Using CentOS 7 with Rancid configured.
I'm using Rancid to get my Cisco switches configuration, but seems that Rancid isn't able to get my configs. The output of my logs:
starting: Seg Out 8 18:47:17 WEST 2018
Trying to get all of the configs.
sw-it-dist-4.cbr.net: missed cmd(s): all commands
sw-it-dist-4.cbr.net: End of run not found
sw-it-dist-4.cbr.net: clogin error: Error: Couldn't login
My .cloginrc
file:
add user *.net {admin}
add password *.net {PASSWORD_REMOVED} {PASSWORD_REMOVED}
add autoenable *.net 1
add method *.net ssh
add userprompt *.net {"User Name:"}
When I tried to run /usr/local/rancid/bin/clogin sw-it-dist-4.cbr.net
it looks like the enable
command is missing:
rancid@it-tests logs]$ /usr/local/rancid/bin/clogin sw-it-dist-4.cbr.net
sw-it-dist-4.cbr.net
spawn ssh -x -l admin sw-it-dist-4.cbr.net
Password:
-----------------------------------------------------------------------------
=============================================================================
== UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED!!! ==
== ==
== You must have explicit, authorized permission to access or configure ==
== this device. Unauthorized attempts and actions to access or use of ==
== this system may result in civil and/or criminal penalties.
== All activities performed on this device are logged and monitored. ==
=============================================================================
-----------------------------------------------------------------------------
sw-it-dist-4>
sw-it-dist-4>
What I'm doing wrong?
For example, if I run the clogin
command manually I'm able to see my configuration:
[rancid@it-tests rancid]$ /usr/local/rancid/bin/clogin -c "show runn" sw-dc-tor-1.cbr.net.wit
sw-dc-tor-1.cbr.net.wit
spawn ssh -x -l admin sw-dc-tor-1.cbr.net.wit
Password:
sw-dc-tor-1>enable
Password required, but none set
Password:
sw-dc-tor-1#
sw-dc-tor-1#terminal length 0
sw-dc-tor-1#terminal width 132
sw-dc-tor-1#show runn
Building configuration...
Current configuration : 10393 bytes
!
! Last configuration change at 13:56:17 UTC Thu Sep 27 2018 by admin
! NVRAM config last updated at 13:46:16 UTC Thu Sep 27 2018 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
(...)
But if I run the /usr/local/rancid/bin/rancid-run
I have this error:
[rancid@it-tests logs]$ tailf Switches.20181009.114630
=====================================
Getting missed routers: round 1.
sw-it-tor-1.cbr.net.wit: missed cmd(s): all commands
sw-it-tor-1.cbr.net.wit: End of run not found
sw-it-tor-1.cbr.net.wit clogin error: Error: Couldn't login
!
=====================================
Getting missed routers: round 2.
sw-it-tor-1.cbr.net.wit: missed cmd(s): all commands
sw-it-tor-1.cbr.net.wit: End of run not found
sw-it-tor-1.cbr.net.wit clogin error: Error: Couldn't login
!
I don't understand what I'm missing…
Edit:
Thank you for your reply.
I've changed the autoenable
option, and changed the hostname
to .net.wit.
My .cloginrc
file:
add user *.net.wit {admin}
add password *.net.wit {PASSWORD_REMOVED} {PASSWORD_REMOVED}
add autoenable * 0
add method *.net.wit ssh
add userprompt *.net.wit {"User Name:"}
Now if I run this command /usr/local/rancid/bin/clogin -f /home/rancid/.cloginrc sw-it-dist-4.cbr.net.wit
I have this output:
[rancid@it-tests root]$ /usr/local/rancid/bin/clogin -f /home/rancid/.cloginrc sw-it-dist-4.cbr.net.wit
sw-it-dist-4.cbr.net.wit
spawn ssh -x -l admin sw-it-dist-4.cbr.net.wit
Password:
-------------------------------------------------------------
===================================
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED!!!
===================================
-------------------------------------------------------------
sw-it-dist-4>enable
Password:
sw-it-dist-4#
But if run the /usr/local/rancid/bin/rancid-run
in my logs I have this:
[rancid@it-tests logs]$ tailf Switches.20181012.112810
Trying to get all of the configs.
sw-it-dist-4.cbr.net.wit: missed cmd(s): all commands
sw-it-dist-4.cbr.net.wit: End of run not found
sw-it-dist-4.cbr.net.wit clogin error: Error: Couldn't login
What I'm doing wrong this time?
Best Answer
It appears that you have
autoenable
switched on in your config, which indicates that the username you're using (admin
) already has "enable" privilege. If you have the oppositeautoenable * 0
, RANCID will issue anenable
command, with the password you've defined.I believe the reason it behaves differently when you run it by hand on
sw-dc-tor-1.cbr.net.wit
is that this hostname ends in '.wit' and so doesn't match the*.net
you have in your.cloginrc
which triggers theautoenable
.See http://www.shrubbery.net/rancid/man/cloginrc.5.html