DX NetOps

I am attempting to collect the configurations files from our BigIP F5 appliances and am running into a roadblock of sorts. 

On the DSS I can write a perl script that does exactly what I want:

use Net::SSH::Expect;
      my $ssh = Net::SSH::Expect->new (
      host => "xx.xx.xx.xx",
      password=> 'password',
      user => 'userid',
      raw_pty => 1
);
my $login_output = $ssh->login();
   if ($login_output !~ /#/) {
      die "Login has failed. Login output was $login_output";
}
my $bash = $ssh->send("bash");
      print($bash);
$ssh->send("cat /config/*.conf"); # using send() instead of exec()
      my $line;
         while ( defined ($line = $ssh->read_line()) ) {
         print $line . "\n";
}
$ssh->close();

When run on the DSS, I get back the config from this device.  

Now, when I try to convert it to a script in NCM for this device family, it fails telling me there is no config returned.  I think its a simple thing I am overlooking, and my Perl scripting is pretty basic, so any insight would be great.  

Here is the script I am running for the NCM Family:

use Net::SSH::Expect;

      my $deviceIP = shift;
      my $user = shift;
      my $pass = shift;
      my $epass = shift;
      my $login_timeout = shift;
      my $capture_timeout = shift;
      my @config;
      my $msg;

my $ssh = Net::SSH::Expect->new(
      host => $deviceIP,
      password => $pass,
      user => $user,
      raw_pty => 1,
      timeout => $login_timeout
);

my $login_output = $ssh->login();

   if ($login_output !~ /#/) {
       $msg = "Login has failed. Didn't see device prompt as expected.($login_output)";
       print STDERR "\nUsage: BigIP_F5_capture.pl <$deviceIP> <$user> <$pass> <$epass> <$login_timeout> <$capture_timeout>\n";
      $ssh->close();
}
   $ssh->send("bash");
   $ssh->timeout($capture_timeout);
   $ssh->peek(0);

   $ssh->send("cat /config/*.conf");
   $ssh->timeout($capture_timeout);
   $ssh->peek(0);

   my $line;
      while ( defined ($line = $ssh->read_line()) ) {
         push @config, $line;
}
$ssh->close();
#

Again, any help would be greatly appreciated.

Hi,

you collect the configuration in array "@config".

At the end of the script you have to print this array to STDOUT, what will be fetched by NCM.

f.e.

foreach (@config) {

   print $_;

}

Regards,

Olaf

So I have added the array, but I am now told that there is no configuration returned for the device.

I have added :

while( my $line = $ssh->read_line() ) {
          if( $line !~ /admin/) {
                        push @config, $line;
         }
 }

The returned error is:

SPC-OCC-10747: Error capturing configuration for host:

Script configured for device returned no configuration content.

The complete script is:

use Net::SSH::Expect;

    my $deviceIP        = shift;
    my $user            = shift;
    my $pass            = shift;
    my $epass           = shift;
    my $login_timeout   = shift;
    my $capture_timeout = shift;
    my @config;
    my $msg;

    my $ssh = Net::SSH::Expect->new(
        host        => $deviceIP,
        password    => $pass,
        user        => $user,
        raw_pty     => 1,
        timeout     => $login_timeout
       );

    my $login_output = $ssh->login();

     if ($login_output !~ /#/) {
      #die "Login has failed. Login output was $login_output";
   $msg = "Login has failed. Didn't see device prompt as expected.($login_output)";
   print LOG "\nUsage:  BigIP_F5_capture.pl <$deviceIP> <$user> <$pass> <$epass> <$login_timeout> <$capture_timeout>\n";
   print STDERR "\nUsage:  BigIP_F5_capture.pl <$deviceIP> <$user> <$pass> <$epass> <$login_timeout> <$capture_timeout>\n";
      $ssh->close();
#      return ( 252, $msg );
    }
  
    $ssh->exec("stty raw -echo");
    $ssh->send("bash");
    $ssh->send("cat /config/*.conf"); 
    $ssh->timeout($capture_timeout);
    $ssh->peek(0);

    my $line;
   
   while( my $line = $ssh->read_line() ) {
          if( $line !~ /admin/) {
                        push @config, $line;
          }
    }
 
      if( @config <= 0 )
      {
          $msg = "No data retrieved, the capture timeout may be too low.";
          $ssh->close();
          print STDERR $msg;
      }
 
      if( scalar grep { $_ =~ /admin/ } @config )
      {
          # Ensure show running actually returned the config and not an error
          # message containing '%'
          print STDERR $msg;
      }
   
#
#END

Any help would be greatly appreciated.

maybe you want to print the config lines of @config to STDOUT?

cheers,

Olaf

I have tried printing to the STDOUT as well and I am still no further.  I have a case opened with CA, I am not sure if its my script or the DSS because I am having issues collecting from other devices that I know should work, like Netscalers and some Cisco NX OS devices. 

