[rancid] F5 load balancer support

What error(s) do you get when you try to run your f5rancid?

Where does it fail if you debug your f5login?

-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support BigIP F5
boxes? It should be pretty simple. All I want to do is login and type "b
list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied clogin
to f5login, copied rancid to f5rancid and added following to rancid-fe.
elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-07-13 21:30:32 UTC

Lance,

F5 login works fine with a minor error.

$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
root
[***@test-f5-01:Active] config # root
-bash: root: command not found
[***@test-f5-01:Active] config #
[***@test-f5-01:Active] config #
[***@test-f5-01:Active] config #

I don't know how to debug otherwise I would turn on debug too. If you
can provide some hints on debug, I would appreciate it.

Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

Sam Munzani

2007-07-13 21:43:24 UTC

Lance,

I edited f5login file and added "-d" on expect line. Below is what I see
in debug.
clear[5Df5login test-f5-01
expect version 5.43.0

argv[0] = /usr/local/bin/expect argv[1] = -d argv[2] =
/opt/rancid/bin/f5login argv[3] = test-f5-01

set argc 1

set argv0 "/opt/rancid/bin/f5login"

set argv "test-f5-01"

executing commands from command file /opt/rancid/bin/f5login

test-f5-01
spawn ssh -c 3des -x -l root test-f5-01

using master pty /dev/ptyp2
parent: waiting for sync byte

parent: telling child to go ahead

parent: now unsynchronized from child

spawn: returns {30412}

expect: does "" (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no

expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| $enable$)"? no

"Login invalid"? no

Password:

expect: does "Password: " (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does "Password: " (spawn_id exp4) match glob pattern "unknown
host\r"? no

expect: does "Password: " (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? yes

expect: set expect_out(0,string) "Password:"

expect: set expect_out(1,string) "Password"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) "Password:"

send: sending "***********\r" to { exp4 }

expect: continuing expect

expect: does " " (spawn_id exp4) match regular expression "(Connection
refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no

expect: does " " (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| $enable$)"? no

"Login invalid"? no

expect: does " \r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no

expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| $enable$)"? no

"Login invalid"? no

Last login: Fri Jul 13 14:38:03 2007 from 172.24.100.12

expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match regular expression
"(Connection refused|Secure connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no

expect: does " \r\nLast login: Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n" (spawn_id exp4) match glob pattern "Host is
unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match regular expression "(Connection refused|Secure
connection [^\n\r]+ refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match glob pattern "unknown host\r"? no

expect: does " Fri Jul 13 14:38:03 2007 from 172.24.100.12\r\r\n"
(spawn_id exp4) match glob pattern "Host is unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| $enable$)"? no

"Login invalid"? no

[***@test-f5-01:Active] config #

expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[***@test-f5-01:Active] config # " (spawn_id exp4)
match regular expression "(Connection refused|Secure connection [^\n\r]+
refused)"? no

"(Connection closed by|Connection to [^\n\r]+ closed)"? no

expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[***@test-f5-01:Active] config # " (spawn_id exp4)
match glob pattern "unknown host\r"? no

expect: does " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[***@test-f5-01:Active] config # " (spawn_id exp4)
match glob pattern "Host is unreachable"? no

"No address associated with name"? no

"(Host key not found |The authenticity of host .* be
established).*(yes/no)?"? no

"HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no

"Offending key for .* (yes/no)?"? no

"(denied|Sorry)"? no

"Login failed"? no

"% (Bad passwords|Authentication failed)"? no

"Press any key to continue."? no

"Enter Selection: "? no

"@[^\r\n]+ ([Pp]assword|passwd):"? no

"(Username|Login|login|user name):"? no

"([Pp]assword|passwd):"? no

"(#| $enable$)"? yes

expect: set expect_out(0,string) "#"

expect: set expect_out(1,string) "#"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " Fri Jul 13 14:38:03 2007 from
172.24.100.12\r\r\n[***@test-f5-01:Active] config #"

send: sending "\r" to { exp4 }

expect: does " " (spawn_id exp4) match regular expression "[\r\n]+"? no

"^(.+:)1 (#| $enable$)"? no

"^.+(#| $enable$)"? no

"^.+> $enable$"? no

ro

expect: does " ro" (spawn_id exp4) match regular expression "[\r\n]+"? no

"^(.+:)1 (#| $enable$)"? no

"^.+(#| $enable$)"? no

"^.+> $enable$"? no

ot

-bash: root: command not found

[***@test-f5-01:Active] config #

expect: does " root\r\n-bash: root: command not
found\r\n[***@test-f5-01:Active] config # " (spawn_id exp4) match
regular expression "[\r\n]+"? yes

expect: set expect_out(0,string) "\r\n"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " root\r\n"

expect: continuing expect

expect: does "-bash: root: command not found\r\n[***@test-f5-01:Active]
config # " (spawn_id exp4) match regular expression "[\r\n]+"? yes

expect: set expect_out(0,string) "\r\n"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) "-bash: root: command not found\r\n"

expect: continuing expect

expect: does "[***@test-f5-01:Active] config # " (spawn_id exp4) match
regular expression "[\r\n]+"? no

"^(.+:)1 (#| $enable$)"? no

"^.+(#| $enable$)"? yes

expect: set expect_out(0,string) "[***@test-f5-01:Active] config #"

expect: set expect_out(1,string) "#"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) "[***@test-f5-01:Active] config #"

tty_raw_noecho: was raw = 0 echo = 1

spawn id exp4 sent <\r\n>

spawn id exp4 sent <[***@test-f5-01:Active] config # >
[***@test-f5-01:Active] config # spawn id exp0 sent <\r>
spawn id exp4 sent <\r\n>

spawn id exp4 sent <[***@test-f5-01:Active] config # >
[***@test-f5-01:Active] config # spawn id exp0 sent <e>
spawn id exp4 sent <e>
espawn id exp0 sent <x>
spawn id exp4 sent <x>
xspawn id exp0 sent <i>
spawn id exp4 sent <i>
ispawn id exp0 sent <t>
spawn id exp4 sent <t>
tspawn id exp0 sent <\r>
spawn id exp4 sent <\r\nlogout\r\n>

logout
spawn id exp4 sent <\u001b[H\u001b[J>
[H[Jspawn id exp4 sent <Connection to test-f5-01 closed.\r\r\n>
Connection to test-f5-01 closed.

interact: received eof from spawn_id exp4
tty_set: raw = 0, echo = 1

tty_set: raw = 3, echo = 0

$
$

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

Lance

2007-07-14 19:11:23 UTC

Sam,

Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.

Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.

I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.

# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login. but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]

Let me know if this works for you.

-Lance

-------- Original Message --------
Subject: Re: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 2:30 pm
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
root
-bash: root: command not found
I don't know how to debug otherwise I would turn on debug too. If you
can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid', $router); }
Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

David Croft

2007-07-15 12:43:01 UTC

Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since it's
using SSH and therefore doesn't need a username prompt, solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd (<- something that won't get sent during login)

Regards,

David

Post by Lance
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login. but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-07-16 16:48:52 UTC

David,

Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?

Thanks,
Sam

Post by David Croft
Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since it's
using SSH and therefore doesn't need a username prompt, solution was
add userprompt ids* bldshgalsjd (<- something that won't get sent during login)
Regards,
David

Post by Lance
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login. but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-07-16 16:57:33 UTC

BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam

Post by Sam Munzani
David,
Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?
Thanks,
Sam

Post by Lance
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login. but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-07-16 18:48:35 UTC

Sam,

I have a working f5rancid that I have been using for a number of months
now. I have one minor bug related to tracking installed SSL certs
which you probably don't care about. Other than that, it works great.

I did encounter and solve all the problems you have been discussing on
the list.

Let me know if you are interested in trying what I have. I have tested
it with Big-IP 9.1.2.

Mike

________________________________

From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: ***@comcast.net
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: F5 load balancer support

BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam

David,

Thanks a lot for the tip. This worked well. Now f5login goes
much more
cleaner and the "root" doesn't set sent again. I still have
other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd" mean and how
does it do
this miracle?

Thanks,
Sam

Thanks for this tip, turns out that this is also the
reason the
username gets entered at a prompt on the cisco IPS
devices. Since it's
using SSH and therefore doesn't need a username prompt,
solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd (<- something that
won't get sent
during login)

Regards,

David

On 14/07/07, Lance <***@gheek.net>
<mailto:***@gheek.net> wrote:

Sam,

Have you tried using telnet to login, if the f5
has it enabled.
You may also want to set auto enable in your
.cloginrc for this device
as it looks to clogin as you are already in a
cisco equivalent equal to
enable since your prompt has a # sign in it.

Looking at your next email along with this one
it looks like you are
already in a cisco equivalent of enable after
you login. f5login seems
to be sending your username of root as a command
after you get connected
because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on the word
"Login". See below.

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast
login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

You are just using a Cisco login/parsing script
so it expects prompts
from a Cisco device and in this case you have a
*nix SSH banner that
gets interrupted. I know you can use RANCID to
backup *nix systems. So
it knows how to understand connecting to a *nix
system. You might want
to try this email thread which asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

Or you could modify the existing f5login like
so.

I think you have to use the carrot before the ()
to work. I haven't
checked this as I am at home and not on a UNIX
system right now. Sorry
to lazy to check it out right now. You might
want to uncomment the line
below 3. and comment out the line below 2. and
see if that works. This
is the only point in the code that I see it look
for login in any line.
If that doesn't work send me back the debug and
I will see what I can
do. I am sure some people that use expect more
often then I can probably
quickly tell you what to use as syntax there.

# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for a line beginning
with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user
name):"
#3. Modified to read for a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0]
""]

Let me know if this works for you.

-Lance

-------- Original Message --------
Subject: Re: [rancid] F5 load balancer
support
From: Sam Munzani <***@comcast.net>
<mailto:***@comcast.net>
Date: Fri, July 13, 2007 2:30 pm
To: Lance <***@gheek.net>
<mailto:***@gheek.net>
Cc: rancid-***@shrubbery.net

Lance,

F5 login works fine with a minor error.

$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Password:
Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
root
[***@test-f5-01:Active] config # root
-bash: root: command not found
[***@test-f5-01:Active] config #
[***@test-f5-01:Active] config #
[***@test-f5-01:Active] config #

I don't know how to debug otherwise I
would turn on debug too. If you
can provide some hints on debug, I would
appreciate it.

