[rancid] Not working rancid with Cisco without enable.

Post by Aleksey P
Hello. I can't understand why rancid didn't work with Cisco Routers
(Switches) without enable password!?
OS - FreeBSD
/usr/local/libexec/rancid]# vi /usr/local/etc/rancid/.cloginrc
# THIS IS FOR CISCO
add noenable 172.16.2.2 1
#add autoenable 172.16.2.2 1
add user 172.16.2.2 username
add password 172.16.2.2 password
add method 172.16.2.2 ssh
Trying /usr/local/libexec/rancid/clogin -t 90 -c"show configuration"
172.16.2.2
All work just fine - no enable promt - show configuration - that is all we
/usr/local/libexec/rancid/clogin -t 90 -c"show configuration" 172.16.2.2
172.16.2.2
spawn ssh -c 3des -x -l username 172.16.2.2
Router>
Router>terminal length 0
Router>>show configuration
...
here we see our config
...
end
Router>exit
Connection to 172.16.2.2 closed.

it may be the command before this that failed. in general, for it to
runn all the commands, it needs enable. try
export NOPIPE=YES
rancid -d 172.16.2.2
172.16.2.2.raw will have the output from the device and .new the crunched
output.

Post by Aleksey P
Trying to get all of the configs.
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
!
=====================================
Getting missed routers: round 1.
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
I can't understand why it works like this.
Help me if u can :)
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Aleksey P

2010-06-11 08:45:53 UTC

Hello.
In my rancid file i delete all commands, except "show configuration". This
work fine with Juniper switches (becouse they don't have enable mode and
have '>' in command line (i think)).

I did as you say:
In racid.conf i have:
NOPIPE=YES; export NOPIPE

Then i did:

]# /usr/local/libexec/rancid/rancid -d 172.16.2.2
executing /usr/local/libexec/rancid/clogin -t 90 -c"show configuration"
172.16.2.2
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
172.16.2.2: End of run not found
!
]# cat /usr/local/libexec/rancid/172.16.2.2.new
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.

john heasley

2010-06-11 16:48:38 UTC

Post by Aleksey P
Hello.
In my rancid file i delete all commands, except "show configuration". This
work fine with Juniper switches (becouse they don't have enable mode and

it must have show version.

Post by Aleksey P
have '>' in command line (i think)).

the rancid script shouldnt care about which prompt it shows, but in
general, enable mode is required.

Post by Aleksey P
NOPIPE=YES; export NOPIPE
]# /usr/local/libexec/rancid/rancid -d 172.16.2.2
executing /usr/local/libexec/rancid/clogin -t 90 -c"show configuration"
172.16.2.2
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
172.16.2.2: End of run not found
!
]# cat /usr/local/libexec/rancid/172.16.2.2.new
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.

and what is in the 172.16.2.2.raw file?

Aleksey P

2010-06-15 06:38:11 UTC

Hello.

Post by Aleksey P
]# cat /usr/local/libexec/rancid/172.16.2.2.new

Post by Aleksey P
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.

and what is in the 172.16.2.2.raw file?

Nothing, that's all - only one line " !RANCID-CONTENT-TYPE: cisco" and
that's all.

Post by john heasley
it must have show version.

I am not sure i understand you right. In rancid file i must use 'show
version'?

Post by john heasley
the rancid script shouldnt care about which prompt it shows, but in
general, enable mode is required.

But in theory - can rancid work with Cisco device w/o 'enable'?

Per-Olof Olsson

2010-06-15 10:39:21 UTC

Post by Aleksey P
Hello.

Post by Aleksey P
]# cat /usr/local/libexec/rancid/172.16.2.2.new
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.

and what is in the 172.16.2.2.raw file?

Nothing, that's all - only one line " !RANCID-CONTENT-TYPE: cisco" and
that's all.

Post by john heasley
it must have show version.

I am not sure i understand you right. In rancid file i must use 'show
version'?

Post by john heasley
the rancid script shouldnt care about which prompt it shows, but in
general, enable mode is required.

But in theory - can rancid work with Cisco device w/o 'enable'?

Yes.

In .clogin set
add autoenable <hostname> 1

Run ok for HP direct login to manager level and cisco nexus switches
that don't have enabler level.
(nexus use nxrancid and clogin scripts/program)

/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8660
----------------------------------------------------------

john heasley

2010-06-15 18:20:39 UTC

Post by Aleksey P
Hello.

Post by Aleksey P
]# cat /usr/local/libexec/rancid/172.16.2.2.new

Post by Aleksey P
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.

and what is in the 172.16.2.2.raw file?

