Jon Peatfield
2011-06-13 21:58:33 UTC
I originally thought that this might be a config error on my part but
currently for me with rancid 2.3.6 I can happily run:
clogin -c 'some-command' router1
or
clogin -c 'some-command' router2
but not:
clogin -c 'some-command' router1 router2
(or router1 router1 for that matter)
When I try I get an error from the tcl about autoenable not being a
variable. Here is an example failure:
$ clogin -c 'who' bl23-12.private bl23-13.private
bl23-12.private
spawn telnet bl23-12.private
Trying 10.16.0.124...
Connected to bl23-12.private.
Escape character is '^]'.
User Access Verification
Username: cisco
Password:
bl23-12>enable
Password:
bl23-12#
bl23-12#terminal length 0
bl23-12#who
Line User Host(s) Idle Location
* 1 vty 0 cisco idle 00:00:00 <SNIP>
Interface User Mode Idle Peer
Address
bl23-12#exit
Connection closed by foreign host.
bl23-13.private
can't read "autoenable": no such variable
while executing
"if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2
} {
send_user -- "\nError: no enable password for $router in
$password_file...."
("foreach" body line 28)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/usr/bin/clogin" line 743)
it always fails on the second host, so it isn't just that the config for
the second router is wrong. Adding an explicit 'add autoenable ... {0}'
does not seem to help...
On our HP procurve devices we do use autoenable (defined in the .cloginrc)
and for those hlogin works as expected... In fact apart from some errors
from the 'no-page' command I can use hlogin -c '...' against multiple
cisco devices without getting similar errors (at least for trivial
commands).
Looking at the (unpatched I hope) clogin.in file from the 2.3.6 tar I see
that at about line 770 is the offending code:
...
if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
send_user -- "\nError: no enable password for $router in $password_file.\n"
continue
}
...
but I can't see anything which ever sets autoenable in this file... What
really puzzled me is that the error only happens on the second router...
A bit of debugging shows that on the first loop $enable is 0 so it never
tests beyond it - even though it will be about to use enable, and when it
finds a > prompt it sets enable to 1 so the next time round the test check
$do_enapasswd (true) and $autoenable (no defined) and we get an error.
So a little further up (about line 742 - the top of the loop) we have:
...
set enable 0
foreach router [lrange $argv $i end] {
set router [string tolower $router]
...
Changing that to:
...
foreach router [lrange $argv $i end] {
set enable 0
set router [string tolower $router]
...
so that enable is initially set to 0 for each router, appears to cure the
problem for me, but it may have unexpected side effects and surely
$autoenable isn't the right thing to be testing is it?
Maybe this test is left over from an earlier version of the code. I note
that in hlogin.in the loop over the routers is quite different and does
set autologin for each device in the loop.
At the moment I can just use a shell script to loop over each device and
so avoid listing multiple hosts on the clogin command, but I was very
surprised by it not doing what I expected - since I'd used an almost
identical command with hlogin a few days earlier.
currently for me with rancid 2.3.6 I can happily run:
clogin -c 'some-command' router1
or
clogin -c 'some-command' router2
but not:
clogin -c 'some-command' router1 router2
(or router1 router1 for that matter)
When I try I get an error from the tcl about autoenable not being a
variable. Here is an example failure:
$ clogin -c 'who' bl23-12.private bl23-13.private
bl23-12.private
spawn telnet bl23-12.private
Trying 10.16.0.124...
Connected to bl23-12.private.
Escape character is '^]'.
User Access Verification
Username: cisco
Password:
bl23-12>enable
Password:
bl23-12#
bl23-12#terminal length 0
bl23-12#who
Line User Host(s) Idle Location
* 1 vty 0 cisco idle 00:00:00 <SNIP>
Interface User Mode Idle Peer
Address
bl23-12#exit
Connection closed by foreign host.
bl23-13.private
can't read "autoenable": no such variable
while executing
"if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2
} {
send_user -- "\nError: no enable password for $router in
$password_file...."
("foreach" body line 28)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/usr/bin/clogin" line 743)
it always fails on the second host, so it isn't just that the config for
the second router is wrong. Adding an explicit 'add autoenable ... {0}'
does not seem to help...
On our HP procurve devices we do use autoenable (defined in the .cloginrc)
and for those hlogin works as expected... In fact apart from some errors
from the 'no-page' command I can use hlogin -c '...' against multiple
cisco devices without getting similar errors (at least for trivial
commands).
Looking at the (unpatched I hope) clogin.in file from the 2.3.6 tar I see
that at about line 770 is the offending code:
...
if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
send_user -- "\nError: no enable password for $router in $password_file.\n"
continue
}
...
but I can't see anything which ever sets autoenable in this file... What
really puzzled me is that the error only happens on the second router...
A bit of debugging shows that on the first loop $enable is 0 so it never
tests beyond it - even though it will be about to use enable, and when it
finds a > prompt it sets enable to 1 so the next time round the test check
$do_enapasswd (true) and $autoenable (no defined) and we get an error.
So a little further up (about line 742 - the top of the loop) we have:
...
set enable 0
foreach router [lrange $argv $i end] {
set router [string tolower $router]
...
Changing that to:
...
foreach router [lrange $argv $i end] {
set enable 0
set router [string tolower $router]
...
so that enable is initially set to 0 for each router, appears to cure the
problem for me, but it may have unexpected side effects and surely
$autoenable isn't the right thing to be testing is it?
Maybe this test is left over from an earlier version of the code. I note
that in hlogin.in the loop over the routers is quite different and does
set autologin for each device in the loop.
At the moment I can just use a shell script to loop over each device and
so avoid listing multiple hosts on the clogin command, but I was very
surprised by it not doing what I expected - since I'd used an almost
identical command with hlogin a few days earlier.
--
/--------------------------------------------------------------------\
| "Computers are different from telephones. Computers do not ring." |
| -- A. Tanenbaum, "Computer Networks", p. 32 |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge |
| Mail: ***@damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/
/--------------------------------------------------------------------\
| "Computers are different from telephones. Computers do not ring." |
| -- A. Tanenbaum, "Computer Networks", p. 32 |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge |
| Mail: ***@damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/