[rancid] Foundry ServerIron

Post by William Yardley
A few questions about getting a Foundry ServerIron setup and working
with Rancid....

...

Post by William Yardley
The user is connecting as a user which already should have the necessary
permissions;

What privilege level is this user?

I have a user on Foundry with priv level '5' (readonly), but I also need:

privilege exec level 5 skip-page-display

I can't remember if I have also had to patch flogin to send the
'skip-page-display' display command, or whether it is in the default.
I do have:

add noenable hostname.example.com 1

Post by William Yardley
So far, I can login Ok with clogin / flogin (with the caveat above), but
for whatever reason, after switching from 'noenable' to 'autoenable',
Trying to get all of the configs.
hostname.example.com flogin error: Error: TIMEOUT reached
hostname.example.com: missed cmd(s): show chassis,show module,show flash,show version,show running-config,write term
hostname.example.com: End of run not found
show version;show chassis;show module;show flash;write term;show running-config
Will it fail if some of these don't work? write term and show module
don't work for me (not as the user I'm connecting as, and I believe not
at all).

As long as it can find the prompt again after a failed command, it should
be OK. But you need to check your paging (also make sure you're running
the latest rancid).

To find out exactly where it is failing, you will need to grab the raw
output, see the web page for more details.

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK

William Yardley

2009-05-12 21:19:11 UTC

Post by Jethro R Binks
privilege exec level 5 skip-page-display

level 5 doesn't seem to work for me - show doesn't work at all. We are
using priv level 1 (context-based) with

username rancid privilege 1 password .....
global all viewer

Trying to set something for privilege level 1 doesn't seem to work (the
level gets changed to '2' in the config, and paging isn't turned off),
probably because it's role-based. I tried doing:

username rancid
enable skip-page-display

but that set skip-page-display globally again, not just for that user.

Also, it's been a while, but maybe francid should just send a 'terminal
length 0' before starting, which I think would accomplish the same
thing? I guess that's not done because not all versions of the foundry
code support it?
http://www.gossamer-threads.com/lists/rancid/users/3743

Post by Jethro R Binks

Post by William Yardley
Will it fail if some of these don't work? write term and show module
don't work for me (not as the user I'm connecting as, and I believe not
at all).

Yeah - the raw output shows it hanging on the prompt (which looks like:

***@hostname>

(where hostname is a single word made up of lower case letters)

raw output from 'francid hostname.example.com' shows:

hostname.example.com
spawn ssh -c 3des -x -l rancid hostname.example.com
***@hostname.example.com's password:
***@hostname>
[hangs there]

I don't see an obvious way (in .cloginrc, anyway) to configure the
prompt regex, nor do I see an obvious way to change the default ssh
prompt.

If I do 'flogin [host]', it similarly just hangs - I can't hit return,
exit, or enter commands.

w

William Yardley

2009-05-12 21:24:43 UTC

Post by William Yardley
If I do 'flogin [host]', it similarly just hangs - I can't hit return,
exit, or enter commands.

ps: flogin -noenable does seem to do the trick (flogin succeeds and I
can run commands).

however, I still get

$ flogin hostname.example.com
hostname.example.com

Error: no enable password for hostname.example.com in
/var/rancid/.cloginrc.

with this in .cloginrc:
add noenable hostname.example.com 1

if I add noautoenable as well, flogin doesn't complain, but still hangs.

w

john heasley

2009-05-12 21:34:20 UTC

Post by Jethro R Binks
privilege exec level 5 skip-page-display

level 5 doesn't seem to work for me - show doesn't work at all. We are
using priv level 1 (context-based) with
username rancid privilege 1 password .....
global all viewer
Trying to set something for privilege level 1 doesn't seem to work (the
level gets changed to '2' in the config, and paging isn't turned off),
username rancid
enable skip-page-display
but that set skip-page-display globally again, not just for that user.
Also, it's been a while, but maybe francid should just send a 'terminal
length 0' before starting, which I think would accomplish the same
thing? I guess that's not done because not all versions of the foundry
code support it?
http://www.gossamer-threads.com/lists/rancid/users/3743

Post by Jethro R Binks

Post by William Yardley
Will it fail if some of these don't work? write term and show module
don't work for me (not as the user I'm connecting as, and I believe not
at all).

(where hostname is a single word made up of lower case letters)
hostname.example.com
spawn ssh -c 3des -x -l rancid hostname.example.com
[hangs there]

if its autoenable, the prompt should end with '#'.