Nothing, that's all - only one line " !RANCID-CONTENT-TYPE: cisco" and
that's all.

thats 172.16.2.2.new, not 172.16.2.2.raw.

Post by john heasley
it must have show version.

I am not sure i understand you right. In rancid file i must use 'show
version'?

yes, it must include show version since its used in writeterm, at least
for some platforms.

Post by john heasley
the rancid script shouldnt care about which prompt it shows, but in
general, enable mode is required.

But in theory - can rancid work with Cisco device w/o 'enable'?

some commands require higher privledges. if you eliminate those that
do, then it'd work.

Aleksey P

2010-06-16 07:50:44 UTC

Hello.

Post by john heasley
thats 172.16.2.2.new, not 172.16.2.2.raw.

Sorry, my fault.

When i run rancid-run - file 172.16.2.2.raw created for very short time and
then deleted.
But I was able to see what in it:

tail -F /usr/local/var/rancid/TEST/configs/172.16.2.2.raw
*172.16.2.2
spawn ssh -c 3des -x -l username 172.16.2.2
**username**@172.16.2.2's password:

C2960-USR-1>
C2960-USR-1>terminal length 0
C2960-USR-1>show version
Cisco IOS Software, C2960 Software *
and so on...
than i see 'show configuration' command and all config.
That all walks four times and than file 172.16.2.2.raw somehow disappear.

But in logs i see:
*Trying to get all of the configs.
172.16.2.2: missed cmd(s): show configuration,show version
172.16.2.2: End of run not found
!
=====================================
Getting missed routers: round 1.
172.16.2.2: missed cmd(s): show configuration,show version
172.16.2.2: End of run not found*

and no any normal config file :(

Per-Olof Olsson

2010-06-19 08:18:20 UTC

Post by Aleksey P
Hello.

Post by Aleksey P
]# cat /usr/local/libexec/rancid/172.16.2.2.new

Post by Aleksey P
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.

and what is in the 172.16.2.2.raw file?

Nothing, that's all - only one line " !RANCID-CONTENT-TYPE: cisco" and
that's all.

thats 172.16.2.2.new, not 172.16.2.2.raw.

Post by john heasley
it must have show version.

I am not sure i understand you right. In rancid file i must use 'show
version'?

yes, it must include show version since its used in writeterm, at least
for some platforms.

Post by john heasley
the rancid script shouldnt care about which prompt it shows, but in
general, enable mode is required.

But in theory - can rancid work with Cisco device w/o 'enable'?

some commands require higher privledges. if you eliminate those that
do, then it'd work.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Sorry but it will not work to use rancid for unpriv level, and ">"-prompt.

After some try to grab all open information in unpriv mode from cisco
switches, there have to be some changes to fix a working script.

I add a new switch type/script where I replase all "return(-1)" abort on
"authorization failed" to "retrun(1)" continue on "authorization
failed". See included diff for rancid to rancid_noen

Add -noenabler to clogin command to not have to change in my running
.cloginrc settings

To run cisco rancid script in unpriv mode, there must be some code
update to find >-prompt and to match commands (cmds_regexp) with

Post by john heasley
-prompt. Today rancid script only match for #-prompt.

Notice that "show running-config" in nopriv gives error text
"% Invalid input detected at '^' marker."
and you have to set "found_end" before exit "write terminal" parsing
else you will not get a clean run.

If I don't have access to "show running" there is left one
extra line "more system:running-config" in output.
Can't understand to remove that extra line from my rancid_noen just now.

If I run my rancid_noen vs. rancid using full priv there is no diffs in
outputs to switch files.

/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------

john heasley

2010-06-19 18:05:25 UTC

Post by Per-Olof Olsson
To run cisco rancid script in unpriv mode, there must be some code
update to find >-prompt and to match commands (cmds_regexp) with

Post by john heasley
-prompt. Today rancid script only match for #-prompt.

that is not right; it accepts either on.

Post by Per-Olof Olsson
If I don't have access to "show running" there is left one
extra line "more system:running-config" in output.
Can't understand to remove that extra line from my rancid_noen just now.

thats for the pix.

john heasley

2010-06-22 23:11:08 UTC

Post by Per-Olof Olsson
To run cisco rancid script in unpriv mode, there must be some code
update to find >-prompt and to match commands (cmds_regexp) with

Post by john heasley
-prompt. Today rancid script only match for #-prompt.

that is not right; it accepts either on.

Sorry, Per-Olof; you are correct. I was looking at a local change. I'll
include this '>' prompt handling change with 2.3.4.

Aleksey P

2010-06-25 07:27:12 UTC