Thanks,
Sam

What error(s) do you get when you try to
run your f5rancid?

Where does it fail if you debug your
f5login?

-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer
support
From: Sam Munzani <***@comcast.net>
<mailto:***@comcast.net>
Date: Fri, July 13, 2007 12:45 pm
To: rancid-***@shrubbery.net

Hi,

Did anybody happened to hack one of
Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I
want to do is login and

type "b

list" which is equivalent of "show run"
on cisco.

However for some reason things not
working. All I did was copied

clogin

to f5login, copied rancid to f5rancid
and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid',

$router); }

Then modified f5 rancid file and kept
only one command in list of
commands "b list".

For some reason its not working. I can
post my configs here if

somebody

like to see them.

Thanks,
Sam

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-07-16 17:21:51 UTC

below.

Post by Lance
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems.
So it knows how to understand connecting to a *nix system. You might
want to try this email thread which asks about backing up Linux

conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"

Post by Lance
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now.
Sorry to lazy to check it out right now. You might want to uncomment
the line below 3. and comment out the line below 2. and see if that
works. This is the only point in the code that I see it look for

Post by Lance
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can
probably quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

-------- Original Message --------
Subject: Re: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 2:30 pm
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
-bash: root: command not found
I don't know how to debug otherwise I would turn on debug too. If
you can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list
of commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-07-16 15:39:59 UTC

Sam,

I've been working on a f5rancid script for some time now. One of my
targets was to work with the standard cisco login script [clogin].

The .clogninrc configuration I use with the clogin script for F5 Big-IP
is as follows:

add user hostname username
add userprompt hostname sshONLYnoPrompt #Any string without a match
works
add autoenable hostname 1
add method hostname ssh
add password hostname password

Hope this helps,

Mike

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Lance
Sent: Saturday, July 14, 2007 1:11 PM
To: ***@comcast.net
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: F5 load balancer support

Sam,

Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this device
as it looks to clogin as you are already in a cisco equivalent equal to
enable since your prompt has a # sign in it.

Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get connected
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.

"(Username|Login|login|user name):"? yes

expect: set expect_out(0,string) "login:"

expect: set expect_out(1,string) "login"

expect: set expect_out(spawn_id) "exp4"

expect: set expect_out(buffer) " \r\nLast login:"

send: sending "root\r" to { exp4 }

expect: continuing expect

You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
Or you could modify the existing f5login like so.

I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the line
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any line.
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can probably
quickly tell you what to use as syntax there.

# Figure out prompts
set u_prompt [find userprompt $router if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]

Let me know if this works for you.

-Lance

-------- Original Message --------
Subject: Re: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 2:30 pm
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12 root
-bash: root: command not found
I don't know how to debug otherwise I would turn on debug too. If you
can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Lance

2007-07-16 17:20:53 UTC

Sam,

What bldshgalsjd is the prompt is looks for before it sends the
username.

Example, if the the device prompted you for a username like so, you
would use the following.

Your User name:

#.cloginrc line
add userprompt f5* "Your User name:"

This would only send your username if it found the prompt of "Your User
name:" (minus the ""). So the likely hood that it will find bldshgalsjd
would be slim to almost impossible.

-lance

-------- Original Message --------
Subject: Re: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 9:48 am
David,
Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?
Thanks,
Sam

equal to

Post by Lance
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login seems
to be sending your username of root as a command after you get

connected

Post by Lance
because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects prompts
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix systems. So
it knows how to understand connecting to a *nix system. You might want
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now. Sorry
to lazy to check it out right now. You might want to uncomment the

line

Post by Lance
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any

line.

Post by Lance
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can

probably

Post by Lance
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt "^(Username|Login|login|user name):"
#2. Modified to read for a line beginning with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user name):"
#3. Modified to read for a line beginning with Login or login.
but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

you

can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-07-16 18:00:04 UTC

Lance,

That makes perfect sense. Thanks a lot for a very good logical explanation.

BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.

# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);

while (<INPUT>) {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the

}
# The ContentEngine lacks a definitive "end of config" marker. If we
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}

return(0);
}

# dummy function
sub DoNothing {print STDOUT;}

# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
$cisco_cmds=join(";",@commands);
$cmds_regexp=join("|",@commands);

All I did was changed "write term" to "b list" and changed function name
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.

starting: Mon Jul 16 12:49:05 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 12:49:32 CDT 2007

Any hints would be appreciated.

Thanks,
Sam

Post by Lance
Sam,
What bldshgalsjd is the prompt is looks for before it sends the
username.
Example, if the the device prompted you for a username like so, you
would use the following.
#.cloginrc line
add userprompt f5* "Your User name:"
This would only send your username if it found the prompt of "Your User
name:" (minus the ""). So the likely hood that it will find bldshgalsjd
would be slim to almost impossible.
-lance

equal to

connected

line

Post by Lance
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any

line.

Post by Lance
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can

probably

you

can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

john heasley

2007-07-16 21:55:57 UTC

A user gave me access to a f5, but I ran out of time and access was removed.
So, I have a nearly complete script for it that I'd like to be completed.
I'll send it to you separately.

Post by Sam Munzani
Lance,
That makes perfect sense. Thanks a lot for a very good logical explanation.
BTW, this is what I did in f5rancid(a copy of rancid). Modified it as below.
# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);
while (<INPUT>) {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the
}
# The ContentEngine lacks a definitive "end of config" marker. If we
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}
return(0);
}
# dummy function
sub DoNothing {print STDOUT;}
# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
All I did was changed "write term" to "b list" and changed function name
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.
starting: Mon Jul 16 12:49:05 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 12:49:32 CDT 2007
Any hints would be appreciated.
Thanks,
Sam

equal to

connected

line

Post by Lance
below 3. and comment out the line below 2. and see if that works. This
is the only point in the code that I see it look for login in any

line.

Post by Lance
If that doesn't work send me back the debug and I will see what I can
do. I am sure some people that use expect more often then I can

probably

you

can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Teun Vink

2007-07-16 22:21:05 UTC

Post by john heasley
A user gave me access to a f5, but I ran out of time and access was removed.
So, I have a nearly complete script for it that I'd like to be completed.
I'll send it to you separately.

If you like someone else to test it as well, feel free to send me a
copy. Unfortunately I can't provide access to a live box due to access
policies.

Regards,
Teun

Lance

2007-07-16 18:54:53 UTC

Sam,

Is that the whole file? Attach the whole file to make sure you aren't
missing anything.

Does the f5 have a pager of sort? Meaning if you run b list does it have
a <-- More --> prompt or anything else other than the config that may
show up?

Email me your IM names and we might be able to solve it faster and then
post back to the list?

-lance

-------- Original Message --------
Subject: Re: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 11:00 am
Lance,
That makes perfect sense. Thanks a lot for a very good logical
explanation.
BTW, this is what I did in f5rancid(a copy of rancid). Modified it as
below.
# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);
while (<INPUT>) {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the
}
# The ContentEngine lacks a definitive "end of config" marker. If we
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}
return(0);
}
# dummy function
sub DoNothing {print STDOUT;}
# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
All I did was changed "write term" to "b list" and changed function name
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.
starting: Mon Jul 16 12:49:05 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 12:49:32 CDT 2007
Any hints would be appreciated.
Thanks,
Sam

-------- Original Message --------
Subject: Re: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 9:48 am
David,
Thanks a lot for the tip. This worked well. Now f5login goes much

cleaner and the "root" doesn't set sent again. I still have other

issues

where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does

it do

this miracle?
Thanks,
Sam

Post by David Croft
Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since

it's

Post by David Croft
using SSH and therefore doesn't need a username prompt, solution was
add userprompt ids* bldshgalsjd (<- something that won't get sent
during login)
Regards,
David

Post by Lance
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this

device

Post by Lance
as it looks to clogin as you are already in a cisco equivalent

equal to

Post by Lance
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you are
already in a cisco equivalent of enable after you login. f5login

seems

Post by Lance
to be sending your username of root as a command after you get

connected

prompts

Post by Lance
from a Cisco device and in this case you have a *nix SSH banner that
gets interrupted. I know you can use RANCID to backup *nix

systems. So

Post by Lance
it knows how to understand connecting to a *nix system. You might

want

Post by Lance
to try this email thread which asks about backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
Or you could modify the existing f5login like so.
I think you have to use the carrot before the () to work. I haven't
checked this as I am at home and not on a UNIX system right now.

Sorry

Post by Lance
to lazy to check it out right now. You might want to uncomment the

line

Post by Lance
below 3. and comment out the line below 2. and see if that works.

This

Post by Lance
is the only point in the code that I see it look for login in any

line.

Post by Lance
If that doesn't work send me back the debug and I will see what I

can

Post by Lance
do. I am sure some people that use expect more often then I can

probably

Post by Lance
but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

you

can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in list of
commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Lance

2007-07-16 22:22:15 UTC

Nice that should be helpful. I just wish I had access to an F5 still. 2
years ago I did, now I don't as I changed companies. hehe.

-Lance

-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 2:55 pm
A user gave me access to a f5, but I ran out of time and access was
removed.
So, I have a nearly complete script for it that I'd like to be completed.
I'll send it to you separately.

Post by Sam Munzani
Lance,
That makes perfect sense. Thanks a lot for a very good logical

explanation.

Post by Sam Munzani
BTW, this is what I did in f5rancid(a copy of rancid). Modified it

as below.

Post by Sam Munzani
# This routine processes a "write term"
sub BList {
print STDERR " In BList: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);
while (<INPUT>) {
tr/\015//d;
last if(/^$prompt/);
return(-1) if (/command not found/i);
$linecnt++;
$lineauto = 0 if (/^[^ ]/);
# some versions have other crap mixed in with the bits in the
}
# The ContentEngine lacks a definitive "end of config" marker.

