Discussion:
[rancid] Device not contacted
Ryan Milton
2013-12-17 15:39:40 UTC
Permalink
Hi all (Alan),

Rancid has generally been running smooth as can be with my small deployment. I have just added two more Netscreen firewalls, to bring to a total of 6 Netscreen204s.


Only issue is that one of the new devices is being a pain with that dreaded "The following routers have not been successfully contacted for more than 4 hours." Error.



All devices have same login in the .clonginrc



All devices can be logged into manually using the nlogin script.


Log files only show:

Getting missed routers: round 1.

195.3.XXX.XXX: missed cmd(s): get conf

195.3.XXX.XXX: End of run not found

#


The router.db file is fine, and the FW has the correct login info. Any idea what might the issue be?

Regards,
Ryan Milton
MVS Network Manager
o: 201-447-1505 x124
c: 862-249-5230
www.mvsusa.com<http://www.mvsusa.com/>
[MVS final logo GOOD very small]
Alan McKinnon
2013-12-18 00:22:55 UTC
Permalink
Hi Ryan,

Run this manually:

nlogin -t 90 -c"get system;get conf" <firewall address> | less

It's the same command that nrancid will run. You can pipe the output to
less, or redirect it to a file or whatever, the idea here is to be able
to examine the output at leisure.

"missed cmds" always means little more than "something went wrong", it's
your signal to sharpen those debugging tools :-)

I'm not familiar with NetScreens, but there's only two commands run by
nrancid so it gets easier. Look at the nlogin output above carefully
with fresh eyeballs. At the point where get system ends and get conf
starts, is there anything odd there? Is the prompt correct?

The code that finds the start of each command in the output and runs the
correct sub is this (edited for clarity):


TOP: while(<INPUT>) {
while (/>\s*($cmds_regexp)\s*$/) {
$cmd = $1;
if (!defined($prompt)) {
$prompt = ($_ =~ /^([^>]+->)/)[0];
$prompt =~ s/([][}{)(\\])/\\$1/g;
print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
}
$rval = &{$commands{$cmd}};
delete($commands{$cmd});
if ($rval == -1) {
last TOP;
}
}
}

and the sub does this (also edited for clarity):

sub GetSystem {

while (<INPUT>) {
last if(/$prompt/);
}
}

Basically, if the prompt doesn't match what the script expects it to be,
GetSystem runs till the very end, GetConf never runs at all, and "get
conf" is tagged as not being detected - the error you see.

The prompt must match the regexes in the "if (!defined($prompt))" for
all of this magic to work at all.

If nothing seems untoward at this point, run:

nrancid -d <firewall address> and look for the text "PROMPT MATCH",
verify that it matches reality.

There can be other reasons for this error, but lets go for the common
low hanging fruit first.
Post by Ryan Milton
Hi all (Alan),
Rancid has generally been running smooth as can be with my small
deployment. I have just added two more Netscreen firewalls, to bring to
a total of 6 Netscreen204s.
Only issue is that one of the new devices is being a pain with that
dreaded “The following routers have not been successfully contacted for
more than 4 hours.” Error.
All devices have same login in the .clonginrc
All devices can be logged into manually using the nlogin script.
Getting missed routers: round 1.
195.3.XXX.XXX: missed cmd(s): get conf
195.3.XXX.XXX: End of run not found
#
The router.db file is fine, and the FW has the correct login info. Any
idea what might the issue be?
Regards,
Ryan Milton
MVS Network Manager
o: 201-447-1505 x124
c: 862-249-5230
www.mvsusa.com <http://www.mvsusa.com/>
MVS final logo GOOD very small
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Alan McKinnon
***@gmail.com
Ryan Milton
2013-12-18 18:25:04 UTC
Permalink
Thanks Alan,

I don¹t think I even get that far! I get a hangup almost immediately.

BUT! I noticed that there should have been no issue given that those
commands worked perfectly. The problem was that the Netscreen was set to
³| more² rather than blurt out the whole config! That was a minor change
to the console output command to not limit to 20 lines at a time.

So, then I tested with rancid-run, it all worked!

Thanks for the time/tips, that was helpful to find the root cause.