Post by William Yardley
I don't see an obvious way (in .cloginrc, anyway) to configure the
prompt regex, nor do I see an obvious way to change the default ssh
prompt.
If I do 'flogin [host]', it similarly just hangs - I can't hit return,
exit, or enter commands.
w
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

William Yardley

2009-05-12 21:42:00 UTC

Post by William Yardley
hostname.example.com
spawn ssh -c 3des -x -l rancid hostname.example.com
[hangs there]

if its autoenable, the prompt should end with '#'.

Yeah - then I guess it's noenable I want rather than autoenable. Any
chance this is broken with foundry stuff on 2.3.2a10, or am I screwing
something else up?

RHEL 4u7, RPM of rancid built from the included specfile, Expect is
version expect-5.42.1.

w

john heasley

2009-05-12 21:48:03 UTC

Post by William Yardley
hostname.example.com
spawn ssh -c 3des -x -l rancid hostname.example.com
[hangs there]

if its autoenable, the prompt should end with '#'.

Yeah - then I guess it's noenable I want rather than autoenable. Any
chance this is broken with foundry stuff on 2.3.2a10, or am I screwing
something else up?

i dont think so. it should enable next, be sure that it does that and
and flogin -c 'show vers;show vers' works

Post by William Yardley
RHEL 4u7, RPM of rancid built from the included specfile, Expect is
version expect-5.42.1.

and the expect patch available on the rancid web site.

William Yardley

2009-05-12 22:00:02 UTC

Post by William Yardley
hostname.example.com
spawn ssh -c 3des -x -l rancid hostname.example.com
[hangs there]

if its autoenable, the prompt should end with '#'.

Yeah - then I guess it's noenable I want rather than autoenable. Any
chance this is broken with foundry stuff on 2.3.2a10, or am I screwing
something else up?

i dont think so. it should enable next, be sure that it does that and
and flogin -c 'show vers;show vers' works

It should enable even when 'noenable' is set (and autoenable is not
set)? The thing I'm saying might be a bug is the fact that noenable
seems to be getting ignored in .cloginrc (with flogin, but *not*
clogin).

Just to make sure we're talking about the same thing, the device in
question should happily do the commands needed *without* enabling at
all. I belive 'noenable 1' is what I need to set for that. As I said,
running flogin with -noenable works Ok, but flogin with noenable set in
.cloginrc spits out an error.

FWIW, "flogin -noenable -c 'show vers;show vers'" works fine.

Post by William Yardley
RHEL 4u7, RPM of rancid built from the included specfile, Expect is
version expect-5.42.1.

and the expect patch available on the rancid web site.

Oh - that may be part of my problem -- I had thought the expect patch
was only necessary with versions of expect < 5.40, but just realized
that that's not the case.

w

john heasley

2009-05-12 22:31:35 UTC

Post by William Yardley
hostname.example.com
spawn ssh -c 3des -x -l rancid hostname.example.com
[hangs there]

if its autoenable, the prompt should end with '#'.

Yeah - then I guess it's noenable I want rather than autoenable. Any
chance this is broken with foundry stuff on 2.3.2a10, or am I screwing
something else up?

i dont think so. it should enable next, be sure that it does that and
and flogin -c 'show vers;show vers' works

It should enable even when 'noenable' is set (and autoenable is not
set)? The thing I'm saying might be a bug is the fact that noenable
seems to be getting ignored in .cloginrc (with flogin, but *not*
clogin).
Just to make sure we're talking about the same thing, the device in
question should happily do the commands needed *without* enabling at
all. I belive 'noenable 1' is what I need to set for that. As I said,
running flogin with -noenable works Ok, but flogin with noenable set in
.cloginrc spits out an error.
FWIW, "flogin -noenable -c 'show vers;show vers'" works fine.

do it w/o the -noenable. francid also expects the '#' prompt.

Post by William Yardley
RHEL 4u7, RPM of rancid built from the included specfile, Expect is
version expect-5.42.1.

and the expect patch available on the rancid web site.

Oh - that may be part of my problem -- I had thought the expect patch
was only necessary with versions of expect < 5.40, but just realized
that that's not the case.

Afaik, ALL versions on linux or solaris.

William Yardley

2009-05-12 23:18:03 UTC

Post by William Yardley
FWIW, "flogin -noenable -c 'show vers;show vers'" works fine.

do it w/o the -noenable. francid also expects the '#' prompt.

So there's no way to use (unmodified) Rancid to get a device's config
when there's no "#" prompt, even with noenable set in the .cloginrc?

In this case, what I'm trying to do is to collect the needed information
with a user that has exactly the level of permissions to collect that
information. Since the user has permissions to get the needed
information, there's no need for the router to be in enable mode to get
what I need.

w

john heasley

2009-05-13 17:13:45 UTC