If we

Post by Sam Munzani
# know that it is a CE and we have seen at least 5 lines of b list
# o/p, we can be reasonably sure that we got the config.
if ($linecnt > 5) {
$found_end = 1;
return(1);
}
return(0);
}
# dummy function
sub DoNothing {print STDOUT;}
# Main
%commands=(
'b list' => "BList"
);
# keys() doesnt return things in the order entered and the order of the
# cmds is important (show version first and write term last). pita
@commands=(
"b list"
);
All I did was changed "write term" to "b list" and changed function

name

Post by Sam Munzani
too. I also changed a little bit around finding the end of input
variable. However it still doesn't work. I get following in my logs.
starting: Mon Jul 16 12:49:05 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
!
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
!
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 12:49:32 CDT 2007
Any hints would be appreciated.
Thanks,
Sam

User

Post by Lance
name:" (minus the ""). So the likely hood that it will find

bldshgalsjd

Post by Lance
would be slim to almost impossible.
-lance

-------- Original Message --------
Subject: Re: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 9:48 am
David,
Thanks a lot for the tip. This worked well. Now f5login goes much

cleaner and the "root" doesn't set sent again. I still have other

issues

where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does

it do

this miracle?
Thanks,
Sam

Post by David Croft
Thanks for this tip, turns out that this is also the reason the
username gets entered at a prompt on the cisco IPS devices. Since

it's

Post by David Croft
using SSH and therefore doesn't need a username prompt, solution was
add userprompt ids* bldshgalsjd (<- something that won't get sent
during login)
Regards,
David

Post by Lance
Sam,
Have you tried using telnet to login, if the f5 has it enabled.
You may also want to set auto enable in your .cloginrc for this

device

Post by Lance
as it looks to clogin as you are already in a cisco equivalent

equal to

Post by Lance
enable since your prompt has a # sign in it.
Looking at your next email along with this one it looks like you

are

Post by Lance
already in a cisco equivalent of enable after you login. f5login

seems

Post by Lance
to be sending your username of root as a command after you get

connected

Post by Lance
because it sees this line "Last login: Fri Jul 13 14:38:03 2007

from

Post by Lance
172.24.100.12" and it matches on the word "Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script so it expects

prompts

Post by Lance
from a Cisco device and in this case you have a *nix SSH banner

that

Post by Lance
gets interrupted. I know you can use RANCID to backup *nix

systems. So

Post by Lance
it knows how to understand connecting to a *nix system. You

might want

Sorry

Post by Lance
to lazy to check it out right now. You might want to uncomment the

line

Post by Lance
below 3. and comment out the line below 2. and see if that

works. This

Post by Lance
is the only point in the code that I see it look for login in any

line.

Post by Lance
If that doesn't work send me back the debug and I will see what

I can

Post by Lance
do. I am sure some people that use expect more often then I can

probably

Post by Lance
but I
may be wrong
#set u_prompt "^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
Let me know if this works for you.
-Lance

you

can provide some hints on debug, I would appreciate it.
Thanks,
Sam

Post by Lance
What error(s) do you get when you try to run your f5rancid?
Where does it fail if you debug your f5login?
-lance

-------- Original Message --------
Subject: [rancid] F5 load balancer support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of Cisco scripts to support

BigIP F5

boxes? It should be pretty simple. All I want to do is login and

type "b

list" which is equivalent of "show run" on cisco.
However for some reason things not working. All I did was copied

clogin

to f5login, copied rancid to f5rancid and added following to

rancid-fe.

elsif ($vendor =~ /^f5$/i) { exec('f5rancid',

$router); }

Then modified f5 rancid file and kept only one command in

list of

commands "b list".
For some reason its not working. I can post my configs here if

somebody

like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Lance

2007-07-17 00:32:01 UTC

I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.

Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.

-lance

-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 11:48 am
Sam,
I have a working f5rancid that I have been using for a number of months
now. I have one minor bug related to tracking installed SSL certs
which you probably don't care about. Other than that, it works great.
I did encounter and solve all the problems you have been discussing on
the list.
Let me know if you are interested in trying what I have. I have tested
it with Big-IP 9.1.2.
Mike
________________________________
Sent: Monday, July 16, 2007 10:58 AM
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run now. That means
the f5rancid file(hacked copy of rancid) is still missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for `configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now f5login goes
much more
cleaner and the "root" doesn't set sent again. I still have
other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this is also the
reason the
username gets entered at a prompt on the cisco IPS
devices. Since it's
using SSH and therefore doesn't need a username prompt,
solution was
add userprompt ids* bldshgalsjd (<- something that
won't get sent
during login)
Regards,
David
Sam,
Have you tried using telnet to login, if the f5
has it enabled.
You may also want to set auto enable in your
.cloginrc for this device
as it looks to clogin as you are already in a
cisco equivalent equal to
enable since your prompt has a # sign in it.
Looking at your next email along with this one
it looks like you are
already in a cisco equivalent of enable after
you login. f5login seems
to be sending your username of root as a command
after you get connected
because it sees this line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on the word
"Login". See below.
"(Username|Login|login|user name):"? yes
expect: set expect_out(0,string) "login:"
expect: set expect_out(1,string) "login"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) " \r\nLast
login:"
send: sending "root\r" to { exp4 }
expect: continuing expect
You are just using a Cisco login/parsing script
so it expects prompts
from a Cisco device and in this case you have a
*nix SSH banner that
gets interrupted. I know you can use RANCID to
backup *nix systems. So
it knows how to understand connecting to a *nix
system. You might want
to try this email thread which asks about
backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
Or you could modify the existing f5login like
so.
I think you have to use the carrot before the ()
to work. I haven't
checked this as I am at home and not on a UNIX
system right now. Sorry
to lazy to check it out right now. You might
want to uncomment the line
below 3. and comment out the line below 2. and
see if that works. This
is the only point in the code that I see it look
for login in any line.
If that doesn't work send me back the debug and
I will see what I can
do. I am sure some people that use expect more
often then I can probably
quickly tell you what to use as syntax there.
# Figure out prompts
set u_prompt [find userprompt $router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for a line beginning
with
Username,Login,login, or
user name.
set u_prompt "^(Username|Login|login|user
name):"
#3. Modified to read for a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0]
""]
Let me know if this works for you.
-Lance
-------- Original Message --------
Subject: Re: [rancid] F5 load balancer
support
Date: Fri, July 13, 2007 2:30 pm
Lance,
F5 login works fine with a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l root test-f5-01
Last login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
root
-bash: root: command not found
I don't know how to debug otherwise I
would turn on debug too. If you
can provide some hints on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get when you try to
run your f5rancid?
Where does it fail if you debug your
f5login?
-lance
-------- Original Message --------
Subject: [rancid] F5 load balancer
support
Date: Fri, July 13, 2007 12:45 pm
Hi,
Did anybody happened to hack one of
Cisco scripts to support
BigIP F5
boxes? It should be pretty simple. All I
want to do is login and
type "b
list" which is equivalent of "show run"
on cisco.
However for some reason things not
working. All I did was copied
clogin
to f5login, copied rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~ /^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid file and kept
only one command in list of
commands "b list".
For some reason its not working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-07-17 17:49:18 UTC

I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort.

It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.

This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a tech
out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.

I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly from
the command line on all devices [making it difficult to track down]. I
mention this because it may be an appropriate fix for other intermittent
problems sometimes discussed on this list.

Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.

Thanks,

Mike

________________________________

From: Sam Munzani [mailto:***@munzani.com]
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support

Lance,

Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.

All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam

I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.

Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.

-lance

-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <***@omniture.com>
<mailto:***@omniture.com>
Date: Mon, July 16, 2007 11:48 am
To: <***@munzani.com> <mailto:***@munzani.com>
Cc: rancid-***@shrubbery.net

Sam,

I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.

I did encounter and solve all the problems you have been
discussing on
the list.

Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.

Mike

________________________________

From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: ***@comcast.net
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: F5 load balancer support

BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam

David,

Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.

Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?

Thanks,
Sam

Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)

Regards,

David

On 14/07/07, Lance <***@gheek.net>
<mailto:***@gheek.net>
<mailto:***@gheek.net> <mailto:***@gheek.net>
wrote:

Sam,

Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.

Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.

"(Username|Login|login|user
name):"? yes

expect: set expect_out(0,string)
"login:"

expect: set expect_out(1,string)
"login"

expect: set expect_out(spawn_id)
"exp4"

expect: set expect_out(buffer) "
\r\nLast
login:"

send: sending "root\r" to { exp4
}

expect: continuing expect

You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

Or you could modify the existing
f5login like
so.

I think you have to use the
carrot before the ()
to work. I haven't
checked this as I am at home and
not on a UNIX
system right now. Sorry
to lazy to check it out right
now. You might
want to uncomment the line
below 3. and comment out the
line below 2. and
see if that works. This
is the only point in the code
that I see it look
for login in any line.
If that doesn't work send me
back the debug and
I will see what I can
do. I am sure some people that
use expect more
often then I can probably
quickly tell you what to use as
syntax there.

# Figure out prompts
set u_prompt [find userprompt
$router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for
a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to read for
a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join
[lindex $u_prompt 0]
""]

Let me know if this works for
you.

-Lance

-------- Original
Message --------
Subject: Re: [rancid]
F5 load balancer
support
From: Sam Munzani
<***@comcast.net> <mailto:***@comcast.net>
<mailto:***@comcast.net>
<mailto:***@comcast.net>
Date: Fri, July 13, 2007
2:30 pm
To: Lance
<***@gheek.net> <mailto:***@gheek.net>
<mailto:***@gheek.net> <mailto:***@gheek.net>
Cc:
rancid-***@shrubbery.net

Lance,

F5 login works fine with
a minor error.

$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l
root test-f5-01
Password:
Last login: Fri Jul 13
14:26:28 2007
from 172.24.100.12
root
[***@test-f5-01:Active]
config # root
-bash: root: command not
found
[***@test-f5-01:Active]
config #
[***@test-f5-01:Active]
config #
[***@test-f5-01:Active]
config #

I don't know how to
debug otherwise I
would turn on debug too. If you
can provide some hints
on debug, I would
appreciate it.

Thanks,
Sam

What error(s) do you get
when you try to
run your f5rancid?

Where does it fail if
you debug your
f5login?

-lance

-------- Original
Message --------
Subject: [rancid] F5
load balancer
support
From: Sam Munzani
<***@comcast.net> <mailto:***@comcast.net>
<mailto:***@comcast.net>
<mailto:***@comcast.net>
Date: Fri, July 13, 2007
12:45 pm
To:
rancid-***@shrubbery.net

Hi,

Did anybody happened to
hack one of
Cisco scripts to support

BigIP F5

boxes? It should be
pretty simple. All I
want to do is login and

type "b

list" which is
equivalent of "show run"
on cisco.

