Discussion:
[rancid] Need some Help - F5's in RANCID
Eric Jagaeus
2011-06-22 13:02:32 UTC
Permalink
> Chris,

>

> You're doing anything wrong. You'll probably find that you can 'rancid-run -r <dev name>' and have it backup properly. I would recommend getting a good backup of the keys once and then comment out the lines in the command table.



why? what is special about the keys?



> -ryan

>

> -----Original Message-----

> From: rancid-discuss-bounces at shrubbery.net<http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss> [mailto:rancid-discuss-bounces at shrubbery.net<http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss>] On Behalf Of Chris Moody

> Sent: Monday, January 31, 2011 3:29 PM

> To: rancid-discuss at shrubbery.net<http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss>

> Subject: [rancid] Need some Help - F5's in RANCID

>

> I need a second set of eyes to help me figure out what I'm missing or doing wrong.

>

> I have a number of F5 LTM Load-Balancers that I'm trying to back up with

> RANCID. The trouble I'm running into is that they were backing up

> fine for a short while, but have recently stopped backing up and continue showing the following in the logs:

> =====================================

> Getting missed routers: round 4.

> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key

> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key

>

> I've been debugging and have verified the following:

> - I have valid and functioning credentials in the .cloginrc file

> - I have the devices listed in a 'load-balancer' group's router.db file with the keyword 'f5' and the flag 'up'

> - I have tested the login via clogin - works fine

> (I have run clogin with the '-c' command list that f5rancid issues...and everything works fine)

> - I have run f5rancid in debug mode - works fine

> (when I run this I see that all the commands run and see a "HIT COMMAND" next to every command issued)

>

> I am running version '2.3.2' (I have plans to upgrade to '2.3.6' soon)

>

> Anyone run into this kind of behavior with F5's?

>

> Any insights, hints, comments or criticisms welcome.

> -Chris

Hi Chris,

Got exactly the same issue when we deployed some new F5's running 10.x

What version of Big-IP are you running? Got these errors with BIG-IP 10.2.1 Build 297.0 Final but not in 9.x.

Removing the commands from f5rancid solved it, but I'd like to know why it fails.

--- /usr/libexec/rancid/f5rancid 2011-06-22 12:11:48.000000000 +0000
+++ /usr/libexec/rancid/f5rancid.org 2011-06-22 11:58:27.000000000 +0000
@@ -524,8 +524,8 @@
{'bigpipe base list' => 'ShowBaseRun'},
{'bigpipe db show' => 'ShowDb'},
{'bigpipe route static show' => 'ShowRouteStatic'},
- #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
- #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
+ {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
+ {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
{'bigpipe list' => 'WriteTerm'}
);



Eric Jagaeus
Rebtel Networks AB
Augustendalsvägen 19, 7th floor
Box 1182
131 27 Nacka Strand
Sweden
Mobile: +46 70 7885989
***@rebtel.com<mailto:***@rebtel.com>
john heasley
2011-06-22 16:51:21 UTC
Permalink
Wed, Jun 22, 2011 at 03:02:32PM +0200, Eric Jagaeus:
> > Chris,
>
> >
>
> > You're doing anything wrong. You'll probably find that you can 'rancid-run -r <dev name>' and have it backup properly. I would recommend getting a good backup of the keys once and then comment out the lines in the command table.
>
>
>
> why? what is special about the keys?

shouldnt be anything; but perhaps the parsing routine for ssl.crt is eating
too much output.

i'd first verify that the login script is collecting everything.
export NOPIPE=YES;f5login -d ... and verify that the *.raw file has all
the output.

> > RANCID. The trouble I'm running into is that they were backing up
>
> > fine for a short while, but have recently stopped backing up and continue showing the following in the logs:
>
> > =====================================
>
> > Getting missed routers: round 4.
>
> > xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>
> > zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>
> >
>
> > I've been debugging and have verified the following:
>
> > - I have valid and functioning credentials in the .cloginrc file
>
> > - I have the devices listed in a 'load-balancer' group's router.db file with the keyword 'f5' and the flag 'up'
>
> > - I have tested the login via clogin - works fine
>
> > (I have run clogin with the '-c' command list that f5rancid issues...and everything works fine)
>
> > - I have run f5rancid in debug mode - works fine
>
> > (when I run this I see that all the commands run and see a "HIT COMMAND" next to every command issued)
Lance Vermilion
2011-06-22 21:35:55 UTC
Permalink
It would also be good to check on 10.x that the ssl stuff is still in the
same spot. If it isn't then let everyone know so people can look to make a
modification so it will work.

On Wed, Jun 22, 2011 at 9:51 AM, john heasley <***@shrubbery.net> wrote:

> Wed, Jun 22, 2011 at 03:02:32PM +0200, Eric Jagaeus:
> > > Chris,
> >
> > >
> >
> > > You're doing anything wrong. You'll probably find that you can
> 'rancid-run -r <dev name>' and have it backup properly. I would recommend
> getting a good backup of the keys once and then comment out the lines in the
> command table.
> >
> >
> >
> > why? what is special about the keys?
>
> shouldnt be anything; but perhaps the parsing routine for ssl.crt is eating
> too much output.
>
> i'd first verify that the login script is collecting everything.
> export NOPIPE=YES;f5login -d ... and verify that the *.raw file has all
> the output.
>
> > > RANCID. The trouble I'm running into is that they were backing up
> >
> > > fine for a short while, but have recently stopped backing up and
> continue showing the following in the logs:
> >
> > > =====================================
> >
> > > Getting missed routers: round 4.
> >
> > > xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never
> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
> >
> > > zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never
> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
> >
> > >
> >
> > > I've been debugging and have verified the following:
> >
> > > - I have valid and functioning credentials in the .cloginrc file
> >
> > > - I have the devices listed in a 'load-balancer' group's router.db file
> with the keyword 'f5' and the flag 'up'
> >
> > > - I have tested the login via clogin - works fine
> >
> > > (I have run clogin with the '-c' command list that f5rancid
> issues...and everything works fine)
> >
> > > - I have run f5rancid in debug mode - works fine
> >
> > > (when I run this I see that all the commands run and see a "HIT
> COMMAND" next to every command issued)
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-***@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
Eric Jagaeus
2011-06-22 23:22:49 UTC
Permalink
The ssl config hasn't moved it's still in /config/ssl/ssl.<crt/csr/crt/key>

