Discussion:
[rancid] clogin adding 'exit' command?
Howard Jones
2018-05-03 16:05:27 UTC
Permalink
I'm updating an old F5 loadbalancer script to work with BIG-IP 13.1 -
it seems that since the last time I needed to use it, F5 have changed
to starting users in tmsh instead of bash, so the command list needed
to be tweaked. That's all fine but...

What I end up with is the following clogin command-line:

clogin -t 90 -c "modify cli preference pager disabled
display-threshold 0;show /sys version;show /sys hardware;show /sys
license;show /net route static;list all-properties recursive" lb01

which does everything I need, but then sits at the final prompt
repeatedly type 'exit':

rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#exit
Use "quit" to end the current session
rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# exit
Use "quit" to end the current session

Where is this 'exit' coming from? Can it be altered?

If I add 'quit' to the end of my command list, then instead it
complains EOF received and none of the commands are matched:

rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# quit
Connection to lb01 closed.

Error: EOF received

Do I need to dig into the expect code to deal with this?

Thanks for any pointers (or to a modern f5rancid)...

Howie
heasley
2018-05-03 16:38:26 UTC
Permalink
Post by Howard Jones
I'm updating an old F5 loadbalancer script to work with BIG-IP 13.1 -
it seems that since the last time I needed to use it, F5 have changed
to starting users in tmsh instead of bash, so the command list needed
to be tweaked. That's all fine but...
if you run rancid 3.6 (or better 3.7) there are two device types for f5;
f5 and bigip (for >=11.0).
Post by Howard Jones
clogin -t 90 -c "modify cli preference pager disabled
display-threshold 0;show /sys version;show /sys hardware;show /sys
license;show /net route static;list all-properties recursive" lb01
which does everything I need, but then sits at the final prompt
Use "quit" to end the current session
Use "quit" to end the current session
Where is this 'exit' coming from? Can it be altered?
If I add 'quit' to the end of my command list, then instead it
Connection to lb01 closed.
Error: EOF received
Do I need to dig into the expect code to deal with this?
the expect it using exit to logout. Does this work

Index: bin/clogin.in
===================================================================
--- bin/clogin.in (revision 3786)
+++ bin/clogin.in (working copy)
@@ -440,6 +440,11 @@
send -h "exit\r"
exp_continue;
}
+ -re "^\[^\n\r *]*Use .quit. to end" {
+ # the F5 >=11 uses quit
+ send -h "quit\r"
+ exp_continue;
+ }
"The system has unsaved changes" { # Force10 SFTOS
if {$do_saveconfig} {
catch {send "y\r"}
Post by Howard Jones
Thanks for any pointers (or to a modern f5rancid)...
Howie
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Howard Jones
2018-05-03 17:39:55 UTC
Permalink
Aha, thanks! That's much neater than my bodge (make an f5login and
remove the conditional for send quit/exit).

For anyone else, heasley's clogin patch above, plus this new type got me going:

bigip13;script;rancid -t bigip13
bigip13;login;clogin
bigip13;module;bigip
bigip13;inloop;bigip::inloop
bigip13;command;rancid::RunCommand;modify cli preference pager
disabled display-threshold 0
bigip13;command;bigip::ShowVersion;show sys version
bigip13;command;bigip::ShowHardware;show sys hardware
bigip13;command;bigip::ShowLicense;show sys license
bigip13;command;bigip::ShowRouteStatic;show /net route static
bigip13;command;bigip::WriteTerm;list all-properties recursive
heasley
2018-05-04 18:50:17 UTC
Permalink
Post by Howard Jones
Aha, thanks! That's much neater than my bodge (make an f5login and
remove the conditional for send quit/exit).
great. i'll commit it if i dont find any issues with it locally.
Post by Howard Jones
bigip13;script;rancid -t bigip13
bigip13;login;clogin
bigip13;module;bigip
bigip13;inloop;bigip::inloop
bigip13;command;rancid::RunCommand;modify cli preference pager
disabled display-threshold 0
bigip13;command;bigip::ShowVersion;show sys version
bigip13;command;bigip::ShowHardware;show sys hardware
bigip13;command;bigip::ShowLicense;show sys license
bigip13;command;bigip::ShowRouteStatic;show /net route static
bigip13;command;bigip::WriteTerm;list all-properties recursive
Howard Jones
2018-05-04 18:52:28 UTC
Permalink
Post by Howard Jones
Aha, thanks! That's much neater than my bodge (make an f5login and
remove the conditional for send quit/exit).
bigip13;script;rancid -t bigip13
bigip13;login;clogin
bigip13;module;bigip
bigip13;inloop;bigip::inloop
bigip13;command;rancid::RunCommand;modify cli preference pager disabled display-threshold 0
bigip13;command;bigip::ShowVersion;show sys version
bigip13;command;bigip::ShowHardware;show sys hardware
bigip13;command;bigip::ShowLicense;show sys license
bigip13;command;bigip::ShowRouteStatic;show /net route static
bigip13;command;bigip::WriteTerm;list all-properties recursive
I've just noticed that although if I run `rancid-run -r lb01` I get a
successful collection, I don't get one during a normal hourly run
(rancid-run with no params)