However for some reason
things not
working. All I did was copied

clogin

to f5login, copied
rancid to f5rancid
and added following to

rancid-fe.

elsif ($vendor =~
/^f5$/i)
{ exec('f5rancid',

$router); }

Then modified f5 rancid
file and kept
only one command in list of
commands "b list".

For some reason its not
working. I can
post my configs here if

somebody

like to see them.

Thanks,
Sam

_______________________________________________
Rancid-discuss mailing
list

Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
_______________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Robin Mordasiewicz

2007-07-17 19:31:01 UTC

Post by Mike Ashcraft
It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.
This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a tech
out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly from
the command line on all devices [making it difficult to track down]. I
mention this because it may be an appropriate fix for other intermittent
problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.

I just installed the file and followed the instructions and it worked.
One thing you might want to add in the instructions is that the user must
edit the rancid-fe file to assiciate the device type with executing this
file, however if this becomes part of the main distribution then it will
just work.

--

Sam Munzani

2007-08-29 18:03:49 UTC

Team,

I am sorry to reopen this old thread but the question I have relates to
this old thread.
Attached 2 rancid login files work fine on newer F5 boxes. However on
old boxes, it prompts for "term type" at the ssh login. I need to insert
logic in the script to answer to this "term type" question. What's best
way to handle it?

Pass it as an argument like
f5login -t vt100 device-name

and then catch the variable and add necessary logic for the expect?

The interaction I am seeing is as below.
<< Some junk MOTB and Banner trimmed here >>
Terminal type? [xterm]

I just need to pass "vt100" at this prompt.

Thanks,
Sam

Post by Mike Ashcraft
I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort.
It sounds like Lance and Sam have put together a working f5rancid
with basic functionality which Sam posted last night. I have attached
my f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.
This version formats and processes the output to make it more
usable. As far as what is captured, I based this on the F5 equivalent
of a tech out. It grabs a copy of all the configuration files,
hardware configuration and software version as well as the timestamps
and file sizes for SSL certs hosted on the device. This facilitates
rebuilding from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly
from the command line on all devices [making it difficult to track
down]. I mention this because it may be an appropriate fix for other
intermittent problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.
Thanks,
Mike
------------------------------------------------------------------------
*Sent:* Monday, July 16, 2007 7:49 PM
*To:* Lance
*Subject:* Re: [rancid] Re: F5 load balancer support
Lance,
Thanks a lot for all your help. Pretty much you did all the work while
I watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some
basic functions(non platform specific) just in case we expand this
script to do a lot more than just "b list" output. In rancid-fe, we
defined a new device type "f5", f5login was copied from clogin and
remarked some "term length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are
not parsing anything at all. All its doing is basic function of
running "b list" command and capturing its output. As I expand more on
this, I will be sure to share with the audience here.
Again, thanks a lot for all your help today.
Regards,
Sam

Post by Lance
I have helped Sam get a working f5rancid which requires a f5login (only
because it doesn't recognize the prompt with a space and exit, unless
you enter a return before the exit). He is cleaning up all the unused
functions and will post it.
Once John H. sends out his script I will look at it and see how it
differs from the one I did with Sam. I will even help Sam get it working
for his setup. We will let you know when it is all working.
-lance

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-08-29 19:14:55 UTC

Sam,

What version is on your old boxes? 4.x? I don't know how well f5rancid
will work on BIG-IP 4.x as I do not have it to test.

That said, along with all disclaimers of fitness for any purpose or any
liability for anything that might happen, I gave it a quick attempt.

Here is a diff for f5login that you can test. This tries to send the
TERM type from your environment and defaults to vt100 if it is not set.
It replaces a chunk of Cisco related code that is not needed.

418,421c418,424
< -re "Enter Selection: " {
< # Catalyst 1900s have some lame menu.
Enter
< # K to reach a command-line.
< send "K\r"
---

-re "Terminal type\?" {
# v4.x asks for term type
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
} else {
send "vt100\r"
}

If that does not work, adjust the regex to match the actual prompt and
hardcode vt100 if necessary. If that fails, send a screen capture of
the normal login process and the results of an f5login for comparison.

Mike

________________________________

From: Sam Munzani [mailto:***@munzani.com]
Sent: Wednesday, August 29, 2007 11:50 AM
To: Mike Ashcraft
Cc: Lance; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support

Team,

I am sorry to reopen this old thread but the question I have relates to
this old thread.
Attached 2 rancid login files work fine on newer F5 boxes. However on
old boxes, it prompts for "term type" at the ssh login. I need to insert
logic in the script to answer to this "term type" question. What's best
way to handle it?

Pass it as an argument like
f5login -t vt100 device-name

and then catch the variable and add necessary logic for the expect?

Thanks,
Sam

I have been on vacation for the last couple of weeks or I would
have posted this sooner and possibly saved some of you a bit of effort.

It sounds like Lance and Sam have put together a working
f5rancid with basic functionality which Sam posted last night. I have
attached my f5rancid which I have been running for a few months.
Installation instructions are included as comments in the file. This
version uses clogin so that a separate f5login script is not required.

This version formats and processes the output to make it more
usable. As far as what is captured, I based this on the F5 equivalent
of a tech out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.

I was able to resolve the bug I mentioned yesterday by
increasing the clogin timeout. On a small number of devices it failed
to process the last few commands when running from cron but always
worked properly from the command line on all devices [making it
difficult to track down]. I mention this because it may be an
appropriate fix for other intermittent problems sometimes discussed on
this list.

Any feedback is appreciated. I hope to get f5 support added to
future releases of rancid.

Thanks,

Mike

________________________________

From: Sam Munzani [mailto:***@munzani.com]
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support

Lance,

Thanks a lot for all your help. Pretty much you did all the work
while I watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have left
some basic functions(non platform specific) just in case we expand this
script to do a lot more than just "b list" output. In rancid-fe, we
defined a new device type "f5", f5login was copied from clogin and
remarked some "term length" statements we don't need on F5.

All 3 files are attached and working great. Please be aware, we
are not parsing anything at all. All its doing is basic function of
running "b list" command and capturing its output. As I expand more on
this, I will be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam

I have helped Sam get a working f5rancid which requires
a f5login (only
because it doesn't recognize the prompt with a space and
exit, unless
you enter a return before the exit). He is cleaning up
all the unused
functions and will post it.

Once John H. sends out his script I will look at it and
see how it
differs from the one I did with Sam. I will even help
Sam get it working
for his setup. We will let you know when it is all
working.

-lance

-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
From: "Mike Ashcraft" <***@omniture.com>
<mailto:***@omniture.com>
Date: Mon, July 16, 2007 11:48 am
To: <***@munzani.com> <mailto:***@munzani.com>
Cc: rancid-***@shrubbery.net

Sam,

I have a working f5rancid that I have been using
for a number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than
that, it works great.

I did encounter and solve all the problems you
have been discussing on
the list.

Let me know if you are interested in trying what
I have. I have tested
it with Big-IP 9.1.2.

Mike

________________________________

From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On
Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: ***@comcast.net
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: F5 load balancer support

BTW, this is what I see in the log when I do
rancid-run now. That means
the f5rancid file(hacked copy of rancid) is
still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16
11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors
first!
ls: test-f5-01: No such file or directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam

David,

Thanks a lot for the tip. This worked
well. Now f5login goes
much more
cleaner and the "root" doesn't set sent
again. I still have
other issues
where rancid-run is backing up config
properly but I am still
troubleshooting it.

Now here is a question. What does
"bldshgalsjd" mean and how
does it do
this miracle?

Thanks,
Sam

Thanks for this tip, turns out
that this is also the
reason the
username gets entered at a
prompt on the cisco IPS
devices. Since it's
using SSH and therefore doesn't
need a username prompt,
solution was
to simply add in .cloginrc:

add userprompt ids* bldshgalsjd
(<- something that
won't get sent
during login)

Regards,

David

On 14/07/07, Lance
<***@gheek.net> <mailto:***@gheek.net>
<mailto:***@gheek.net>
<mailto:***@gheek.net> wrote:

Sam,

Have you tried using
telnet to login, if the f5
has it enabled.
You may also want to set
auto enable in your
.cloginrc for this device
as it looks to clogin as
you are already in a
cisco equivalent equal to
enable since your prompt
has a # sign in it.

Looking at your next
email along with this one
it looks like you are
already in a cisco
equivalent of enable after
you login. f5login seems
to be sending your
username of root as a command
after you get connected
because it sees this
line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it
matches on the word
"Login". See below.

"(Username|Login|login|user name):"? yes

expect: set
expect_out(0,string) "login:"

expect: set
expect_out(1,string) "login"

expect: set
expect_out(spawn_id) "exp4"

expect: set
expect_out(buffer) " \r\nLast
login:"

send: sending "root\r"
to { exp4 }

expect: continuing
expect

You are just using a
Cisco login/parsing script
so it expects prompts
from a Cisco device and
in this case you have a
*nix SSH banner that
gets interrupted. I know
you can use RANCID to
backup *nix systems. So
it knows how to
understand connecting to a *nix
system. You might want
to try this email thread
which asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

Or you could modify the
existing f5login like
so.

I think you have to use
the carrot before the ()
to work. I haven't
checked this as I am at
home and not on a UNIX
system right now. Sorry
to lazy to check it out
right now. You might
want to uncomment the line
below 3. and comment out
the line below 2. and
see if that works. This
is the only point in the
code that I see it look
for login in any line.
If that doesn't work
send me back the debug and
I will see what I can
do. I am sure some
people that use expect more
often then I can probably
quickly tell you what to
use as syntax there.

# Figure out prompts
set u_prompt [find
userprompt $router
if { "$u_prompt" == "" }
{
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to
read for a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to
read for a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt
[join [lindex $u_prompt 0]
""]

Let me know if this
works for you.