BIG-IP 10.2.1

Br,
Eric

From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Lance Vermilion
Sent: den 22 juni 2011 23:36
To: rancid-***@shrubbery.net
Subject: Re: [rancid] Need some Help - F5's in RANCID

It would also be good to check on 10.x that the ssl stuff is still in the same spot. If it isn't then let everyone know so people can look to make a modification so it will work.
On Wed, Jun 22, 2011 at 9:51 AM, john heasley <***@shrubbery.net<mailto:***@shrubbery.net>> wrote:
Wed, Jun 22, 2011 at 03:02:32PM +0200, Eric Jagaeus:
> > Chris,
>
> >
>
> > You're doing anything wrong. You'll probably find that you can 'rancid-run -r <dev name>' and have it backup properly. I would recommend getting a good backup of the keys once and then comment out the lines in the command table.
>
>
>
> why? what is special about the keys?
shouldnt be anything; but perhaps the parsing routine for ssl.crt is eating
too much output.

i'd first verify that the login script is collecting everything.
export NOPIPE=YES;f5login -d ... and verify that the *.raw file has all
the output.

> > RANCID. The trouble I'm running into is that they were backing up
>
> > fine for a short while, but have recently stopped backing up and continue showing the following in the logs:
>
> > =====================================
>
> > Getting missed routers: round 4.
>
> > xxxx.yyyy.com<http://xxxx.yyyy.com>: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>
> > zzzz.yyyy.com<http://zzzz.yyyy.com>: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>
> >
>
> > I've been debugging and have verified the following:
>
> > - I have valid and functioning credentials in the .cloginrc file
>
> > - I have the devices listed in a 'load-balancer' group's router.db file with the keyword 'f5' and the flag 'up'
>
> > - I have tested the login via clogin - works fine
>
> > (I have run clogin with the '-c' command list that f5rancid issues...and everything works fine)
>
> > - I have run f5rancid in debug mode - works fine
>
> > (when I run this I see that all the commands run and see a "HIT COMMAND" next to every command issued)
Lee
2011-06-24 00:57:16 UTC
Permalink
On 6/22/11, john heasley <***@shrubbery.net> wrote:
> Wed, Jun 22, 2011 at 03:02:32PM +0200, Eric Jagaeus:
>> > Chris,
>>
>> > You're doing anything wrong. You'll probably find that you can
>> > 'rancid-run -r <dev name>' and have it backup properly. I would
>> > recommend getting a good backup of the keys once and then comment out
>> > the lines in the command table.
>>
>>
>> why? what is special about the keys?
>
> shouldnt be anything; but perhaps the parsing routine for ssl.crt is eating
> too much output.
>
> i'd first verify that the login script is collecting everything.
> export NOPIPE=YES;f5login -d ... and verify that the *.raw file has all
> the output.

Any suggestions for debugging the problem if
export NOPIPE=YES
f5rancid -d devName
always works? And what's even more fun, the next regularly scheduled
crontab run to collect the config seems to work also.

What I've been seeing is that the F5 collection fails for some number of days on
xxx: missed cmd(s): ls --full-time --color=never
/config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
and then magically starts working again. If the problem was with the
parsing routine for ssl.crt wouldn't it always work or fail? ...
hrmm.. unless it's a timing issue?

Lee
Shain Singh
2011-06-24 05:24:15 UTC
Permalink
On 24 June 2011 10:57, Lee <***@gmail.com> wrote:

> What I've been seeing is that the F5 collection fails for some number of
> days on
> xxx: missed cmd(s): ls --full-time --color=never
> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
> and then magically starts working again. If the problem was with the
> parsing routine for ssl.crt wouldn't it always work or fail? ...
> hrmm.. unless it's a timing issue?
>
>

We had the same issue so we took that check out. Not really a huge issue in
the scheme of things in our context as that directory doesn't change much if
ever for some of our F5s.


--
Shaineel Singh
e: ***@gmail.com
p: +61 422 921 951
w: http://buffet.shainsingh.com

--
"Too many have dispensed with generosity to practice charity" - Albert Camus
john heasley
2011-06-24 15:58:11 UTC
Permalink
Fri, Jun 24, 2011 at 03:24:15PM +1000, Shain Singh:
> On 24 June 2011 10:57, Lee <***@gmail.com> wrote:
>
> > What I've been seeing is that the F5 collection fails for some number of
> > days on
> > xxx: missed cmd(s): ls --full-time --color=never
> > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
> > and then magically starts working again. If the problem was with the
> > parsing routine for ssl.crt wouldn't it always work or fail? ...
> > hrmm.. unless it's a timing issue?

it depends; sometimes its the device that is inconsistent about returning
it's output. such as omitting the CR after the output so that the prompt
is at the beginning of the line.

perhaps this part of those parsing routines is causing the problem:

# v9 software license does not have CR at EOF
s/^#-+($prompt.*)/$1/;
Lee
2011-06-27 23:57:09 UTC
Permalink
On 6/24/11, john heasley <***@shrubbery.net> wrote:
> Fri, Jun 24, 2011 at 03:24:15PM +1000, Shain Singh:
>> On 24 June 2011 10:57, Lee <***@gmail.com> wrote:
>>
>> > What I've been seeing is that the F5 collection fails for some number of
>> > days on
>> > xxx: missed cmd(s): ls --full-time --color=never
>> > /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>> > and then magically starts working again. If the problem was with the
>> > parsing routine for ssl.crt wouldn't it always work or fail? ...
>> > hrmm.. unless it's a timing issue?
>
> it depends; sometimes its the device that is inconsistent about returning
> it's output. such as omitting the CR after the output so that the prompt
> is at the beginning of the line.

After seeing that the regularly scheduled rancid run failed to get
several F5 configs this morning I ran it manually:

export NOPIPE=YES
rancid-run F5

rancid collected all the configs & no errors in the log. Crontab
kicked off the rancid run later in the day & several F5s showed up in
the log with the
missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
--full-time --color=never /config/ssl/ssl.key

again, run rancid manually with NOPIPE=YES and everything works.