I know this is old, but here is the final working script, for anyone interested in capturing F5 configuraitons(most of the config anyways:

!/opt/SPECTRUM/bin/perl -w

# This script will capture the running configuration of a
# BigIP F5 device through an SSH session and print it to STDOUT.
#
# Error Codes:
#   0   = Success
#   255 = Usage error
#   254 = Invalid timeout value
#   252 = Invalid Prompt
#   251 = Permission Denied Error
#   250 = Login Failed
#   249 = Exec prompt not found error
#   244 = Error retrieving configuration
#   245 = Insufficient privileges
#   253 = Unexpected output
#

use strict;
use warnings;
use Net::SSH::Expect;

$ENV{'PATH'} = "/usr/bin:" . $ENV{'PATH'};

### Main ###
if ( $#ARGV != 4 && $#ARGV != 5 ) {
    print "Usage: BigIP_F5_capture.pl <device IP> <user> <pass> <enable_pass>
<login_timeout_in_seconds> <capture_timeout_in_seconds>\n";
    print STDERR "Usage:  BigIP_F5_capture.pl <deviceIP> <user> <pass>
<enable_pass> <login_timeout_in_seconds> <capture_timeout_in_seconds>\n";
    exit 255;
}
elsif ( $ARGV[4] < 1 || $ARGV[4] > 600 ) {
    print "$ARGV[4] is the login timeout and must be an int between 1 and 600 seconds\n";
    print STDERR "$ARGV[4] is the login timeout and must be an int between 1 and 600 seconds\n";
    exit 254;
}
elsif ( $#ARGV == 5 && ( $ARGV[5] < 1 || $ARGV[5] > 600 ) ) {
    print "$ARGV[5] is the capture timeout and must be an int between 1 and 600 seconds\n";
    print STDERR "$ARGV[5] is the capture timeout and must be an int between 1and 600 seconds\n";
    exit 254;
}
else {
    my $capture_timeout = $ARGV[4];
    if ( $ARGV[5] ) {
        $capture_timeout = $ARGV[5];
    }

    my $errorCode = 1;
    my @data;
    my $errorString = "\nHost $ARGV[0]:  \n";

    ( $errorCode, @data ) = GetConfig( $ARGV[0], $ARGV[1], $ARGV[2], $ARGV[3], $ARGV[4], $capture_timeout );

    if ( $errorCode == 0 ) {

        # Success.  The startup configuration
        # content is in the data variable

        foreach (@data) { print "$_\n" };    # print the configuration to STDOUT
        exit 0;
    }
    else {
        print STDERR $errorString;

        if ( $errorCode == 245 ) {
            print STDERR join " ", @data, "\nEnsure that the device user has
sufficient privileges to disable paging and view the config\n";
        }
        else {
            print STDERR join " ", @data, "\n";
        }

        exit $errorCode;
    }
}

exit 0;

sub GetConfig {
    my $deviceIP        = shift;
    my $user            = shift;
    my $pass            = shift;
    my $epass           = shift;
    my $login_timeout   = shift;
    my $capture_timeout = shift;
    my @config;
 my $msg;

    my $ssh = Net::SSH::Expect->new(
        host        => $deviceIP,
        user        => $user,
        password    => $pass,
       raw_pty     => 1,
       no_terminal => 0,
       timeout     => $login_timeout
    );

    my $login_output = $ssh->login();
   
   # check if the login and password is ok
    if ( $login_output =~ /denied/ ) {
        $msg = "Login has failed. Permission with credentials supplied. Please check the device.\nThe username in use is $user";
        $ssh->close();
        return ( 251, $msg );
    }

    # login output should contain the right prompt characters
     if ( $login_output !~ /(tmos)/ ) {
        $msg = "Login has failed. Didn't see device prompt as expected.";
        # print STDERR $login_output;
        # print STDERR "Usage:  BigIP_F5_capture.pl <$deviceIP> <$user> <$pass> <$epass> <$login_timeout> <$capture_timeout> <$login_output> \n";
        $ssh->close();
        return ( 252, $msg);
    }

    $ssh->exec("bash");
    $ssh->send("cat /config/*.conf");
    $ssh->timeout($capture_timeout);
    $ssh->peek(0);

   #discard the first line, which is the bash command
       shift @config;
   #discard the second line, which is the cat command
       shift @config;
    
    while( my $line = $ssh->read_line() )
      {
          # get configuration content
 
          if( $line !~
              /(tmos)|Active:In Sync|Standby:In Sync/ )
          {
              push @config, $line;
          }
      }
   
  
    if ( @config <= 0 ) {
        $msg = "No data retrieved, the capture timeout may be too low.";
        $ssh->close();
        return ( 244, $msg );
    }

    if ( scalar grep { $_ =~ /^%/ } @config ) {
        # Ensure cat command actually returned the config and not an error
        # message containing '%'
        return ( 245, @config );
    }

    return ( 0, @config[0 .. $#config - 1] );    # everything was okay, return the captured data except last line
}
#
#END

thank you. I was just asked about this 5 min ago

Does this go under capture starting or capture running?

I have it in the Capture_Running. Glad it could help. It does not capture all of the config because there are the context’s that are missing, but this is the general config.

do you have a complete script? I am **** at scripting.. but really good at modifying a working script.

Full script is in this thread, just above here.