-Lance

--------
Original Message --------
Subject: Re:
[rancid] F5 load balancer
support
From: Sam
Munzani <***@comcast.net> <mailto:***@comcast.net>
<mailto:***@comcast.net>
<mailto:***@comcast.net>
Date: Fri, July
13, 2007 2:30 pm
To: Lance
<***@gheek.net> <mailto:***@gheek.net>
<mailto:***@gheek.net>
<mailto:***@gheek.net>
Cc:
rancid-***@shrubbery.net

Lance,

F5 login works
fine with a minor error.

$ f5login
test-f5-01
test-f5-01
spawn ssh -c
3des -x -l root test-f5-01
Password:
Last login: Fri
Jul 13 14:26:28 2007
from 172.24.100.12
root

[***@test-f5-01:Active] config # root
-bash: root:
command not found

[***@test-f5-01:Active] config #

[***@test-f5-01:Active] config #

[***@test-f5-01:Active] config #

I don't know how
to debug otherwise I
would turn on debug too. If you
can provide some
hints on debug, I would
appreciate it.

Thanks,
Sam

What error(s) do
you get when you try to
run your f5rancid?

Where does it
fail if you debug your
f5login?

-lance

--------
Original Message --------
Subject:
[rancid] F5 load balancer
support
From: Sam
Munzani <***@comcast.net> <mailto:***@comcast.net>
<mailto:***@comcast.net>
<mailto:***@comcast.net>
Date: Fri, July
13, 2007 12:45 pm
To:
rancid-***@shrubbery.net

Hi,

Did anybody
happened to hack one of
Cisco scripts to support

BigIP F5

boxes? It should
be pretty simple. All I
want to do is login and

type "b

list" which is
equivalent of "show run"
on cisco.

However for some
reason things not
working. All I did was copied

clogin

to f5login,
copied rancid to f5rancid
and added following to

rancid-fe.

elsif ($vendor
=~ /^f5$/i)
{ exec('f5rancid',

$router); }

Then modified f5
rancid file and kept
only one command in list of
commands "b
list".

For some reason
its not working. I can
post my configs here if

somebody

like to see
them.

Thanks,
Sam

_______________________________________________
Rancid-discuss
mailing list

Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing
list

Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
_______________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-08-29 21:06:21 UTC

Mike,

Yes. The code was 4.x. I ended up hard coding the term with vt100. The
look gave me an error for some reason. Below is the code I added below
Cat1900 code.
When I added following code, I got error.
-re "Terminal type\?" {
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
}
else {
send "vt100\r"
}
}
########## error output ########
Terminal type? [xterm] invalid command name "else"
while executing
"else {
send "vt100\r"
}"
invoked from within
"expect -nobrace -re {(Connection refused|Secure connection [^
]+ refused)} {
catch {close}; wait
if !$progs {
send_user "\nError: Connect..."
invoked from within
"expect {
-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
catch {close}; wait
if !$progs {
send_user "\nError: Connection..."
(procedure "login" line 73)
invoked from within
"login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype"
("foreach" body line 111)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
send_user "$router\n"

################################

So I hard coded to vt100 like below

-re "Terminal type\?" {
send "vt100\r"
}

and things are working fine.

Thanks,
Sam

Post by Mike Ashcraft
Sam,
What version is on your old boxes? 4.x? I don't know how well
f5rancid will work on BIG-IP 4.x as I do not have it to test.
That said, along with all disclaimers of fitness for any purpose or
any liability for anything that might happen, I gave it a quick attempt.
Here is a diff for f5login that you can test. This tries to send the
TERM type from your environment and defaults to vt100 if it is not
set. It replaces a chunk of Cisco related code that is not needed.
418,421c418,424
< -re "Enter Selection: " {
< # Catalyst 1900s have some lame
menu. Enter
< # K to reach a command-line.
< send "K\r"
---

-re "Terminal type\?" {
# v4.x asks for term type
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
} else {
send "vt100\r"
}

If that does not work, adjust the regex to match the actual prompt
and hardcode vt100 if necessary. If that fails, send a screen capture
of the normal login process and the results of an f5login for comparison.
Mike
------------------------------------------------------------------------
*Sent:* Wednesday, August 29, 2007 11:50 AM
*To:* Mike Ashcraft
*Subject:* Re: [rancid] Re: F5 load balancer support
Team,
I am sorry to reopen this old thread but the question I have relates
to this old thread.
Attached 2 rancid login files work fine on newer F5 boxes. However on
old boxes, it prompts for "term type" at the ssh login. I need to
insert logic in the script to answer to this "term type" question.
What's best way to handle it?
Pass it as an argument like
f5login -t vt100 device-name
and then catch the variable and add necessary logic for the expect?
Thanks,
Sam

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-08-29 21:32:43 UTC

Sam,

Glad you got it working.

Your problem was that you inserted my patch manually and accidentally
made a syntax error.

In expect, you can not start a line with else, it has to be:

} else {

If you have a chance to make this change and try it out, please let me
know.

Mike

________________________________

From: Sam Munzani [mailto:***@comcast.net]
Sent: Wednesday, August 29, 2007 3:06 PM
To: Mike Ashcraft
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support

Mike,

Yes. The code was 4.x. I ended up hard coding the term with vt100. The
look gave me an error for some reason. Below is the code I added below
Cat1900 code.
When I added following code, I got error.
-re "Terminal type\?" {
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
}
else {
send "vt100\r"
}
}
########## error output ########
Terminal type? [xterm] invalid command name "else"
while executing
"else {
send "vt100\r"
}"
invoked from within
"expect -nobrace -re {(Connection refused|Secure connection [^
]+ refused)} {
catch {close}; wait
if !$progs {
send_user "\nError: Connect..."
invoked from within
"expect {
-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
catch {close}; wait
if !$progs {
send_user "\nError: Connection..."
(procedure "login" line 73)
invoked from within
"login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype"
("foreach" body line 111)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
send_user "$router\n"

################################

So I hard coded to vt100 like below

-re "Terminal type\?" {
send "vt100\r"
}

and things are working fine.

Thanks,
Sam

Sam,

What version is on your old boxes? 4.x? I don't know how well
f5rancid will work on BIG-IP 4.x as I do not have it to test.

That said, along with all disclaimers of fitness for any purpose
or any liability for anything that might happen, I gave it a quick
attempt.

Here is a diff for f5login that you can test. This tries to
send the TERM type from your environment and defaults to vt100 if it is
not set. It replaces a chunk of Cisco related code that is not needed.

418,421c418,424
< -re "Enter Selection: " {
< # Catalyst 1900s have some
lame menu. Enter
< # K to reach a command-line.
< send "K\r"
---

-re "Terminal type\?" {
# v4.x asks for term type
if {[info exists env(TERM)]}

{

send "$env(TERM)\r"
} else {
send "vt100\r"
}

If that does not work, adjust the regex to match the actual
prompt and hardcode vt100 if necessary. If that fails, send a screen
capture of the normal login process and the results of an f5login for
comparison.

Mike

________________________________

From: Sam Munzani [mailto:***@munzani.com]
Sent: Wednesday, August 29, 2007 11:50 AM
To: Mike Ashcraft
Cc: Lance; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support

Team,

I am sorry to reopen this old thread but the question I have
relates to this old thread.
Attached 2 rancid login files work fine on newer F5 boxes.
However on old boxes, it prompts for "term type" at the ssh login. I
need to insert logic in the script to answer to this "term type"
question. What's best way to handle it?

Pass it as an argument like
f5login -t vt100 device-name

and then catch the variable and add necessary logic for the
expect?

Thanks,
Sam

I have been on vacation for the last couple of weeks or
I would have posted this sooner and possibly saved some of you a bit of
effort.

It sounds like Lance and Sam have put together a working
f5rancid with basic functionality which Sam posted last night. I have
attached my f5rancid which I have been running for a few months.
Installation instructions are included as comments in the file. This
version uses clogin so that a separate f5login script is not required.

This version formats and processes the output to make it
more usable. As far as what is captured, I based this on the F5
equivalent of a tech out. It grabs a copy of all the configuration
files, hardware configuration and software version as well as the
timestamps and file sizes for SSL certs hosted on the device. This
facilitates rebuilding from scratch as quickly as possible if this is
ever needed.

I was able to resolve the bug I mentioned yesterday by
increasing the clogin timeout. On a small number of devices it failed
to process the last few commands when running from cron but always
worked properly from the command line on all devices [making it
difficult to track down]. I mention this because it may be an
appropriate fix for other intermittent problems sometimes discussed on
this list.

Any feedback is appreciated. I hope to get f5 support
added to future releases of rancid.

Thanks,

Mike

________________________________

From: Sam Munzani [mailto:***@munzani.com]
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Cc: Mike Ashcraft; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 load balancer support

Lance,

Thanks a lot for all your help. Pretty much you did all
the work while I watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have
left some basic functions(non platform specific) just in case we expand
this script to do a lot more than just "b list" output. In rancid-fe, we
defined a new device type "f5", f5login was copied from clogin and
remarked some "term length" statements we don't need on F5.

All 3 files are attached and working great. Please be
aware, we are not parsing anything at all. All its doing is basic
function of running "b list" command and capturing its output. As I
expand more on this, I will be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam

I have helped Sam get a working f5rancid which
requires a f5login (only
because it doesn't recognize the prompt with a
space and exit, unless
you enter a return before the exit). He is
cleaning up all the unused
functions and will post it.

Once John H. sends out his script I will look at
it and see how it
differs from the one I did with Sam. I will even
help Sam get it working
for his setup. We will let you know when it is
all working.

-lance

-------- Original Message --------
Subject: [rancid] Re: F5 load balancer
support
From: "Mike Ashcraft"
<***@omniture.com> <mailto:***@omniture.com>
Date: Mon, July 16, 2007 11:48 am
To: <***@munzani.com>
<mailto:***@munzani.com>
Cc: rancid-***@shrubbery.net

Sam,

I have a working f5rancid that I have
been using for a number of months
now. I have one minor bug related to
tracking installed SSL certs
which you probably don't care about.
Other than that, it works great.

I did encounter and solve all the
problems you have been discussing on
the list.

Let me know if you are interested in
trying what I have. I have tested
it with Big-IP 9.1.2.