lb01: missed cmd(s): all commands
lb01: End of run not found

(and also its buddy lb02) Both cases running as the same `rancid`
user, which owns the files, so it doesn't appear to be permissions
related. Every other device is running smoothly.

Is there some way to either keep the .new file or increase logging
from rancid-run (like rancid -d)?
heasley
2018-05-04 22:01:24 UTC
Permalink
Post by Howard Jones
Post by Howard Jones
Aha, thanks! That's much neater than my bodge (make an f5login and
remove the conditional for send quit/exit).
bigip13;script;rancid -t bigip13
bigip13;login;clogin
bigip13;module;bigip
bigip13;inloop;bigip::inloop
bigip13;command;rancid::RunCommand;modify cli preference pager disabled display-threshold 0
bigip13;command;bigip::ShowVersion;show sys version
bigip13;command;bigip::ShowHardware;show sys hardware
bigip13;command;bigip::ShowLicense;show sys license
bigip13;command;bigip::ShowRouteStatic;show /net route static
bigip13;command;bigip::WriteTerm;list all-properties recursive
I've just noticed that although if I run `rancid-run -r lb01` I get a
successful collection, I don't get one during a normal hourly run
(rancid-run with no params)
lb01: missed cmd(s): all commands
lb01: End of run not found
(and also its buddy lb02) Both cases running as the same `rancid`
user, which owns the files, so it doesn't appear to be permissions
related. Every other device is running smoothly.
Is there some way to either keep the .new file or increase logging
from rancid-run (like rancid -d)?
no; I've needed this in the past, but I wanted to keep the .raw.

