> > can provide some hints
> > on debug, I would
> > appreciate it.
> >
> > Thanks,
> > Sam
> >
> >
> > What error(s) do you get
> > when you try to
> > run your f5rancid?
> >
> > Where does it fail if
> > you debug your
> > f5login?
> >
> >
> > -lance
> >
> >
> >
> >
> > -------- Original
> > Message --------
> > Subject: [rancid] F5
> > load balancer
> > support
> > From: Sam Munzani
> > <smunzani at comcast.net> <mailto:smunzani at comcast.net>
> > <mailto:smunzani at comcast.net>
> > <mailto:smunzani at comcast.net>
> > Date: Fri, July 13, 2007
> > 12:45 pm
> > To:
> > rancid-discuss at shrubbery.net
> >
> > Hi,
> >
> > Did anybody happened to
> > hack one of
> > Cisco scripts to support
> >
> >
> > BigIP F5
> >
> >
> > boxes? It should be
> > pretty simple. All I
> > want to do is login and
> >
> >
> > type "b
> >
> >
> > list" which is
> > equivalent of "show run"
> > on cisco.
> >
> > However for some reason
> > things not
> > working. All I did was copied
> >
> >
> > clogin
> >
> >
> > to f5login, copied
> > rancid to f5rancid
> > and added following to
> >
> >
> > rancid-fe.
> >
> >
> > elsif ($vendor =~
> > /^f5$/i)
> > { exec('f5rancid',
> >
> >
> > $router); }
> >
> >
> > Then modified f5 rancid
> > file and kept
> > only one command in list of
> > commands "b list".
> >
> > For some reason its not
> > working. I can
> > post my configs here if
> >
> >
> > somebody
> >
> >
> > like to see them.
> >
> > Thanks,
> > Sam
> >
> > _______________________________________________
> > Rancid-discuss mailing
> > list
> >
> > Rancid-discuss at shrubbery.net
> >
> >
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> >
> >
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> >
> >
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
> > _______________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> >
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

First page Previous page 1 2 Next page Last page  View All RANCID users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.