Mike

________________________________

From:
rancid-discuss-***@shrubbery.net

[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
To: ***@comcast.net
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: F5 load balancer
support

BTW, this is what I see in the log when
I do rancid-run now. That means
the f5rancid file(hacked copy of rancid)
is still missing something.

more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul
16 11:48:42 CDT 2007

Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found

cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above
errors first!
ls: test-f5-01: No such file or
directory

ending: Mon Jul 16 11:49:41 CDT 2007

Thanks,
Sam

David,

Thanks a lot for the tip. This
worked well. Now f5login goes
much more
cleaner and the "root" doesn't
set sent again. I still have
other issues
where rancid-run is backing up
config properly but I am still
troubleshooting it.

Now here is a question. What
does "bldshgalsjd" mean and how
does it do
this miracle?

Thanks,
Sam

Thanks for this tip,
turns out that this is also the
reason the
username gets entered at
a prompt on the cisco IPS
devices. Since it's
using SSH and therefore
doesn't need a username prompt,
solution was
to simply add in
.cloginrc:

add userprompt ids*
bldshgalsjd (<- something that
won't get sent
during login)

Regards,

David

On 14/07/07, Lance
<***@gheek.net> <mailto:***@gheek.net>
<mailto:***@gheek.net>
<mailto:***@gheek.net> wrote:

Sam,

Have you tried
using telnet to login, if the f5
has it enabled.
You may also
want to set auto enable in your
.cloginrc for this device
as it looks to
clogin as you are already in a
cisco equivalent equal to
enable since
your prompt has a # sign in it.

Looking at your
next email along with this one
it looks like you are
already in a
cisco equivalent of enable after
you login. f5login seems
to be sending
your username of root as a command
after you get connected
because it sees
this line "Last login: Fri Jul
13 14:38:03 2007 from
172.24.100.12"
and it matches on the word
"Login". See below.

"(Username|Login|login|user name):"? yes

expect: set
expect_out(0,string) "login:"

expect: set
expect_out(1,string) "login"

expect: set
expect_out(spawn_id) "exp4"

expect: set
expect_out(buffer) " \r\nLast
login:"

send: sending
"root\r" to { exp4 }

expect:
continuing expect

You are just
using a Cisco login/parsing script
so it expects prompts
from a Cisco
device and in this case you have a
*nix SSH banner that
gets
interrupted. I know you can use RANCID to
backup *nix systems. So
it knows how to
understand connecting to a *nix
system. You might want
to try this
email thread which asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>

Or you could
modify the existing f5login like
so.

I think you have
to use the carrot before the ()
to work. I haven't
checked this as
I am at home and not on a UNIX
system right now. Sorry
to lazy to check
it out right now. You might
want to uncomment the line
below 3. and
comment out the line below 2. and
see if that works. This
is the only
point in the code that I see it look
for login in any line.
If that doesn't
work send me back the debug and
I will see what I can
do. I am sure
some people that use expect more
often then I can probably
quickly tell you
what to use as syntax there.

# Figure out
prompts
set u_prompt
[find userprompt $router
if { "$u_prompt"
== "" } {
#1.
ORIGINAL
#set
u_prompt
"^(Username|Login|login|user name):"
#2.
Modified to read for a line beginning
with

Username,Login,login, or
user name.
set
u_prompt "^(Username|Login|login|user
name):"
#3.
Modified to read for a line beginning
with Login or login.
but I
may be wrong
#set
u_prompt
"^(Username|^Login|^login|user name):"
} else {
set
u_prompt [join [lindex $u_prompt 0]
""]

Let me know if
this works for you.

-Lance

--------
Original Message --------
Subject:
Re: [rancid] F5 load balancer
support
From:
Sam Munzani <***@comcast.net> <mailto:***@comcast.net>
<mailto:***@comcast.net>
<mailto:***@comcast.net>
Date:
Fri, July 13, 2007 2:30 pm
To:
Lance <***@gheek.net> <mailto:***@gheek.net>
<mailto:***@gheek.net>
<mailto:***@gheek.net>
Cc:
rancid-***@shrubbery.net

Lance,

F5 login
works fine with a minor error.

$
f5login test-f5-01

test-f5-01
spawn
ssh -c 3des -x -l root test-f5-01

Password:
Last
login: Fri Jul 13 14:26:28 2007
from 172.24.100.12
root

[***@test-f5-01:Active] config # root
-bash:
root: command not found

[***@test-f5-01:Active] config #

[***@test-f5-01:Active] config #

[***@test-f5-01:Active] config #

I don't
know how to debug otherwise I
would turn on debug too. If you
can
provide some hints on debug, I would
appreciate it.

Thanks,
Sam

What
error(s) do you get when you try to
run your f5rancid?

Where
does it fail if you debug your
f5login?

-lance

--------
Original Message --------
Subject:
[rancid] F5 load balancer
support
From:
Sam Munzani <***@comcast.net> <mailto:***@comcast.net>
<mailto:***@comcast.net>
<mailto:***@comcast.net>
Date:
Fri, July 13, 2007 12:45 pm
To:
rancid-***@shrubbery.net

Hi,

Did
anybody happened to hack one of
Cisco scripts to support

BigIP F5

boxes?
It should be pretty simple. All I
want to do is login and

type "b

list"
which is equivalent of "show run"
on cisco.

However
for some reason things not
working. All I did was copied

clogin

to
f5login, copied rancid to f5rancid
and added following to

rancid-fe.

elsif
($vendor =~ /^f5$/i)
{ exec('f5rancid',

$router); }

Then
modified f5 rancid file and kept
only one command in list of
commands
"b list".

For some
reason its not working. I can
post my configs here if

somebody

like to
see them.

Thanks,
Sam

_______________________________________________

Rancid-discuss mailing list

Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss
mailing list

Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
_______________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

________________________________

_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-08-29 21:45:58 UTC

Mike,

You are absolutely correct. My manual typing and ignoring expect syntax
rules had issues. This time I cut-pasted your code and it worked fine.

Thanks a lot,
Sam

Post by Mike Ashcraft
Sam,
Glad you got it working.
Your problem was that you inserted my patch manually and accidentally
made a syntax error.
} else {
If you have a chance to make this change and try it out, please let me
know.
Mike
------------------------------------------------------------------------
*Sent:* Wednesday, August 29, 2007 3:06 PM
*To:* Mike Ashcraft
*Subject:* Re: [rancid] Re: F5 load balancer support
Mike,
Yes. The code was 4.x. I ended up hard coding the term with vt100. The
look gave me an error for some reason. Below is the code I added below
Cat1900 code.
When I added following code, I got error.
-re "Terminal type\?" {
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
}
else {
send "vt100\r"
}
}
########## error output ########
Terminal type? [xterm] invalid command name "else"
while executing
"else {
send "vt100\r"
}"
invoked from within
"expect -nobrace -re {(Connection refused|Secure connection [^
]+ refused)} {
catch {close}; wait
if !$progs {
send_user "\nError: Connect..."
invoked from within
"expect {
-re "(Connection refused|Secure connection \[^\n\r]+ refused)" {
catch {close}; wait
if !$progs {
send_user "\nError: Connection..."
(procedure "login" line 73)
invoked from within
"login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype"
("foreach" body line 111)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
send_user "$router\n"
################################
So I hard coded to vt100 like below
-re "Terminal type\?" {
send "vt100\r"
}
and things are working fine.
Thanks,
Sam

Post by Mike Ashcraft
Sam,
What version is on your old boxes? 4.x? I don't know how well
f5rancid will work on BIG-IP 4.x as I do not have it to test.
That said, along with all disclaimers of fitness for any purpose or
any liability for anything that might happen, I gave it a
quick attempt.
Here is a diff for f5login that you can test. This tries to send the
TERM type from your environment and defaults to vt100 if it is not
set. It replaces a chunk of Cisco related code that is not needed.
418,421c418,424
< -re "Enter Selection: " {
< # Catalyst 1900s have some lame
menu. Enter
< # K to reach a command-line.
< send "K\r"
---

-re "Terminal type\?" {
# v4.x asks for term type
if {[info exists env(TERM)]} {
send "$env(TERM)\r"
} else {
send "vt100\r"
}

If that does not work, adjust the regex to match the actual prompt
and hardcode vt100 if necessary. If that fails, send a screen
capture of the normal login process and the results of an f5login for
comparison.
Mike
------------------------------------------------------------------------
*Sent:* Wednesday, August 29, 2007 11:50 AM
*To:* Mike Ashcraft
*Subject:* Re: [rancid] Re: F5 load balancer support
Team,
I am sorry to reopen this old thread but the question I have relates
to this old thread.
Attached 2 rancid login files work fine on newer F5 boxes. However on
old boxes, it prompts for "term type" at the ssh login. I need to
insert logic in the script to answer to this "term type" question.
What's best way to handle it?
Pass it as an argument like
f5login -t vt100 device-name
and then catch the variable and add necessary logic for the expect?
Thanks,
Sam

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-08-29 17:50:20 UTC

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-07-17 01:49:03 UTC

Lance,

Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..

Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.

All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.

Again, thanks a lot for all your help today.

Regards,
Sam

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Lance

2007-07-17 18:00:25 UTC

Mike,

Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".