Any thoughts on how to debug the problem would be appreciated since
the standard debugging suggestion is to set NOPIPE and use the -d
option. I have yet to see rancid fail to get an F5 config if nopipe
is set

Lee
Jethro R Binks
2011-06-28 07:36:28 UTC
Permalink
On Mon, 27 Jun 2011, Lee wrote:

> After seeing that the regularly scheduled rancid run failed to get
> several F5 configs this morning I ran it manually:
>
> export NOPIPE=YES
> rancid-run F5
>
> rancid collected all the configs & no errors in the log. Crontab
> kicked off the rancid run later in the day & several F5s showed up in
> the log with the
> missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
> --full-time --color=never /config/ssl/ssl.key
>
> again, run rancid manually with NOPIPE=YES and everything works.
>
> Any thoughts on how to debug the problem would be appreciated since
> the standard debugging suggestion is to set NOPIPE and use the -d
> option. I have yet to see rancid fail to get an F5 config if nopipe
> is set

In that case, in rancid.conf you can set NOPIPE permanently:

# if NOPIPE is set, temp files will be used instead of a cmd pipe during
# collection from the router(s).
NOPIPE=YES; export NOPIPE

Does that help?

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
Ben O'Hara
2011-06-29 13:47:21 UTC
Permalink
On 28 Jun 2011, at 09:36, Jethro R Binks wrote:

> On Mon, 27 Jun 2011, Lee wrote:
>
>> After seeing that the regularly scheduled rancid run failed to get
>> several F5 configs this morning I ran it manually:
>>
>> export NOPIPE=YES
>> rancid-run F5
>>
>> rancid collected all the configs & no errors in the log. Crontab
>> kicked off the rancid run later in the day & several F5s showed up in
>> the log with the
>> missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
>> --full-time --color=never /config/ssl/ssl.key
>>
>> again, run rancid manually with NOPIPE=YES and everything works.
>>
>> Any thoughts on how to debug the problem would be appreciated since
>> the standard debugging suggestion is to set NOPIPE and use the -d
>> option. I have yet to see rancid fail to get an F5 config if nopipe
>> is set
>
> In that case, in rancid.conf you can set NOPIPE permanently:
>
> # if NOPIPE is set, temp files will be used instead of a cmd pipe during
> # collection from the router(s).
> NOPIPE=YES; export NOPIPE
>
> Does that help?
>

We've been seeing the same problem with 2 f5s running 10.2.1

others running 10.2.0 are fine.

Again, it also works fine when run manually, just not when running normally.

Tried setting NOPIPE=yes but the problem still persists.

Ben

Ben O'Hara RIPE Network Coordination Center
Senior Systems Engineer Singel 258, Amsterdam, NL
http://www.ripe.net +31 20 535 4444
PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC
Lee
2011-07-01 01:02:46 UTC
Permalink
> Again, it also works fine when run manually, just not when running normally.

"normally" being run via a crontab entry - correct?

Lee



On 6/29/11, Ben O'Hara <***@ripe.net> wrote:
>
> On 28 Jun 2011, at 09:36, Jethro R Binks wrote:
>
>> On Mon, 27 Jun 2011, Lee wrote:
>>
>>> After seeing that the regularly scheduled rancid run failed to get
>>> several F5 configs this morning I ran it manually:
>>>
>>> export NOPIPE=YES
>>> rancid-run F5
>>>
>>> rancid collected all the configs & no errors in the log. Crontab
>>> kicked off the rancid run later in the day & several F5s showed up in
>>> the log with the
>>> missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
>>> --full-time --color=never /config/ssl/ssl.key
>>>
>>> again, run rancid manually with NOPIPE=YES and everything works.
>>>
>>> Any thoughts on how to debug the problem would be appreciated since
>>> the standard debugging suggestion is to set NOPIPE and use the -d
>>> option. I have yet to see rancid fail to get an F5 config if nopipe
>>> is set
>>
>> In that case, in rancid.conf you can set NOPIPE permanently:
>>
>> # if NOPIPE is set, temp files will be used instead of a cmd pipe during
>> # collection from the router(s).
>> NOPIPE=YES; export NOPIPE
>>
>> Does that help?
>>
>
> We've been seeing the same problem with 2 f5s running 10.2.1
>
> others running 10.2.0 are fine.
>
> Again, it also works fine when run manually, just not when running normally.
>
> Tried setting NOPIPE=yes but the problem still persists.
>
> Ben
>
> Ben O'Hara RIPE Network Coordination Center
> Senior Systems Engineer Singel 258, Amsterdam, NL
> http://www.ripe.net +31 20 535 4444
> PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC
>
>
Ben O'Hara
2011-07-01 09:25:09 UTC
Permalink
On 1 Jul 2011, at 03:02, Lee wrote:

>> Again, it also works fine when run manually, just not when running normally.
>
> "normally" being run via a crontab entry - correct?
>

Yes, it fails when run from a crontab but not manualy.

Ben

> Lee
>
>
>
> On 6/29/11, Ben O'Hara <***@ripe.net> wrote:
>>
>> On 28 Jun 2011, at 09:36, Jethro R Binks wrote:
>>
>>> On Mon, 27 Jun 2011, Lee wrote:
>>>
>>>> After seeing that the regularly scheduled rancid run failed to get
>>>> several F5 configs this morning I ran it manually:
>>>>
>>>> export NOPIPE=YES
>>>> rancid-run F5
>>>>
>>>> rancid collected all the configs & no errors in the log. Crontab
>>>> kicked off the rancid run later in the day & several F5s showed up in
>>>> the log with the
>>>> missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
>>>> --full-time --color=never /config/ssl/ssl.key
>>>>
>>>> again, run rancid manually with NOPIPE=YES and everything works.
>>>>
>>>> Any thoughts on how to debug the problem would be appreciated since
>>>> the standard debugging suggestion is to set NOPIPE and use the -d
>>>> option. I have yet to see rancid fail to get an F5 config if nopipe
>>>> is set
>>>
>>> In that case, in rancid.conf you can set NOPIPE permanently:
>>>
>>> # if NOPIPE is set, temp files will be used instead of a cmd pipe during
>>> # collection from the router(s).
>>> NOPIPE=YES; export NOPIPE
>>>
>>> Does that help?
>>>
>>
>> We've been seeing the same problem with 2 f5s running 10.2.1
>>
>> others running 10.2.0 are fine.
>>
>> Again, it also works fine when run manually, just not when running normally.
>>
>> Tried setting NOPIPE=yes but the problem still persists.
>>
>> Ben
>>
>> Ben O'Hara RIPE Network Coordination Center
>> Senior Systems Engineer Singel 258, Amsterdam, NL
>> http://www.ripe.net +31 20 535 4444
>> PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC
>>
>>
>