perhaps first try just a cronjob.
. etc/rancid.conf; export NOPIPE=YES; rancid -d -t bigip13 host
Howard Jones
2018-08-23 11:32:38 UTC
Permalink
Reaping a thread, but I think I finally got this fixed now. The
bigip.pm overrides TERM with "vt100", always. The prompt is so long
(70 chars on my test box!) that the command scrolls within its line
(although without ^H), so the cmds_regexp never matches. Changing the
TERM line to "screen-w" in bigip.pm resolves it.
Definitely something funky going on. The .raw file left behind from
cron is different from the one if I run the same in a subshell.
The front 9 or so characters of commands are chopped off, which would
explain why I get "missed all commands".
Also, it's trying to send Cisco terminal commands, although those are
just ignored, so probably not the immediate issue.
I checked with hexdump, and there don't seem to be lots of ^H or
anything like that redrawing the prompt. Although, for those terminal
terminal ^Hwidth 132^M
but not in the non-cron version. Nothing else like that further on.
In the output below, ssh-no-pubkey is a one-liner shellscript to avoid
Cisco Nexus complaining about too many authentication fails, when
ssh -o PubkeyAuthentication=no $*
exec ssh -o PubkeyAuthentication=no $*
I just checked and from a normal command line, the F5 doesn't scroll
the command horizontally or anything strange.
Any ideas where I can look next? If it was telnet, I'd capture the
traffic, but it doesn't look like wireshark will do much with the
encrypted part of SSH captures.
Howard
probably the most likely cause is that its assuming the client will
have a terminal (TERM) type and it makes further assumptions when it
doesnt. But, it looks like bigip IS setting the term to vt100. Can
you trying setting your interactive TERM to vt100 to see if that
reproduces it?
Else, it might need other tty intrinsics; so, perhaps try hlogin with
it, but it will need that 'quit' patch.
is f5 supporting NETCONF?
executing clogin -t 90 -c"modify cli preference pager disabled
display-threshold 0;show sys version;show sys hardware;show sys
license;show /net route static;list all-properties recursive" lb01
lb01
spawn /opt/rancid/local/ssh-no-pubkey -c aes192-ctr -x -l rancidconfbackup lb01
Last login: Tue May 8 12:40:30 2018 from 192.168.0.27^M
terminal length 0
Syntax Error: unexpected argument "terminal"
terminal width 132
Syntax Error: unexpected argument "terminal"
preference pager disabled display-threshold 0
heasley
2018-08-25 22:42:59 UTC
Permalink
Post by Howard Jones
Reaping a thread, but I think I finally got this fixed now. The
bigip.pm overrides TERM with "vt100", always. The prompt is so long
(70 chars on my test box!) that the command scrolls within its line
(although without ^H), so the cmds_regexp never matches. Changing the
TERM line to "screen-w" in bigip.pm resolves it.
what version are you running? the TERM was changed to vt100-w in rancid
3.3.
Post by Howard Jones
Definitely something funky going on. The .raw file left behind from
cron is different from the one if I run the same in a subshell.
The front 9 or so characters of commands are chopped off, which would
explain why I get "missed all commands".
Also, it's trying to send Cisco terminal commands, although those are
just ignored, so probably not the immediate issue.
I checked with hexdump, and there don't seem to be lots of ^H or
anything like that redrawing the prompt. Although, for those terminal
terminal ^Hwidth 132^M
but not in the non-cron version. Nothing else like that further on.
In the output below, ssh-no-pubkey is a one-liner shellscript to avoid
Cisco Nexus complaining about too many authentication fails, when
ssh -o PubkeyAuthentication=no $*
exec ssh -o PubkeyAuthentication=no $*
I just checked and from a normal command line, the F5 doesn't scroll
the command horizontally or anything strange.
Any ideas where I can look next? If it was telnet, I'd capture the
traffic, but it doesn't look like wireshark will do much with the
encrypted part of SSH captures.
Howard
probably the most likely cause is that its assuming the client will
have a terminal (TERM) type and it makes further assumptions when it
doesnt. But, it looks like bigip IS setting the term to vt100. Can
you trying setting your interactive TERM to vt100 to see if that
reproduces it?
Else, it might need other tty intrinsics; so, perhaps try hlogin with
it, but it will need that 'quit' patch.
is f5 supporting NETCONF?
executing clogin -t 90 -c"modify cli preference pager disabled
display-threshold 0;show sys version;show sys hardware;show sys
license;show /net route static;list all-properties recursive" lb01
lb01
spawn /opt/rancid/local/ssh-no-pubkey -c aes192-ctr -x -l rancidconfbackup lb01
Last login: Tue May 8 12:40:30 2018 from 192.168.0.27^M
terminal length 0
Syntax Error: unexpected argument "terminal"
terminal width 132
Syntax Error: unexpected argument "terminal"
preference pager disabled display-threshold 0
Howard Jones
2018-08-26 08:36:54 UTC
Permalink
Post by heasley
Post by Howard Jones
Reaping a thread, but I think I finally got this fixed now. The
bigip.pm overrides TERM with "vt100", always. The prompt is so long
(70 chars on my test box!) that the command scrolls within its line
(although without ^H), so the cmds_regexp never matches. Changing the
TERM line to "screen-w" in bigip.pm resolves it.
what version are you running? the TERM was changed to vt100-w in rancid
3.3.
Huh, that’s odd. I’m running 3.6.
heasley
2018-08-26 19:47:15 UTC
Permalink
Post by heasley
Post by Howard Jones
Reaping a thread, but I think I finally got this fixed now. The
bigip.pm overrides TERM with "vt100", always. The prompt is so long
(70 chars on my test box!) that the command scrolls within its line
(although without ^H), so the cmds_regexp never matches. Changing the
TERM line to "screen-w" in bigip.pm resolves it.
what version are you running? the TERM was changed to vt100-w in rancid
3.3.
Huh, that’s odd. I’m running 3.6.
Not sure what to tell you; might be a bug between the keyboard and chair.
Can you try a fresh 3.8?
Howard Jones
2018-08-28 10:21:04 UTC
Permalink
Post by heasley
Post by heasley
what version are you running? the TERM was changed to vt100-w in rancid
3.3.
Huh, that’s odd. I’m running 3.6.
Not sure what to tell you; might be a bug between the keyboard and chair.
Can you try a fresh 3.8?
But which keyboard and chair? ;-)