Regards,
Ryan Milton
MVS Network Manager
o: 201.447.1505 x124
c: 862-249-5230
Post by Alan McKinnon
Hi Ryan,
nlogin -t 90 -c"get system;get conf" <firewall address> | less
It's the same command that nrancid will run. You can pipe the output to
less, or redirect it to a file or whatever, the idea here is to be able
to examine the output at leisure.
"missed cmds" always means little more than "something went wrong", it's
your signal to sharpen those debugging tools :-)
I'm not familiar with NetScreens, but there's only two commands run by
nrancid so it gets easier. Look at the nlogin output above carefully
with fresh eyeballs. At the point where get system ends and get conf
starts, is there anything odd there? Is the prompt correct?
The code that finds the start of each command in the output and runs the
TOP: while(<INPUT>) {
while (/>\s*($cmds_regexp)\s*$/) {
$cmd = $1;
if (!defined($prompt)) {
$prompt = ($_ =~ /^([^>]+->)/)[0];
$prompt =~ s/([][}{)(\\])/\\$1/g;
print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
}
$rval = &{$commands{$cmd}};
delete($commands{$cmd});
if ($rval == -1) {
last TOP;
}
}
}
sub GetSystem {
while (<INPUT>) {
last if(/$prompt/);
}
}
Basically, if the prompt doesn't match what the script expects it to be,
GetSystem runs till the very end, GetConf never runs at all, and "get
conf" is tagged as not being detected - the error you see.
The prompt must match the regexes in the "if (!defined($prompt))" for
all of this magic to work at all.
nrancid -d <firewall address> and look for the text "PROMPT MATCH",
verify that it matches reality.
There can be other reasons for this error, but lets go for the common
low hanging fruit first.
Post by Ryan Milton
Hi all (Alan),
Rancid has generally been running smooth as can be with my small
deployment. I have just added two more Netscreen firewalls, to bring to
a total of 6 Netscreen204s.
Only issue is that one of the new devices is being a pain with that
dreaded ³The following routers have not been successfully contacted for
more than 4 hours.² Error.
All devices have same login in the .clonginrc
All devices can be logged into manually using the nlogin script.
Getting missed routers: round 1.
195.3.XXX.XXX: missed cmd(s): get conf
195.3.XXX.XXX: End of run not found
#
The router.db file is fine, and the FW has the correct login info. Any
idea what might the issue be?
Regards,
Ryan Milton
MVS Network Manager
o: 201-447-1505 x124
c: 862-249-5230
www.mvsusa.com <http://www.mvsusa.com/>
MVS final logo GOOD very small
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Alan McKinnon
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Alan McKinnon
2013-12-18 21:43:33 UTC
Permalink
Hi Ryan

Glad you got that one sorted out.

Is there a command on the Netscreen to disable the pager for a session,
like "terminal length 0" in IOS?

If so, please post it so the command can be added to nlogin.
otherwise you are forced to disable the pager in the device config
always, that seems overly-restrictive
Post by Ryan Milton
Thanks Alan,
I don¹t think I even get that far! I get a hangup almost immediately.
BUT! I noticed that there should have been no issue given that those
commands worked perfectly. The problem was that the Netscreen was set to
³| more² rather than blurt out the whole config! That was a minor change
to the console output command to not limit to 20 lines at a time.
So, then I tested with rancid-run, it all worked!
Thanks for the time/tips, that was helpful to find the root cause.
Regards,
Ryan Milton
MVS Network Manager
o: 201.447.1505 x124
c: 862-249-5230
Post by Alan McKinnon
Hi Ryan,
nlogin -t 90 -c"get system;get conf" <firewall address> | less
It's the same command that nrancid will run. You can pipe the output to
less, or redirect it to a file or whatever, the idea here is to be able
to examine the output at leisure.
"missed cmds" always means little more than "something went wrong", it's
your signal to sharpen those debugging tools :-)
I'm not familiar with NetScreens, but there's only two commands run by
nrancid so it gets easier. Look at the nlogin output above carefully
with fresh eyeballs. At the point where get system ends and get conf
starts, is there anything odd there? Is the prompt correct?
The code that finds the start of each command in the output and runs the
TOP: while(<INPUT>) {
while (/>\s*($cmds_regexp)\s*$/) {
$cmd = $1;
if (!defined($prompt)) {
$prompt = ($_ =~ /^([^>]+->)/)[0];
$prompt =~ s/([][}{)(\\])/\\$1/g;
print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
}
$rval = &{$commands{$cmd}};
delete($commands{$cmd});
if ($rval == -1) {
last TOP;
}
}
}
sub GetSystem {
while (<INPUT>) {
last if(/$prompt/);
}
}
Basically, if the prompt doesn't match what the script expects it to be,
GetSystem runs till the very end, GetConf never runs at all, and "get
conf" is tagged as not being detected - the error you see.
The prompt must match the regexes in the "if (!defined($prompt))" for
all of this magic to work at all.
nrancid -d <firewall address> and look for the text "PROMPT MATCH",
verify that it matches reality.
There can be other reasons for this error, but lets go for the common
low hanging fruit first.
Post by Ryan Milton
Hi all (Alan),
Rancid has generally been running smooth as can be with my small
deployment. I have just added two more Netscreen firewalls, to bring to
a total of 6 Netscreen204s.
Only issue is that one of the new devices is being a pain with that
dreaded ³The following routers have not been successfully contacted for
more than 4 hours.² Error.
All devices have same login in the .clonginrc
All devices can be logged into manually using the nlogin script.
Getting missed routers: round 1.
195.3.XXX.XXX: missed cmd(s): get conf
195.3.XXX.XXX: End of run not found
#
The router.db file is fine, and the FW has the correct login info. Any
idea what might the issue be?
Regards,
Ryan Milton
MVS Network Manager
o: 201-447-1505 x124
c: 862-249-5230
www.mvsusa.com <http://www.mvsusa.com/>
MVS final logo GOOD very small
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Alan McKinnon
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Alan McKinnon
***@gmail.com
Ryan Milton
2013-12-19 01:47:57 UTC
Permalink
Exactly! That is exactly what there is. I’m close to throwing the
Netscreens out for newer Juniper SRX devices.