-Lance

-------- Original Message --------
Subject: RE: [rancid] Re: F5 load balancer support
Date: Tue, July 17, 2007 10:49 am
I have been on vacation for the last couple of weeks or I would have
posted this sooner and possibly saved some of you a bit of effort.
It sounds like Lance and Sam have put together a working f5rancid with
basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version uses
clogin so that a separate f5login script is not required.
This version formats and processes the output to make it more usable.
As far as what is captured, I based this on the F5 equivalent of a tech
out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly from
the command line on all devices [making it difficult to track down]. I
mention this because it may be an appropriate fix for other intermittent
problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.
Thanks,
Mike
________________________________
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Subject: Re: [rancid] Re: F5 load balancer support
Lance,
Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.
Again, thanks a lot for all your help today.
Regards,
Sam
I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.
Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.
-lance
-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 11:48 am
Sam,
I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.
I did encounter and solve all the problems you have been
discussing on
the list.
Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.
Mike
________________________________
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)
Regards,
David
Sam,
Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.
Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.
"(Username|Login|login|user
name):"? yes
expect: set expect_out(0,string)
"login:"
expect: set expect_out(1,string)
"login"
expect: set expect_out(spawn_id)
"exp4"
expect: set expect_out(buffer) "
\r\nLast
login:"
send: sending "root\r" to { exp4
}
expect: continuing expect
You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.
"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml"
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht
ml>
Or you could modify the existing
f5login like
so.
I think you have to use the
carrot before the ()
to work. I haven't
checked this as I am at home and
not on a UNIX
system right now. Sorry
to lazy to check it out right
now. You might
want to uncomment the line
below 3. and comment out the
line below 2. and
see if that works. This
is the only point in the code
that I see it look
for login in any line.
If that doesn't work send me
back the debug and
I will see what I can
do. I am sure some people that
use expect more
often then I can probably
quickly tell you what to use as
syntax there.
# Figure out prompts
set u_prompt [find userprompt
$router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for
a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to read for
a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join
[lindex $u_prompt 0]
""]
Let me know if this works for
you.
-Lance
-------- Original
Message --------
Subject: Re: [rancid]
F5 load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007
2:30 pm
To: Lance
Lance,
F5 login works fine with
a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l
root test-f5-01
Last login: Fri Jul 13
14:26:28 2007
from 172.24.100.12
root
config # root
-bash: root: command not
found
config #
config #
config #
I don't know how to
debug otherwise I
would turn on debug too. If you
can provide some hints
on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get
when you try to
run your f5rancid?
Where does it fail if
you debug your
f5login?
-lance
-------- Original
Message --------
Subject: [rancid] F5
load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007
12:45 pm
Hi,
Did anybody happened to
hack one of
Cisco scripts to support
BigIP F5
boxes? It should be
pretty simple. All I
want to do is login and
type "b
list" which is
equivalent of "show run"
on cisco.
However for some reason
things not
working. All I did was copied
clogin
to f5login, copied
rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~
/^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid
file and kept
only one command in list of
commands "b list".
For some reason its not
working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing
list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________
_______________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Mike Ashcraft

2007-07-17 19:35:22 UTC

Lance,

Thanks for the feedback.

"b list" and "cat bigip.conf" are equivalent with the exception that b
list may reflect changes made in the cli that are not saved and will be
lost on reboot. Changes made using the web configuration tool are
automatically saved. "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights. This
file has the software configuration.

The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.

One could debate whether the f5rancid script should get the saved
configuration files or the running config or both. For cisco devices,
rancid obtains both. I'll look at adding both.

Mike

-----Original Message-----
From: Lance [mailto:***@gheek.net]
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Cc: rancid-***@shrubbery.net; ***@munzani.com
Subject: RE: [rancid] Re: F5 load balancer support

Mike,

Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".

-Lance

mention this because it may be an appropriate fix for other

intermittent

problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to future
releases of rancid.
Thanks,
Mike
________________________________
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Subject: Re: [rancid] Re: F5 load balancer support
Lance,
Thanks a lot for all your help. Pretty much you did all the work while I
watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some basic
functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a new
device type "f5", f5login was copied from clogin and remarked some "term
length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are not
parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I will
be sure to share with the audience here.
Again, thanks a lot for all your help today.
Regards,
Sam
I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.
Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.
-lance
-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 11:48 am
Sam,
I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.
I did encounter and solve all the problems you have been
discussing on
the list.
Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.
Mike
________________________________
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)
Regards,
David
Sam,
Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.
Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.
"(Username|Login|login|user
name):"? yes
expect: set expect_out(0,string)
"login:"
expect: set expect_out(1,string)
"login"
expect: set expect_out(spawn_id)
"exp4"
expect: set expect_out(buffer) "
\r\nLast
login:"
send: sending "root\r" to { exp4
}
expect: continuing expect
You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml"

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>
Or you could modify the existing
f5login like
so.
I think you have to use the
carrot before the ()
to work. I haven't
checked this as I am at home and
not on a UNIX
system right now. Sorry
to lazy to check it out right
now. You might
want to uncomment the line
below 3. and comment out the
line below 2. and
see if that works. This
is the only point in the code
that I see it look
for login in any line.
If that doesn't work send me
back the debug and
I will see what I can
do. I am sure some people that
use expect more
often then I can probably
quickly tell you what to use as
syntax there.
# Figure out prompts
set u_prompt [find userprompt
$router
if { "$u_prompt" == "" } {
#1. ORIGINAL
#set u_prompt
"^(Username|Login|login|user name):"
#2. Modified to read for
a line beginning
with
Username,Login,login, or
user name.
set u_prompt
"^(Username|Login|login|user
name):"
#3. Modified to read for
a line beginning
with Login or login.
but I
may be wrong
#set u_prompt
"^(Username|^Login|^login|user name):"
} else {
set u_prompt [join
[lindex $u_prompt 0]
""]
Let me know if this works for
you.
-Lance
-------- Original
Message --------
Subject: Re: [rancid]
F5 load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007
2:30 pm
To: Lance
Lance,
F5 login works fine with
a minor error.
$ f5login test-f5-01
test-f5-01
spawn ssh -c 3des -x -l
root test-f5-01
Last login: Fri Jul 13
14:26:28 2007
from 172.24.100.12
root
config # root
-bash: root: command not
found
config #
config #
config #
I don't know how to
debug otherwise I
would turn on debug too. If you
can provide some hints
on debug, I would
appreciate it.
Thanks,
Sam
What error(s) do you get
when you try to
run your f5rancid?
Where does it fail if
you debug your
f5login?
-lance
-------- Original
Message --------
Subject: [rancid] F5
load balancer
support
From: Sam Munzani
Date: Fri, July 13, 2007
12:45 pm
Hi,
Did anybody happened to
hack one of
Cisco scripts to support
BigIP F5
boxes? It should be
pretty simple. All I
want to do is login and
type "b
list" which is
equivalent of "show run"
on cisco.
However for some reason
things not
working. All I did was copied
clogin
to f5login, copied
rancid to f5rancid
and added following to
rancid-fe.
elsif ($vendor =~
/^f5$/i)
{ exec('f5rancid',
$router); }
Then modified f5 rancid
file and kept
only one command in list of
commands "b list".
For some reason its not
working. I can
post my configs here if
somebody
like to see them.
Thanks,
Sam
_______________________________________________
Rancid-discuss mailing
list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________

_______________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sam Munzani

2007-07-17 19:59:35 UTC

Mike,

I am curious how did you get around using clogin without any changes.
Lance and I ran in to "term length" command issue. clogin was trying to
run that command on f5 which set errors and F5 never declared it a clean
run until we remarked out "term length" line. That's why we thought
having a separate f5login was good idea to filter out cisco specific
login routines :-)

BTW, your script is working great and I have started using it. Your
script do a little more than "b list" I had. Specially "cat
bigip_base.conf" which is needed to rebuild the box.

Thanks,
Sam

Post by Sam Munzani
Lance,
Thanks for the feedback.
"b list" and "cat bigip.conf" are equivalent with the exception that b
list may reflect changes made in the cli that are not saved and will be
lost on reboot. Changes made using the web configuration tool are
automatically saved. "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights. This
file has the software configuration.
The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.
One could debate whether the f5rancid script should get the saved
configuration files or the running config or both. For cisco devices,
rancid obtains both. I'll look at adding both.
Mike
-----Original Message-----
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Subject: RE: [rancid] Re: F5 load balancer support
Mike,
Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".
-Lance

tech

out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates rebuilding
from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly

from

the command line on all devices [making it difficult to track down].

mention this because it may be an appropriate fix for other

intermittent

watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some

basic

functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a

new

device type "f5", f5login was copied from clogin and remarked some

"term

length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are

not

parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I

will

be sure to share with the audience here.
Again, thanks a lot for all your help today.
Regards,
Sam
I have helped Sam get a working f5rancid which requires a
f5login (only
because it doesn't recognize the prompt with a space and exit,
unless
you enter a return before the exit). He is cleaning up all the
unused
functions and will post it.
Once John H. sends out his script I will look at it and see how
it
differs from the one I did with Sam. I will even help Sam get it
working
for his setup. We will let you know when it is all working.
-lance
-------- Original Message --------
Subject: [rancid] Re: F5 load balancer support
Date: Mon, July 16, 2007 11:48 am
Sam,
I have a working f5rancid that I have been using for a
number of months
now. I have one minor bug related to tracking
installed SSL certs
which you probably don't care about. Other than that,
it works great.
I did encounter and solve all the problems you have been
discussing on
the list.
Let me know if you are interested in trying what I have.
I have tested
it with Big-IP 9.1.2.
Mike
________________________________
Of Sam Munzani
Sent: Monday, July 16, 2007 10:58 AM
Subject: [rancid] Re: F5 load balancer support
BTW, this is what I see in the log when I do rancid-run
now. That means
the f5rancid file(hacked copy of rancid) is still
missing something.
more nfl.20070716.114842
starting: Mon Jul 16 11:48:42 CDT 2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
nfl.20070716.114842 71%starting: Mon Jul 16 11:48:42 CDT
2007
Trying to get all of the configs.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 1.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 2.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 3.
test-f5-01: End of run not found
-bash: write: command not found
=====================================
Getting missed routers: round 4.
test-f5-01: End of run not found
-bash: write: command not found
cvs diff: Diffing .
cvs diff: Diffing configs
cvs diff: cannot find configs/test-f5-01
cvs commit: Examining .
cvs commit: Examining configs
cvs commit: Up-to-date check failed for
`configs/test-f5-01'
cvs [commit aborted]: correct above errors first!
ls: test-f5-01: No such file or directory
ending: Mon Jul 16 11:49:41 CDT 2007
Thanks,
Sam
David,
Thanks a lot for the tip. This worked well. Now
f5login goes
much more
cleaner and the "root" doesn't set sent again. I
still have
other issues
where rancid-run is backing up config properly
but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd"
mean and how
does it do
this miracle?
Thanks,
Sam
Thanks for this tip, turns out that this
is also the
reason the
username gets entered at a prompt on the
cisco IPS
devices. Since it's
using SSH and therefore doesn't need a
username prompt,
solution was
add userprompt ids* bldshgalsjd (<-
something that
won't get sent
during login)
Regards,
David
Sam,
Have you tried using telnet to
login, if the f5
has it enabled.
You may also want to set auto
enable in your
.cloginrc for this device
as it looks to clogin as you are
already in a
cisco equivalent equal to
enable since your prompt has a #
sign in it.
Looking at your next email along
with this one
it looks like you are
already in a cisco equivalent of
enable after
you login. f5login seems
to be sending your username of
root as a command
after you get connected
because it sees this line "Last
login: Fri Jul
13 14:38:03 2007 from
172.24.100.12" and it matches on
the word
"Login". See below.
"(Username|Login|login|user
name):"? yes
expect: set expect_out(0,string)
"login:"
expect: set expect_out(1,string)
"login"
expect: set expect_out(spawn_id)
"exp4"
expect: set expect_out(buffer) "
\r\nLast
login:"
send: sending "root\r" to { exp4
}
expect: continuing expect
You are just using a Cisco
login/parsing script
so it expects prompts
from a Cisco device and in this
case you have a
*nix SSH banner that
gets interrupted. I know you can
use RANCID to
backup *nix systems. So
it knows how to understand
connecting to a *nix
system. You might want
to try this email thread which
asks about
backing up Linux conifgs.

