[rancid] Cisco IOS versus Cisco PIX and term width 80

Discussion:

Jason Ellison

2009-02-06 06:15:20 UTC

List,

I have a problem with Cisco c1841 formating the screen differently.

!VLAN: VLAN Name Status Ports
!VLAN: ---- -------------------------------- ---------
-------------------------------
!VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2
!VLAN: Fa0/0/3

versus

!VLAN: VLAN Name Status Ports
!VLAN: ---- -------------------------------- ---------
-------------------------------
!VLAN: 1 default active Fa0/0/0,
Fa0/0/1, Fa0/0/2, Fa0/0/3

adding "term width 80" after "term len 0" in clogin seems to fix
this... but this seems to
break the PIX. Should I create a new class... for the PIX or maybe do
some hostname
matching. Are others having this same issue?

-Jason Ellison

Jethro R Binks

2009-02-06 10:00:09 UTC

Permalink

Post by Jason Ellison
I have a problem with Cisco c1841 formating the screen differently.
!VLAN: VLAN Name Status Ports
!VLAN: ---- -------------------------------- ---------
-------------------------------
!VLAN: 1 default active Fa0/0/0, Fa0/0/1, Fa0/0/2
!VLAN: Fa0/0/3
versus
!VLAN: VLAN Name Status Ports
!VLAN: ---- -------------------------------- ---------
-------------------------------
!VLAN: 1 default active Fa0/0/0,
Fa0/0/1, Fa0/0/2, Fa0/0/3
adding "term width 80" after "term len 0" in clogin seems to fix this...
but this seems to break the PIX. Should I create a new class... for the
PIX or maybe do some hostname matching. Are others having this same
issue?

"term width 80" certainly isn't a valid command for the PIX, however in
what way does it "break" it? All I get if I add that is:

asa1# term width 0
^
ERROR: % Invalid input detected at '^' marker.

which is duly ignored.

I think it would be useful if rancid had a clue earlier on what sort of
device it is going to be talking to, so it could modify its behaviour
(particularly in clogin) accordingly. I have often pondered about
expanding the information per device in router.db. A hint could be placed
in there (for example, to distinguish the common case of a traditional IOS
box vs. the PIX, which has become more similar over time but is still
somewhat different in some respects).

It may be preferable to do this, rather than write a whole new
*rancid/*login for a device which is substantially very similar to an
existing one, which helps avoid duplication and divergence.

Jethro.

--
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK

john heasley

2009-02-06 23:27:41 UTC

Permalink

Post by Jethro R Binks

I presume that you added it incorrectly.

But, this does bring us back to the question of whether this command,
or term width 132 or term width 0, break any of the devices that clogin
supports.

Maybe PIX does not have this command, which is one case, but for the
cases where the device does support the command, such as a catalyst,
does it break or act erradically? I do not have catalysts to test,
nor PIX or ASA, etc.

I've asked before, has anyone with catalysts or others tried this
change to clogin?

Post by Jethro R Binks
"term width 80" certainly isn't a valid command for the PIX, however in
asa1# term width 0
^
ERROR: % Invalid input detected at '^' marker.
which is duly ignored.
I think it would be useful if rancid had a clue earlier on what sort of
device it is going to be talking to, so it could modify its behaviour
(particularly in clogin) accordingly. I have often pondered about
expanding the information per device in router.db. A hint could be placed
in there (for example, to distinguish the common case of a traditional IOS
box vs. the PIX, which has become more similar over time but is still
somewhat different in some respects).
It may be preferable to do this, rather than write a whole new
*rancid/*login for a device which is substantially very similar to an
existing one, which helps avoid duplication and divergence.
Jethro.
--
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Jason Ellison

2009-02-07 22:45:52 UTC

Permalink

Post by john heasley

Post by Jethro R Binks

I presume that you added it incorrectly.
But, this does bring us back to the question of whether this command,
or term width 132 or term width 0, break any of the devices that clogin
supports.
Maybe PIX does not have this command, which is one case, but for the
cases where the device does support the command, such as a catalyst,
does it break or act erradically? I do not have catalysts to test,
nor PIX or ASA, etc.
I've asked before, has anyone with catalysts or others tried this
change to clogin?

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

About the modification breaking my pix monitoring...

Here is my modification to clogin

***@monitor:/usr/local/rancid# diff -uN
/usr/local/src/rancid-2.3.2a9/bin/clogin bin/clogin
--- /usr/local/src/rancid-2.3.2a9/bin/clogin 2009-02-03
18:19:46.000000000 -0600
+++ bin/clogin 2009-02-07 15:24:16.000000000 -0600
@@ -610,6 +610,7 @@
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ send "terminal width 80\r"
}
# escape any parens in the prompt, such as "(enable)"
regsub -all {[)(]} $prompt {\\&} reprompt
@@ -875,6 +876,7 @@
send "set logging session disable\r"
} else {
send "terminal length 0\r"
+ send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile

TCP stream of rancid connecting to the pix (cleaned)...

<--CUT-->
Username: ..&..&........... ..!.."..'........&..&........... ..!.."..'......user
...
Password: ..$user
.********
Type help or '?' for a list of available commands.

.pix> enable
.enable
Password: password
.********

.pix#
.

.pix# terminal length 0
.terminal width 80
.terminal length 0
^
ERROR: % Invalid input detected at '^' marker.