I just downloaded a fresh 3.8 and this is what bigip.pm says:

# load-time initialization
sub import {
# force a terminal type so as not to confuse the POS
$ENV{'TERM'} = "vt100";

0;
}

f5rancid has vt100-w, but as far as I can see, neither the bigip or
bigip13 device type actually uses that anymore. (script is set to
"rancid -t bigip"). It looks like it's used the module since 3.5 - I
guess that change didn't make the transition?
heasley
2018-08-28 13:48:24 UTC
Permalink
Post by Howard Jones
Post by heasley
Post by heasley
what version are you running? the TERM was changed to vt100-w in rancid
3.3.
Huh, that’s odd. I’m running 3.6.
Not sure what to tell you; might be a bug between the keyboard and chair.
Can you try a fresh 3.8?
But which keyboard and chair? ;-)
right!
Post by Howard Jones
# load-time initialization
sub import {
# force a terminal type so as not to confuse the POS
$ENV{'TERM'} = "vt100";
0;
}
f5rancid has vt100-w, but as far as I can see, neither the bigip or
bigip13 device type actually uses that anymore. (script is set to
"rancid -t bigip"). It looks like it's used the module since 3.5 - I
guess that change didn't make the transition?
ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?
Howard Jones
2018-08-28 15:58:54 UTC
Permalink
Post by heasley
ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?
No, vt100-w doesn't work with bigip13:

Warning, can't fully initialize terminal, TERM is set to
"vt100-w", status (0)
No entry for terminal type "vt100-w";
heasley
2018-08-28 17:37:50 UTC
Permalink
Post by Howard Jones
Post by heasley
ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?
Warning, can't fully initialize terminal, TERM is set to
"vt100-w", status (0)
No entry for terminal type "vt100-w";
grumble. One last bit; could you test clogin from ranicd 3.8 without altering
TERM?
Howard Jones
2018-08-28 20:43:08 UTC
Permalink
My 3.6 installation has a bunch of local tweaks (to control_rancid),
so I can't upgrade without a bit of planning.
However, I just installed 3.8 alongside 3.6 (different user, different
dir) and with no changes, I get:

lb02.dc1: missed cmd(s): modify cli preference pager disabled
display-threshold 0

but the quit detection part seems to work OK.

However, changing the TERM to screen-w in bigip.pm *doesn't* resolve
that missed cmd.
So the plot thickens.

I'll investigate a bit more tomorrow.
Post by heasley
Post by Howard Jones
Post by heasley
ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?
Warning, can't fully initialize terminal, TERM is set to
"vt100-w", status (0)
No entry for terminal type "vt100-w";
grumble. One last bit; could you test clogin from ranicd 3.8 without altering
TERM?
heasley
2018-08-28 22:21:41 UTC
Permalink
Post by Howard Jones
My 3.6 installation has a bunch of local tweaks (to control_rancid),
so I can't upgrade without a bit of planning.
However, I just installed 3.8 alongside 3.6 (different user, different
lb02.dc1: missed cmd(s): modify cli preference pager disabled
display-threshold 0
but the quit detection part seems to work OK.
However, changing the TERM to screen-w in bigip.pm *doesn't* resolve
that missed cmd.
clogin in 3.8 has code to set tty parameters; width. i was hoping that
would fix the problem. if you're sure you're using the 3.8 clogin, then
apparently it doesnt fix it.
Post by Howard Jones
So the plot thickens.
I'll investigate a bit more tomorrow.
Post by heasley
Post by Howard Jones
Post by heasley
ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?
Warning, can't fully initialize terminal, TERM is set to
"vt100-w", status (0)
No entry for terminal type "vt100-w";
grumble. One last bit; could you test clogin from ranicd 3.8 without altering
TERM?
Loading...