--
Ben O'Hara RIPE Network Coordination Center
Senior Systems Engineer Singel 258, Amsterdam, NL
http://www.ripe.net +31 20 535 4444
PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC
Lee
2011-07-01 01:00:45 UTC
Permalink
On 6/28/11, Jethro R Binks <***@strath.ac.uk> wrote:
> On Mon, 27 Jun 2011, Lee wrote:
>
>> After seeing that the regularly scheduled rancid run failed to get
>> several F5 configs this morning I ran it manually:
>>
>> export NOPIPE=YES
>> rancid-run F5
>>
>> rancid collected all the configs & no errors in the log. Crontab
>> kicked off the rancid run later in the day & several F5s showed up in
>> the log with the
>> missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
>> --full-time --color=never /config/ssl/ssl.key
>>
>> again, run rancid manually with NOPIPE=YES and everything works.
>>
>> Any thoughts on how to debug the problem would be appreciated since
>> the standard debugging suggestion is to set NOPIPE and use the -d
>> option. I have yet to see rancid fail to get an F5 config if nopipe
>> is set
>
> In that case, in rancid.conf you can set NOPIPE permanently:
>
> # if NOPIPE is set, temp files will be used instead of a cmd pipe during
> # collection from the router(s).
> NOPIPE=YES; export NOPIPE

Well!! It doesn't seem to depend on NOPIPE. rancid run manually to
collect F5 configs works -- with NOPIPE set or clear. Rancid run from
crontab sometimes works, sometimes not.

Unless someone beats me to it (hint, hint :) I'll try to figure out
next week if it's an env. variable setting missing from the crontab
run that's causing the problem

Regards,
Lee
Jethro R Binks
2011-07-01 09:41:46 UTC
Permalink
On Thu, 30 Jun 2011, Lee wrote:

> Well!! It doesn't seem to depend on NOPIPE. rancid run manually to
> collect F5 configs works -- with NOPIPE set or clear. Rancid run from
> crontab sometimes works, sometimes not.
>
> Unless someone beats me to it (hint, hint :) I'll try to figure out next
> week if it's an env. variable setting missing from the crontab run
> that's causing the problem

If something works from crontab but not from the command line, then the
classic explanation is that there is something in the environment that's
different.

You can simply run the "env" command from cron and examine the mail output
to see what environment cron jobs run within. Then you can replicate that
at the command line and see if that fixes the problem, and then further
modify the environment to see what breaks.

However, if it "sometimes" works from cron and sometimes not, then it is
unlikely to be the environment I'd say. Maybe something else: any NFS
automounting going on? Clashing with some other job (do the failures
happen in particular windows in time)? Check the cron logs to see what
else may be running at the time. Is it one F5 host or all of them that
fail? Maybe it is host-related.

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
Ryan West
2011-07-01 11:41:19 UTC
Permalink
Ben and lee are not the only ones. I've been commenting that line out for a while. I have a mix of 9.4 - 10.2 being backed up to a debian 5 box.

Sent from handheld

On Jul 1, 2011, at 5:42 AM, Jethro R Binks <***@strath.ac.uk> wrote:

> On Thu, 30 Jun 2011, Lee wrote:
>
>> Well!! It doesn't seem to depend on NOPIPE. rancid run manually to
>> collect F5 configs works -- with NOPIPE set or clear. Rancid run from
>> crontab sometimes works, sometimes not.
>>
>> Unless someone beats me to it (hint, hint :) I'll try to figure out next
>> week if it's an env. variable setting missing from the crontab run
>> that's causing the problem
>
> If something works from crontab but not from the command line, then the
> classic explanation is that there is something in the environment that's
> different.
>
> You can simply run the "env" command from cron and examine the mail output
> to see what environment cron jobs run within. Then you can replicate that
> at the command line and see if that fixes the problem, and then further
> modify the environment to see what breaks.
>
> However, if it "sometimes" works from cron and sometimes not, then it is
> unlikely to be the environment I'd say. Maybe something else: any NFS
> automounting going on? Clashing with some other job (do the failures
> happen in particular windows in time)? Check the cron logs to see what
> else may be running at the time. Is it one F5 host or all of them that
> fail? Maybe it is host-related.
>
> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks, Network Manager,
> Information Services Directorate, University Of Strathclyde, Glasgow, UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-***@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Lee
2011-07-01 12:52:33 UTC
Permalink
On 7/1/11, Jethro R Binks <***@strath.ac.uk> wrote:
> On Thu, 30 Jun 2011, Lee wrote:
>
>> Well!! It doesn't seem to depend on NOPIPE. rancid run manually to
>> collect F5 configs works -- with NOPIPE set or clear. Rancid run from
>> crontab sometimes works, sometimes not.
>>
>> Unless someone beats me to it (hint, hint :) I'll try to figure out next
>> week if it's an env. variable setting missing from the crontab run
>> that's causing the problem
>
> If something works from crontab but not from the command line, then the
> classic explanation is that there is something in the environment that's
> different.
>
> You can simply run the "env" command from cron and examine the mail output
> to see what environment cron jobs run within.

Right. I had to do that when porting my stuff from Solaris to Redhat.

> Then you can replicate that
> at the command line

That I couldn't do. Maybe it was just me being ignorant, but there
were some env. vars I couldn't get rid of. Any hints/tips on how to
replicate a cron environment at the command line would be appreciated
:)

> and see if that fixes the problem, and then further
> modify the environment to see what breaks.
>
> However, if it "sometimes" works from cron and sometimes not, then it is
> unlikely to be the environment I'd say.