.pix# terminal width 80
^
ERROR: % Invalid input detected at '^' marker.

.pix# admin show version
.ashow version
.dmin show version
^
ERROR: % Invalid input detected at '^' marker.

.pix# show redundancy secondary
.show version
<--CUT-->

<--CUT-->
.pix# more system:running-config
.show running-config
.more system:running-config
Cryptochecksum: bce13d29 c20a9f99 eaaddf54 9f6a8121
: Saved
: Written by enable_15 at 15:54:21.835 CST Sat Feb 7 2009
!
PIX Version 7.2(4)
!
hostname fw
domain-name example.org
enable password xxxxxxxx encrypted
passwd xxxxxxxxxxx encrypted
names

dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 000.000.000.000 255.255.255.252
!
interface Ethernet1
nameif inside
<--- More --->
.
.
. security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet2
<--CUT-->

<--CUT-->
service-policy global_policy global
prompt hostname context
Cryptochecksum:bce13d29c20a9f99eaaddf549f6a8121
: end

.pix# write term
.write term
: Saved
:
PIX Version 7.2(4)
!
hostname fw01
<--CUT-->

<--CUT-->
Cryptochecksum:bce13d29c20a9f99eaaddf549f6a8121
: end
<--- More --->
.
.[OK]

.pix# eexxiitt
.

Logoff
<--CUT-->

The Log of the above run

***@monitor:/usr/local/rancid# cat var/logs/group.20090207.152420

starting: Sat Feb 7 15:24:20 CST 2009

Trying to get all of the configs.
fw01.example.org: missed cmd(s): show redundancy secondary,show running-config
=====================================
Getting missed routers: round 1.
fw01.example.org: missed cmd(s): show redundancy secondary,show running-config
=====================================
Getting missed routers: round 2.
fw01.example.org: missed cmd(s): show redundancy secondary,show running-config
=====================================
Getting missed routers: round 3.
fw01.example.org: missed cmd(s): show redundancy secondary,show running-config
=====================================
Getting missed routers: round 4.
fw01.example.org: missed cmd(s): show redundancy secondary,show running-config

cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs

ending: Sat Feb 7 15:25:35 CST 2009

john heasley

2009-02-09 23:13:28 UTC

Permalink

Post by Jason Ellison
About the modification breaking my pix monitoring...
Here is my modification to clogin
/usr/local/src/rancid-2.3.2a9/bin/clogin bin/clogin
--- /usr/local/src/rancid-2.3.2a9/bin/clogin 2009-02-03
18:19:46.000000000 -0600
+++ bin/clogin 2009-02-07 15:24:16.000000000 -0600
@@ -610,6 +610,7 @@
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ send "terminal width 80\r"
}
# escape any parens in the prompt, such as "(enable)"
regsub -all {[)(]} $prompt {\\&} reprompt
@@ -875,6 +876,7 @@
send "set logging session disable\r"
} else {
send "terminal length 0\r"
+ send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile

because it is important that the login script keep track of prompts to
avoid, among other things, matching things in output that look like
prompts, you must match prompts that you trigger and you haven't done
that here. this is most likely why it fails.

Post by Jason Ellison
TCP stream of rancid connecting to the pix (cleaned)...

*login -d host is normally far more useful output for debugging the
login scripts.

Jason Ellison

2009-02-10 21:23:44 UTC

Permalink

I'm new to the community so I apologize for my ignorance. I saw
another spot in the expect script where to send commands were bundled
together. So, you are saying I need an expect $prompt to delay the
"term width" command?

yes, but its not a 'delay'; its waiting for the prompt and flushing it
from your input. I do not know what the other place in the code is
that you're referring to, so i cant comment on why it'd be different.

I understand that that by design expect is looking for a regexp before

its either a regex or a glob, but that doesnt matter.
if you send commands without waiting for the prompt you will confuse
yourself (your script). thats just my experience and i'm guessing thats
why your change doesnt work.

again... I will review it. I'm sure you are right. I have not played
in expect land in over two years. You have a great project... I do
not mean to bother you with dumb problems. I'm not being facetious.
I think I made a mistake.

sending. I will review my changes... Because, apparently, they do
not work. Sorry to trouble you.

I did not know about the -d debug mode. But I did read through the
mail archives before I posted.
-Jason Ellison

My previous patch was flawed. I was using "send" without an
"expect"... The following patch seems to work without breaking my PIX
monitoring. Thanks to John Heasley for catching the error.

-Jason Ellison

diff -uN /usr/local/src/rancid-2.3.2a9/bin/clogin bin/clogin
--- /usr/local/src/rancid-2.3.2a9/bin/clogin 2009-02-03
18:19:46.000000000 -0600
+++ bin/clogin 2009-02-10 15:16:38.000000000 -0600
@@ -610,6 +610,9 @@
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ expect {
+ -re "$prompt" { send -- "terminal width 80\r";}
+ }
}
# escape any parens in the prompt, such as "(enable)"
regsub -all {[)(]} $prompt {\\&} reprompt
@@ -875,6 +878,9 @@
send "set logging session disable\r"
} else {
send "terminal length 0\r"
+ expect {
+ -re "$prompt" { send -- "terminal width 80\r";}
+ }
}
expect -re $prompt {}
source $sfile