[rancid] Not working rancid with Cisco without enable.
Aleksey P
OS - FreeBSD
Here some of config:
/usr/local/libexec/rancid]# vi /usr/local/etc/rancid/.cloginrc
# THIS IS FOR CISCO
add noenable 172.16.2.2 1
#add autoenable 172.16.2.2 1
add user 172.16.2.2 username
add password 172.16.2.2 password
add method 172.16.2.2 ssh
Trying /usr/local/libexec/rancid/clogin -t 90 -c"show configuration" 172.16.2.2
All work just fine - no enable promt - show configuration - that is all we need:
/usr/local/libexec/rancid/clogin -t 90 -c"show configuration" 172.16.2.2
172.16.2.2
spawn ssh -c 3des -x -l username 172.16.2.2
user...@172.16.2.2's password:
Router>
Router>terminal length 0
Router>>show configuration
...
here we see our config
...
end
Router>exit
Connection to 172.16.2.2 closed.
But if i run rancid-run in my logs i will see:
Trying to get all of the configs.
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
!
=====================================
Getting missed routers: round 1.
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
I can't understand why it works like this.
Help me if u can :)
john heasley
it may be the command before this that failed. in general, for it to
runn all the commands, it needs enable. try
export NOPIPE=YES
rancid -d 172.16.2.2
172.16.2.2.raw will have the output from the device and .new the crunched
output.
> But if i run rancid-run in my logs i will see:
>
> Trying to get all of the configs.
> 172.16.2.2: missed cmd(s): show configuration
> 172.16.2.2: End of run not found
> !
> =====================================
> Getting missed routers: round 1.
> 172.16.2.2: missed cmd(s): show configuration
> 172.16.2.2: End of run not found
>
> I can't understand why it works like this.
> Help me if u can :)
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-...@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-...@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Aleksey P
In my rancid file i delete all commands, except "show configuration". This work fine with Juniper switches (becouse they don't have enable mode and have '>' in command line (i think)).
I did as you say:
In racid.conf i have:
NOPIPE=YES; export NOPIPE
Then i did:
]# /usr/local/libexec/rancid/rancid -d 172.16.2.2
executing /usr/local/libexec/rancid/clogin -t 90 -c"show configuration" 172.16.2.2
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: missed cmd(s): show configuration
172.16.2.2: End of run not found
172.16.2.2: End of run not found
!
!RANCID-CONTENT-TYPE: cisco
!
!
!
!
and that is all that in this file.
john heasley
> Hello.
> In my rancid file i delete all commands, except "show configuration". This
> work fine with Juniper switches (becouse they don't have enable mode and
it must have show version.
> have '>' in command line (i think)).
the rancid script shouldnt care about which prompt it shows, but in
general, enable mode is required.
> I did as you say:
> In racid.conf i have:
> NOPIPE=YES; export NOPIPE
>
> Then i did:
>
> ]# /usr/local/libexec/rancid/rancid -d 172.16.2.2
> executing /usr/local/libexec/rancid/clogin -t 90 -c"show configuration"
> 172.16.2.2
> 172.16.2.2: missed cmd(s): show configuration
> 172.16.2.2: missed cmd(s): show configuration
> 172.16.2.2: End of run not found
> 172.16.2.2: End of run not found
> !
> ]# cat /usr/local/libexec/rancid/172.16.2.2.new
> !RANCID-CONTENT-TYPE: cisco
> !
> !
> !
> !
> and that is all that in this file.
and what is in the 172.16.2.2.raw file?
Aleksey P
>> ]# cat /usr/local/libexec/rancid/172.16.2.2.new>and what is in the 172.16.2.2.raw file?
>> !RANCID-CONTENT-TYPE: cisco
>> !
>> !
>> !
>> !
>> and that is all that in this file.
>it must have show version.
>the rancid script shouldnt care about which prompt it shows, but in
>general, enable mode is required.
Per-Olof Olsson
In .clogin set
add autoenable <hostname> 1
Run ok for HP direct login to manager level and cisco nexus switches
that don't have enabler level.