On the one hand, I agree that sometimes works from cron & sometimes
not doesn't sound like an environment differences problem. On the
other hand, I don't have any other testable theory for what's causing
the problem, so it's worth spending an hour or two to see if it is an
environment or /bin/sh (cron) vs. /bin/bash (interactive) issue

> Maybe something else: any NFS
> automounting going on?

I have no idea :( A VM running Redhat with SAN storage pretty much
sums up my knowledge of that machine.

> Clashing with some other job (do the failures
> happen in particular windows in time)? Check the cron logs to see what
> else may be running at the time. Is it one F5 host or all of them that
> fail? Maybe it is host-related.

We've also got Cisco NCM collecting F5 configs. maybe related is that
it's just recently started spewing out F5 change reports that look
like this:

Configuration Diff
< 001: # Binary configuration captured, checksum: 900614
002: # Device's text version of configuration follows
003: #-----------------------------------------------------
004: provision apm {}
---
> 001: # Binary configuration captured, checksum: 710350
002: # Device's text version of configuration follows
003: #-----------------------------------------------------
004: provision apm {}


Configuration Diff
< 001: # Binary configuration captured, checksum: 710350
002: # Device's text version of configuration follows
003: #-----------------------------------------------------
004: provision apm {}
---
> 001: # Binary configuration captured, checksum: 782192
002: # Device's text version of configuration follows
003: #-----------------------------------------------------
004: provision apm {}


Configuration Diff
< 001: # Binary configuration captured, checksum: 782192
002: # Device's text version of configuration follows
003: #-----------------------------------------------------
004: provision apm {}
---
> 001: # Binary configuration captured, checksum: 764708
002: # Device's text version of configuration follows
003: #-----------------------------------------------------
004: provision apm {}

But in any case, today is the start of a 4 day weekend for me &
worrying about F5s isn't part of my plans :)

Regards,
Lee
Jethro R Binks
2011-07-01 13:05:35 UTC
Permalink
On Fri, 1 Jul 2011, Lee wrote:

> > Clashing with some other job (do the failures
> > happen in particular windows in time)? Check the cron logs to see what
> > else may be running at the time. Is it one F5 host or all of them that
> > fail? Maybe it is host-related.
>
> We've also got Cisco NCM collecting F5 configs. maybe related is that
> it's just recently started spewing out F5 change reports that look
> like this:
>
> Configuration Diff
> < 001: # Binary configuration captured, checksum: 900614
> 002: # Device's text version of configuration follows
> 003: #-----------------------------------------------------
> 004: provision apm {}
> ---
> > 001: # Binary configuration captured, checksum: 710350
> 002: # Device's text version of configuration follows
> 003: #-----------------------------------------------------
> 004: provision apm {}

That should be avoidable by modifying f5rancid to ignore those checksum
lines in the subroutine that handles the output of the command that
produces them. Unfortunately I know nothing about them so can't even
begin to suggest where that is, but taking a look at the code now there's
a similar example:

# This routine parses "bigpipe db show"
sub ShowDb {
my($line) = (0);
print STDERR " In ShowDb: $_" if ($debug);

while (<INPUT>) {
tr/\015//d;
...
/UCS.LoadTime/ && next;
/Configsync\..*Time/ && next;

Here, lines matching /UCS.LoadTime/ and /Configsync\..*Time/ are skipped.
So I guess you need a similar line, in the appropriate sub, to skip lines
matching /Binary configuration captured, checksum:/.

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
Lee
2011-07-13 23:57:57 UTC
Permalink
On 6/30/11, Lee <***@gmail.com> wrote:
> On 6/28/11, Jethro R Binks <***@strath.ac.uk> wrote:
>> On Mon, 27 Jun 2011, Lee wrote:
>>
>>> After seeing that the regularly scheduled rancid run failed to get
>>> several F5 configs this morning I ran it manually:
>>>
>>> export NOPIPE=YES
>>> rancid-run F5
>>>
>>> rancid collected all the configs & no errors in the log. Crontab
>>> kicked off the rancid run later in the day & several F5s showed up in
>>> the log with the
>>> missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls
>>> --full-time --color=never /config/ssl/ssl.key
>>>
>>> again, run rancid manually with NOPIPE=YES and everything works.
>>>
>>> Any thoughts on how to debug the problem would be appreciated since
>>> the standard debugging suggestion is to set NOPIPE and use the -d
>>> option. I have yet to see rancid fail to get an F5 config if nopipe
>>> is set
>>
>> In that case, in rancid.conf you can set NOPIPE permanently:
>>
>> # if NOPIPE is set, temp files will be used instead of a cmd pipe during
>> # collection from the router(s).
>> NOPIPE=YES; export NOPIPE
>
> Well!! It doesn't seem to depend on NOPIPE. rancid run manually to
> collect F5 configs works -- with NOPIPE set or clear. Rancid run from
> crontab sometimes works, sometimes not.
>
> Unless someone beats me to it (hint, hint :) I'll try to figure out
> next week if it's an env. variable setting missing from the crontab
> run that's causing the problem

I've been dicking with this off & on for about a week now & I'm stuck.

How do you change the line width on an F5???

(names changed to protect the guilty :)
[prompt] ~ # bigpipe route static show^M
No Routing Table Entries were found.^M
[prompt] ~ # stty cols 160^M
[prompt] ~ # ls --full-time --color=never /config/ssl/ssl ^M.crt^M
total 3056^M

that space, carriage return on the echoed "ls --full-time" command
occurs at column 81. Even with an "stty cols 160" added to the
f5rancid commandtable the darn F5 *still* splits the echoed command at
column 80 when rancid is called via crontab.

The annoying part is that logging in from a term window of 132 columns
I can use stty to change the width down to 80 and see the F5 add the
<cr> in the echoed output. Do an 'stty cols 160' and it echos the
command with no added carriage returns.

So..... am I doing something wrong? "stty cols NNN" works when I ssh
in but it's not working for me when rancid is called from cron. Is
there some other way to tell an F5 not to default to "stty cols 80" or
not to do line wraps?