Ryan
Post by Alan McKinnon
Hi Ryan
Glad you got that one sorted out.
Is there a command on the Netscreen to disable the pager for a session,
like "terminal length 0" in IOS?
If so, please post it so the command can be added to nlogin.
otherwise you are forced to disable the pager in the device config
always, that seems overly-restrictive
Post by Ryan Milton
Thanks Alan,
I don¹t think I even get that far! I get a hangup almost immediately.
BUT! I noticed that there should have been no issue given that those
commands worked perfectly. The problem was that the Netscreen was set to
³| more² rather than blurt out the whole config! That was a minor change
to the console output command to not limit to 20 lines at a time.
So, then I tested with rancid-run, it all worked!
Thanks for the time/tips, that was helpful to find the root cause.
Regards,
Ryan Milton
MVS Network Manager
o: 201.447.1505 x124
c: 862-249-5230
Post by Alan McKinnon
Hi Ryan,
nlogin -t 90 -c"get system;get conf" <firewall address> | less
It's the same command that nrancid will run. You can pipe the output to
less, or redirect it to a file or whatever, the idea here is to be able
to examine the output at leisure.
"missed cmds" always means little more than "something went wrong", it's
your signal to sharpen those debugging tools :-)
I'm not familiar with NetScreens, but there's only two commands run by
nrancid so it gets easier. Look at the nlogin output above carefully
with fresh eyeballs. At the point where get system ends and get conf
starts, is there anything odd there? Is the prompt correct?
The code that finds the start of each command in the output and runs the
TOP: while(<INPUT>) {
while (/>\s*($cmds_regexp)\s*$/) {
$cmd = $1;
if (!defined($prompt)) {
$prompt = ($_ =~ /^([^>]+->)/)[0];
$prompt =~ s/([][}{)(\\])/\\$1/g;
print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
}
$rval = &{$commands{$cmd}};
delete($commands{$cmd});
if ($rval == -1) {
last TOP;
}
}
}
sub GetSystem {
while (<INPUT>) {
last if(/$prompt/);
}
}
Basically, if the prompt doesn't match what the script expects it to be,
GetSystem runs till the very end, GetConf never runs at all, and "get
conf" is tagged as not being detected - the error you see.
The prompt must match the regexes in the "if (!defined($prompt))" for
all of this magic to work at all.
nrancid -d <firewall address> and look for the text "PROMPT MATCH",
verify that it matches reality.
There can be other reasons for this error, but lets go for the common
low hanging fruit first.
Post by Ryan Milton
Hi all (Alan),
Rancid has generally been running smooth as can be with my small
deployment. I have just added two more Netscreen firewalls, to bring to
a total of 6 Netscreen204s.
Only issue is that one of the new devices is being a pain with that
dreaded ³The following routers have not been successfully contacted for
more than 4 hours.² Error.
All devices have same login in the .clonginrc
All devices can be logged into manually using the nlogin script.
Getting missed routers: round 1.
195.3.XXX.XXX: missed cmd(s): get conf
195.3.XXX.XXX: End of run not found
#
The router.db file is fine, and the FW has the correct login info. Any
idea what might the issue be?
Regards,
Ryan Milton
MVS Network Manager
o: 201-447-1505 x124
c: 862-249-5230
www.mvsusa.com <http://www.mvsusa.com/>
MVS final logo GOOD very small
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Alan McKinnon
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Alan McKinnon
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-
Loading...