(nexus use nxrancid and clogin scripts/program)
/Peo
----------------------------------------------------------
Per-Olof Olsson Email: p...@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8660
----------------------------------------------------------
john heasley
> Hello.
>
> >> ]# cat /usr/local/libexec/rancid/172.16.2.2.new
> > >> !RANCID-CONTENT-TYPE: cisco
> > >> !
> > >> !
> > >> !
> > >> !
> > >> and that is all that in this file.
> >
> > >and what is in the 172.16.2.2.raw file?
> >
>
> Nothing, that's all - only one line " !RANCID-CONTENT-TYPE: cisco" and
> that's all.
thats 172.16.2.2.new, not 172.16.2.2.raw.
> >it must have show version.
> I am not sure i understand you right. In rancid file i must use 'show
> version'?
yes, it must include show version since its used in writeterm, at least
for some platforms.
>
> >the rancid script shouldnt care about which prompt it shows, but in
> >general, enable mode is required.
> But in theory - can rancid work with Cisco device w/o 'enable'?
some commands require higher privledges. if you eliminate those that
do, then it'd work.
Aleksey P
>thats 172.16.2.2.new, not 172.16.2.2.raw.
Sorry, my fault.
But I was able to see what in it:
tail -F /usr/local/var/rancid/TEST/configs/172.16.2.2.raw
172.16.2.2
spawn ssh -c 3des -x -l username 172.16.2.2
C2960-USR-1>
C2960-USR-1>terminal length 0
C2960-USR-1>show version
Cisco IOS Software, C2960 Software
and so on...
than i see 'show configuration' command and all config.
That all walks four times and than file 172.16.2.2.raw somehow disappear.
But in logs i see:
Getting missed routers: round 1.
172.16.2.2: End of run not found
and no any normal config file :(
Per-Olof Olsson
Sorry but it will not work to use rancid for unpriv level, and ">"-prompt.
After some try to grab all open information in unpriv mode from cisco
switches, there have to be some changes to fix a working script.
I add a new switch type/script where I replase all "return(-1)" abort on
"authorization failed" to "retrun(1)" continue on "authorization
failed". See included diff for rancid to rancid_noen
Add -noenabler to clogin command to not have to change in my running
.cloginrc settings
To run cisco rancid script in unpriv mode, there must be some code
update to find >-prompt and to match commands (cmds_regexp) with
>-prompt. Today rancid script only match for #-prompt.
Notice that "show running-config" in nopriv gives error text
"% Invalid input detected at '^' marker."
and you have to set "found_end" before exit "write terminal" parsing
else you will not get a clean run.
If I don't have access to "show running" there is left one
extra line "more system:running-config" in output.
Can't understand to remove that extra line from my rancid_noen just now.
If I run my rancid_noen vs. rancid using full priv there is no diffs in
outputs to switch files.
/Peo
----------------------------------------------------------
Per-Olof Olsson Email: p...@chalmers.se
Chalmers tekniska h�gskola IT-service
H�rsalsv�gen 5 412 96 G�teborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
john heasley
> To run cisco rancid script in unpriv mode, there must be some code
> update to find >-prompt and to match commands (cmds_regexp) with
> >-prompt. Today rancid script only match for #-prompt.
that is not right; it accepts either on.
> If I don't have access to "show running" there is left one
> extra line "more system:running-config" in output.
> Can't understand to remove that extra line from my rancid_noen just now.
thats for the pix.
john heasley
> Sat, Jun 19, 2010 at 10:18:20AM +0200, Per-Olof Olsson:
> > To run cisco rancid script in unpriv mode, there must be some code
> > update to find >-prompt and to match commands (cmds_regexp) with
> > >-prompt. Today rancid script only match for #-prompt.
>
> that is not right; it accepts either on.
Sorry, Per-Olof; you are correct. I was looking at a local change. I'll
include this '>' prompt handling change with 2.3.4.