TIA,
Lee
Lee
2011-07-15 00:08:22 UTC
Permalink
On 7/13/11, Lee <***@gmail.com> wrote:
> On 6/30/11, Lee <***@gmail.com> wrote:
>> On 6/28/11, Jethro R Binks <***@strath.ac.uk> wrote:
>>> On Mon, 27 Jun 2011, Lee wrote:
<.. snip talk about NOPIPE & line width ..>

> [prompt] ~ # bigpipe route static show^M
> No Routing Table Entries were found.^M
> [prompt] ~ # stty cols 160^M
> [prompt] ~ # ls --full-time --color=never /config/ssl/ssl ^M.crt^M
> total 3056^M
>
> that space, carriage return on the echoed "ls --full-time" command
> occurs at column 81. Even with an "stty cols 160" added to the
> f5rancid commandtable the darn F5 *still* splits the echoed command at
> column 80 when rancid is called via crontab.

Sprinkle enough "s/ \015//;" lines in f5rancid after the "while
(<INPUT>) {" and it works for me now when run from cron (see attached
patch)

I do not know perl; I'd appreciate it if someone could explain why
"tr/ \015//d;" doesn't get rid of the embedded [space][cr] but "s/
\015//;" does.

It would also be nice if someone could figure out how to change the F5
line width to 160 chars from the default 80. I think that'd be better
than removing any embedded [space][cr]

Lee
Ben O'Hara
2011-07-15 16:46:41 UTC
Permalink
On 15 Jul 2011, at 02:08, Lee wrote:

> On 7/13/11, Lee <***@gmail.com> wrote:
>> On 6/30/11, Lee <***@gmail.com> wrote:
>>> On 6/28/11, Jethro R Binks <***@strath.ac.uk> wrote:
>>>> On Mon, 27 Jun 2011, Lee wrote:
> <.. snip talk about NOPIPE & line width ..>
>
>> [prompt] ~ # bigpipe route static show^M
>> No Routing Table Entries were found.^M
>> [prompt] ~ # stty cols 160^M
>> [prompt] ~ # ls --full-time --color=never /config/ssl/ssl ^M.crt^M
>> total 3056^M
>>
>> that space, carriage return on the echoed "ls --full-time" command
>> occurs at column 81. Even with an "stty cols 160" added to the
>> f5rancid commandtable the darn F5 *still* splits the echoed command at
>> column 80 when rancid is called via crontab.
>
> Sprinkle enough "s/ \015//;" lines in f5rancid after the "while
> (<INPUT>) {" and it works for me now when run from cron (see attached
> patch)
>
> I do not know perl; I'd appreciate it if someone could explain why
> "tr/ \015//d;" doesn't get rid of the embedded [space][cr] but "s/
> \015//;" does.
>
> It would also be nice if someone could figure out how to change the F5
> line width to 160 chars from the default 80. I think that'd be better
> than removing any embedded [space][cr]
>
> Lee

Hi,

FYI, I applied this patch this morning and havent seen ant problems since, thanks!

Ben

--
Ben O'Hara RIPE Network Coordination Center
Senior Systems Engineer Singel 258, Amsterdam, NL
http://www.ripe.net +31 20 535 4444
PGP Fingerprint: 080A 52FF BF0A A7FB F176 E7DB 513D 9A3D E968 7DBC
Lee
2011-07-16 17:26:41 UTC
Permalink
On 7/15/11, Ben O'Hara <***@ripe.net> wrote:
>
> On 15 Jul 2011, at 02:08, Lee wrote:
>
>> On 7/13/11, Lee <***@gmail.com> wrote:
>>> On 6/30/11, Lee <***@gmail.com> wrote:
>>>> On 6/28/11, Jethro R Binks <***@strath.ac.uk> wrote:
>>>>> On Mon, 27 Jun 2011, Lee wrote:
>> <.. snip talk about NOPIPE & line width ..>
>>
>>> [prompt] ~ # bigpipe route static show^M
>>> No Routing Table Entries were found.^M
>>> [prompt] ~ # stty cols 160^M
>>> [prompt] ~ # ls --full-time --color=never /config/ssl/ssl ^M.crt^M
>>> total 3056^M
>>>
>>> that space, carriage return on the echoed "ls --full-time" command
>>> occurs at column 81. Even with an "stty cols 160" added to the
>>> f5rancid commandtable the darn F5 *still* splits the echoed command at
>>> column 80 when rancid is called via crontab.
>>
>> Sprinkle enough "s/ \015//;" lines in f5rancid after the "while
>> (<INPUT>) {" and it works for me now when run from cron (see attached
>> patch)
>>
>> I do not know perl; I'd appreciate it if someone could explain why
>> "tr/ \015//d;" doesn't get rid of the embedded [space][cr] but "s/
>> \015//;" does.
>>
>> It would also be nice if someone could figure out how to change the F5
>> line width to 160 chars from the default 80. I think that'd be better
>> than removing any embedded [space][cr]
>>
>> Lee
>
> Hi,
>
> FYI, I applied this patch this morning and havent seen ant problems since,
> thanks!

Great! Thanks for confirming it works :)

Lee
Krzysztof Zygmunt
2011-06-23 07:12:10 UTC
Permalink
Hi,

Kind of off topic but ...

Is there any way to make rancid work (getting configs from bigips
using "sudo") ?
That'd be great !