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml"

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Lance

2007-07-17 21:34:46 UTC

Mike,

I would also like to bring up a few other things.

1.) If you are using the default clogin file you are going to have term
length and term width commands executed. They will not do anything but
they will show up as commands that would be attempted to run. So it
would be best to have a separate f5login script/modified clogin so it
has a clean login.

2.) You don't seem to check if you have reached end of file and have run
clean. You seem to just blindly set these values, which removes the
whole purpose they are there. It would be better to read the whole
output similar to how the cssrancid script is done or the f5rancid
script done.

Other than thsoe I think your script is nice. I am sure it can be
expanded on like a lot of the stuff but lets get some product that has
all the checking, and prompt detection between each command and then
lets look at adding it to the distribution. Obviously John H. and
company has the final say on that one.

-lance

-------- Original Message --------
Subject: RE: [rancid] Re: F5 load balancer support
Date: Tue, July 17, 2007 12:35 pm
Lance,
Thanks for the feedback.
"b list" and "cat bigip.conf" are equivalent with the exception that b
list may reflect changes made in the cli that are not saved and will be
lost on reboot. Changes made using the web configuration tool are
automatically saved. "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights. This
file has the software configuration.
The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.
One could debate whether the f5rancid script should get the saved
configuration files or the running config or both. For cisco devices,
rancid obtains both. I'll look at adding both.
Mike
-----Original Message-----
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Subject: RE: [rancid] Re: F5 load balancer support
Mike,
Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".
-Lance

tech

from

the command line on all devices [making it difficult to track down].

mention this because it may be an appropriate fix for other

intermittent

watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some

basic

functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a

new

device type "f5", f5login was copied from clogin and remarked some

"term

length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are

not

parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I

will

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml"

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________

Mike Ashcraft

2007-07-17 22:55:19 UTC

Lance,

I welcome a separate f5login, but when I asked about it back in
February, Andrew Partan recommended using clogin if I could get it to
work. Since I already had it working with clogin at that point, I
didn't want to tackle re-writing clogin for the f5 if I didn't need to.
The f5login you put together works with minimal changes to f5rancid. It
also fixes some emulation problems when using clogin to obtain a shell
on the f5. While these did not impact f5rancid, it does improve the
overall functionality. Thanks!

The check for prompt, the end of file and clean run is all there. This
also answers Sam's question about how I was able to use clogin. When I
was trying to figure out why I was not getting a clean run, I found that
the standard rancid looks for a regex match to /[>#]\s?exit$/ to detect
a clean run. Looking at the data coming back from clogin, I was not
seeing anything to match this from the f5 so I replaced it with
/\s?logout$/ to match what I was seeing from the F5 at the end of a
clean run.

Mike

-----Original Message-----
From: Lance [mailto:***@gheek.net]
Sent: Tuesday, July 17, 2007 3:35 PM
To: Mike Ashcraft
Cc: rancid-***@shrubbery.net; ***@munzani.com
Subject: RE: [rancid] Re: F5 load balancer support

Mike,

I would also like to bring up a few other things.

1.) If you are using the default clogin file you are going to have term
length and term width commands executed. They will not do anything but
they will show up as commands that would be attempted to run. So it
would be best to have a separate f5login script/modified clogin so it
has a clean login.

2.) You don't seem to check if you have reached end of file and have run
clean. You seem to just blindly set these values, which removes the
whole purpose they are there. It would be better to read the whole
output similar to how the cssrancid script is done or the f5rancid
script done.

Other than thsoe I think your script is nice. I am sure it can be
expanded on like a lot of the stuff but lets get some product that has
all the checking, and prompt detection between each command and then
lets look at adding it to the distribution. Obviously John H. and
company has the final say on that one.

-lance

This

file has the software configuration.
The other file, bigip_base.conf contains interface configuration,
management IP addresses, routing, VLANs etc.
One could debate whether the f5rancid script should get the saved
configuration files or the running config or both. For cisco devices,
rancid obtains both. I'll look at adding both.
Mike
-----Original Message-----
Sent: Tuesday, July 17, 2007 12:00 PM
To: Mike Ashcraft
Subject: RE: [rancid] Re: F5 load balancer support
Mike,
Looks really nice. I am guessing the bigip.conf or the other file is
what is displayed with "b list".
-Lance

tech

out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and file
sizes for SSL certs hosted on the device. This facilitates

rebuilding

from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing the
clogin timeout. On a small number of devices it failed to process the
last few commands when running from cron but always worked properly

from

the command line on all devices [making it difficult to track down].

mention this because it may be an appropriate fix for other

intermittent

watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some

basic

functions(non platform specific) just in case we expand this script to
do a lot more than just "b list" output. In rancid-fe, we defined a

new

device type "f5", f5login was copied from clogin and remarked some

"term

length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are

not

parsing anything at all. All its doing is basic function of running "b
list" command and capturing its output. As I expand more on this, I

will

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml"

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________

Lance

2007-07-18 00:03:13 UTC

Mike,

Interesting comment about the logout/exit portion. The f5login I created
from slightly modifying the clogin basically had expect send an
additional \r before it issued exit\r. So it looks like so send
"\rexit\r". That made it get another line and then when it saw the # in
the prompt followed by a space and then exit it worked just fine.
Interesting you got yours to work with logout. Hehe.

In any regard nicely done and I am sure what we have is nice and all but
I know John has his own copy...I thought I remember him saying. I would
think he has it a lot like the cisco one, catching particulars and
exclaiming them at the top of the file. I may be wrong, but none the
less between the 3 version I think there should be no reason why we
can't have it added to the next alpha release. :-D

John can you pass out your version and let us know if it will make the
next alpha release?

-Lance

-------- Original Message --------
Subject: RE: [rancid] Re: F5 load balancer support
Date: Tue, July 17, 2007 3:55 pm
Lance,
I welcome a separate f5login, but when I asked about it back in
February, Andrew Partan recommended using clogin if I could get it to
work. Since I already had it working with clogin at that point, I
didn't want to tackle re-writing clogin for the f5 if I didn't need to.
The f5login you put together works with minimal changes to f5rancid. It
also fixes some emulation problems when using clogin to obtain a shell
on the f5. While these did not impact f5rancid, it does improve the
overall functionality. Thanks!
The check for prompt, the end of file and clean run is all there. This
also answers Sam's question about how I was able to use clogin. When I
was trying to figure out why I was not getting a clean run, I found that
the standard rancid looks for a regex match to /[>#]\s?exit$/ to detect
a clean run. Looking at the data coming back from clogin, I was not
seeing anything to match this from the f5 so I replaced it with
/\s?logout$/ to match what I was seeing from the F5 at the end of a
clean run.
Mike
-----Original Message-----
Sent: Tuesday, July 17, 2007 3:35 PM
To: Mike Ashcraft
Subject: RE: [rancid] Re: F5 load balancer support
Mike,
I would also like to bring up a few other things.
1.) If you are using the default clogin file you are going to have term
length and term width commands executed. They will not do anything but
they will show up as commands that would be attempted to run. So it
would be best to have a separate f5login script/modified clogin so it
has a clean login.
2.) You don't seem to check if you have reached end of file and have run
clean. You seem to just blindly set these values, which removes the
whole purpose they are there. It would be better to read the whole
output similar to how the cssrancid script is done or the f5rancid
script done.
Other than thsoe I think your script is nice. I am sure it can be
expanded on like a lot of the stuff but lets get some product that has
all the checking, and prompt detection between each command and then
lets look at adding it to the distribution. Obviously John H. and
company has the final say on that one.
-lance

lost on reboot. Changes made using the web configuration tool are
automatically saved. "b list" may also limit what the rancid user can
see to a partial view if the user is not given sufficient rights.

This

with

basic functionality which Sam posted last night. I have attached my
f5rancid which I have been running for a few months. Installation
instructions are included as comments in the file. This version

uses

clogin so that a separate f5login script is not required.
This version formats and processes the output to make it more

usable.

As far as what is captured, I based this on the F5 equivalent of a

tech

out. It grabs a copy of all the configuration files, hardware
configuration and software version as well as the timestamps and

file

sizes for SSL certs hosted on the device. This facilitates

rebuilding

from scratch as quickly as possible if this is ever needed.
I was able to resolve the bug I mentioned yesterday by increasing

the

clogin timeout. On a small number of devices it failed to process

the

last few commands when running from cron but always worked properly

from

the command line on all devices [making it difficult to track down].

mention this because it may be an appropriate fix for other

intermittent

problems sometimes discussed on this list.
Any feedback is appreciated. I hope to get f5 support added to

future

releases of rancid.
Thanks,
Mike
________________________________
Sent: Monday, July 16, 2007 7:49 PM
To: Lance
Subject: Re: [rancid] Re: F5 load balancer support
Lance,
Thanks a lot for all your help. Pretty much you did all the work

while

watched what you are doing :-)..
Attached are cleaned up files. In f5rancid file, I have left some

basic

functions(non platform specific) just in case we expand this script

do a lot more than just "b list" output. In rancid-fe, we defined a

new

device type "f5", f5login was copied from clogin and remarked some

"term

length" statements we don't need on F5.
All 3 files are attached and working great. Please be aware, we are

not

parsing anything at all. All its doing is basic function of running

list" command and capturing its output. As I expand more on this, I

will

"http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml"

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

ml>

<http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.ht

http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss<hr>________

Russell Harrison

2007-08-31 19:29:39 UTC