2011/6/22 Eric Jagaeus <***@rebtel.com>:
>> Chris,
>
>>
>
>> You're doing anything wrong.  You'll probably find that you can
>> 'rancid-run -r <dev name>' and have it backup properly.  I would recommend
>> getting a good backup of the keys once and then comment out the lines in the
>> command table.
>
>
>
> why?  what is special about the keys?
>
>
>
>> -ryan
>
>>
>
>> -----Original Message-----
>
>> From: rancid-discuss-bounces at shrubbery.net
>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Moody
>
>> Sent: Monday, January 31, 2011 3:29 PM
>
>> To: rancid-discuss at shrubbery.net
>
>> Subject: [rancid] Need some Help - F5's in RANCID
>
>>
>
>> I need a second set of eyes to help me figure out what I'm missing or
>> doing wrong.
>
>>
>
>> I have a number of F5 LTM Load-Balancers that I'm trying to back up with
>
>> RANCID.    The trouble I'm running into is that they were backing up
>
>> fine for a short while, but have recently stopped backing up and continue
>> showing the following in the logs:
>
>> =====================================
>
>> Getting missed routers: round 4.
>
>> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never
>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>
>> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never
>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>
>>
>
>> I've been debugging and have verified the following:
>
>> - I have valid and functioning credentials in the .cloginrc file
>
>> - I have the devices listed in a 'load-balancer' group's router.db file
>> with the keyword 'f5' and the flag 'up'
>
>> - I have tested the login via clogin  - works fine
>
>>     (I have run clogin with the '-c' command list that f5rancid
>> issues...and everything works fine)
>
>> - I have run f5rancid in debug mode - works fine
>
>>     (when I run this I see that all the commands run and see a "HIT
>> COMMAND" next to every command issued)
>
>>
>
>> I am running version '2.3.2' (I have plans to upgrade to '2.3.6' soon)
>
>>
>
>> Anyone run into this kind of behavior with F5's?
>
>>
>
>> Any insights, hints, comments or criticisms welcome.
>
>> -Chris
>
>
>
> Hi Chris,
>
>
>
> Got exactly the same issue when we deployed some new F5's running 10.x
>
>
>
> What version of Big-IP are you running? Got these errors with BIG-IP 10.2.1
> Build 297.0 Final but not in 9.x.
>
>
>
> Removing the commands from f5rancid solved it, but I'd like to know why it
> fails.
>
>
>
> --- /usr/libexec/rancid/f5rancid        2011-06-22 12:11:48.000000000 +0000
>
> +++ /usr/libexec/rancid/f5rancid.org    2011-06-22 11:58:27.000000000 +0000
>
> @@ -524,8 +524,8 @@
>
>         {'bigpipe base list'            => 'ShowBaseRun'},
>
>         {'bigpipe db show'              => 'ShowDb'},
>
>         {'bigpipe route static show'    => 'ShowRouteStatic'},
>
> -       #{'ls --full-time --color=never /config/ssl/ssl.crt' =>
> 'ShowSslCrt'},
>
> -       #{'ls --full-time --color=never /config/ssl/ssl.key' =>
> 'ShowSslKey'},
>
> +       {'ls --full-time --color=never /config/ssl/ssl.crt' =>
> 'ShowSslCrt'},
>
> +       {'ls --full-time --color=never /config/ssl/ssl.key' =>
> 'ShowSslKey'},
>
>         {'bigpipe list'                 => 'WriteTerm'}
>
> );
>
>
>
>
>
>
>
> Eric Jagaeus
> Rebtel Networks AB
> Augustendalsvägen 19, 7th floor
> Box 1182
> 131 27 Nacka Strand
> Sweden
> Mobile:   +46 70 7885989
> ***@rebtel.com
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-***@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
Krzysztof Zygmunt
2011-06-24 06:13:20 UTC
Permalink
Hi,

I'm asking because I wanted to get bigips configs using rancid but not
giving him (rancid) privileges to do everything (root account).

There are some ways we can try:
- login and jump directly to bigpipe shell (we can not dowload certain
files then)
- login and jump directly to tmsh (the same as above)
- login and get root privileges but to limit what rancid script can do
(use sudo)

and what sudo is, eg.:
http://linux.about.com/od/commands/l/blcmdl8_sudo.htm

On Thu, Jun 23, 2011 at 9:12 AM, Krzysztof Zygmunt
<***@gmail.com> wrote:
> Hi,
>
> Kind of off topic but ...
>
> Is there any way to make rancid work (getting configs from bigips
> using "sudo") ?
> That'd be great !
>
> 2011/6/22 Eric Jagaeus <***@rebtel.com>:
>>> Chris,
>>
>>>
>>
>>> You're doing anything wrong.  You'll probably find that you can
>>> 'rancid-run -r <dev name>' and have it backup properly.  I would recommend
>>> getting a good backup of the keys once and then comment out the lines in the
>>> command table.
>>
>>
>>
>> why?  what is special about the keys?
>>
>>
>>
>>> -ryan
>>
>>>
>>
>>> -----Original Message-----
>>
>>> From: rancid-discuss-bounces at shrubbery.net
>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Moody
>>
>>> Sent: Monday, January 31, 2011 3:29 PM
>>
>>> To: rancid-discuss at shrubbery.net
>>
>>> Subject: [rancid] Need some Help - F5's in RANCID
>>
>>>
>>
>>> I need a second set of eyes to help me figure out what I'm missing or
>>> doing wrong.
>>
>>>
>>
>>> I have a number of F5 LTM Load-Balancers that I'm trying to back up with
>>
>>> RANCID.    The trouble I'm running into is that they were backing up
>>
>>> fine for a short while, but have recently stopped backing up and continue
>>> showing the following in the logs:
>>
>>> =====================================
>>
>>> Getting missed routers: round 4.
>>
>>> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never
>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>
>>> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never
>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>
>>>
>>
>>> I've been debugging and have verified the following:
>>
>>> - I have valid and functioning credentials in the .cloginrc file
>>
>>> - I have the devices listed in a 'load-balancer' group's router.db file
>>> with the keyword 'f5' and the flag 'up'
>>
>>> - I have tested the login via clogin  - works fine
>>
>>>     (I have run clogin with the '-c' command list that f5rancid
>>> issues...and everything works fine)
>>
>>> - I have run f5rancid in debug mode - works fine
>>
>>>     (when I run this I see that all the commands run and see a "HIT
>>> COMMAND" next to every command issued)
>>
>>>
>>
>>> I am running version '2.3.2' (I have plans to upgrade to '2.3.6' soon)
>>
>>>
>>
>>> Anyone run into this kind of behavior with F5's?
>>
>>>
>>
>>> Any insights, hints, comments or criticisms welcome.
>>
>>> -Chris
>>
>>
>>
>> Hi Chris,
>>
>>
>>
>> Got exactly the same issue when we deployed some new F5's running 10.x
>>
>>
>>
>> What version of Big-IP are you running? Got these errors with BIG-IP 10.2.1
>> Build 297.0 Final but not in 9.x.
>>
>>
>>
>> Removing the commands from f5rancid solved it, but I'd like to know why it
>> fails.
>>
>>
>>
>> --- /usr/libexec/rancid/f5rancid        2011-06-22 12:11:48.000000000 +0000
>>
>> +++ /usr/libexec/rancid/f5rancid.org    2011-06-22 11:58:27.000000000 +0000
>>
>> @@ -524,8 +524,8 @@
>>
>>         {'bigpipe base list'            => 'ShowBaseRun'},
>>
>>         {'bigpipe db show'              => 'ShowDb'},
>>
>>         {'bigpipe route static show'    => 'ShowRouteStatic'},
>>
>> -       #{'ls --full-time --color=never /config/ssl/ssl.crt' =>
>> 'ShowSslCrt'},
>>
>> -       #{'ls --full-time --color=never /config/ssl/ssl.key' =>
>> 'ShowSslKey'},
>>
>> +       {'ls --full-time --color=never /config/ssl/ssl.crt' =>
>> 'ShowSslCrt'},
>>
>> +       {'ls --full-time --color=never /config/ssl/ssl.key' =>
>> 'ShowSslKey'},
>>
>>         {'bigpipe list'                 => 'WriteTerm'}
>>
>> );
>>
>>
>>
>>
>>
>>
>>
>> Eric Jagaeus
>> Rebtel Networks AB
>> Augustendalsvägen 19, 7th floor
>> Box 1182
>> 131 27 Nacka Strand
>> Sweden
>> Mobile:   +46 70 7885989
>> ***@rebtel.com
>>
>>
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-***@shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
Lance Vermilion
2011-06-27 04:22:08 UTC
Permalink
Does version 10.x allow you to use sudo?

I didn't know that tmsh knew about sudo. I thought root was granted
automatically if you are given access to tmsh.

On Thursday, June 23, 2011, Krzysztof Zygmunt
<***@gmail.com> wrote:
> Hi,
>
> I'm asking because I wanted to get bigips configs using rancid but not
> giving him (rancid) privileges to do everything (root account).
>
> There are some ways we can try:
> - login and jump directly to bigpipe shell (we can not dowload certain
> files then)
> - login and jump directly to tmsh (the same as above)
> - login and get root privileges but to limit what rancid script can do
> (use sudo)
>
> and what sudo is,   eg.:
> http://linux.about.com/od/commands/l/blcmdl8_sudo.htm
>
> On Thu, Jun 23, 2011 at 9:12 AM, Krzysztof Zygmunt
> <***@gmail.com> wrote:
>> Hi,
>>
>> Kind of off topic but ...
>>
>> Is there any way to make rancid work (getting configs from bigips
>> using "sudo") ?
>> That'd be great !
>>
>> 2011/6/22 Eric Jagaeus <***@rebtel.com>:
>>>> Chris,
>>>
>>>>
>>>
>>>> You're doing anything wrong.  You'll probably find that you can
>>>> 'rancid-run -r <dev name>' and have it backup properly.  I would recommend
>>>> getting a good backup of the keys once and then comment out the lines in the
>>>> command table.
>>>
>>>
>>>
>>> why?  what is special about the keys?
>>>
>>>
>>>
>>>> -ryan
>>>
>>>>
>>>
>>>> -----Original Message-----
>>>
>>>> From: rancid-discuss-bounces at shrubbery.net
>>>> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Moody
>>>
>>>> Sent: Monday, January 31, 2011 3:29 PM
>>>
>>>> To: rancid-discuss at shrubbery.net
>>>
>>>> Subject: [rancid] Need some Help - F5's in RANCID
>>>
>>>>
>>>
>>>> I need a second set of eyes to help me figure out what I'm missing or
>>>> doing wrong.
>>>
>>>>
>>>
>>>> I have a number of F5 LTM Load-Balancers that I'm trying to back up with
>>>
>>>> RANCID.    The trouble I'm running into is that they were backing up
>>>
>>>> fine for a short while, but have recently stopped backing up and continue
>>>> showing the following in the logs:
>>>
>>>> =====================================
>>>
>>>> Getting missed routers: round 4.
>>>
>>>> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never
>>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>>
>>>> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never
>>>> /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key
>>>
>>>>
>>>
>>>> I've been debugging and have verified the following:
>>>
>>>> - I have valid and functioning credentials in the .cloginrc file
>>>
>>>> - I have the devices listed in a 'load-balancer' group's router.db file
>>>> with the keyword 'f5' and the flag 'up'
>>>
>>>> - I have tested the login via clogin  - works fine
>>>
>>>>     (I have run clogin with the '-c' command list that f5rancid
>>>> issues...and everything works fine)
>>>
>>>> - I have run f5rancid in debug mode - works fine
>>>
>>>>     (when I run this I see that all the commands run and see a "HIT
>>>> COMMAND" next to every command issued)
>>>
>>>>
>>>
>>>> I am running version '2.3.2' (I have plans to upgrade to '2.3.6' soon)
>>>
>>>>
>>>
>>>> Anyone run into this kind of behavior with F5's?
>>>
>>>>
>>>
>>>> Any insights, hints, comments or criticisms welcome.
>>>
>>>> -Chris
>>>
>>>
>>>
>>> Hi Chris,
>>>
>>>
>>>
>>> Got exactly the same issue when we deployed some new F5's running 10.x
>>>
>>>
>>>
>>> What version of Big-IP are you running? Got these errors with BIG-IP 10.2.1
>>> Build 297.0 Final but not in 9.x.
>>>
>>>
>>>
>>> Removing the commands from f5rancid solved it, but I'd like to know why it
>>> fails.
>>>
>>>
>>>
>>> --- /usr/libexec/rancid/f5rancid        2011-06-22 12:11:48.000000000 +0000
>>>
>>> +++ /usr/libexec/rancid/f5rancid.org    2011-06-22 11:58:27.000000000 +0000
>>>
>>
Continue reading on narkive:
Loading...