Header Only - DO NOT REMOVE - Extreme Networks

failsafe account configuration script

  • 15 February 2018
  • 9 replies
  • 490 views

Userlevel 1
Hi Guys

I have the below script which is suppose to set the failsafe and admin account passwords. It however just hangs at the first line; Disable clipaging

#@MetaDataStart
#@DetailDescriptionStart
#############################################################################################
# Define your user parameters in this section. For reference, see bundled scripts.
##############################################################################################
#@DetailDescriptionEnd
#@MetaDataEnd
#Enter all CLI commands from here
disable clipaging
#Set failsafe-account
config failsafe-account
regexp {.*enter failsafe user name:.*} ${CLI.OUT} foundfailsafe1
IF ([info exists foundfailsafe1]) THEN
CLI FailSafeAccount
ENDIF
regexp {.*enter failsafe password:.*} ${CLI.OUT} foundfailsafe2
IF ([info exists foundfailsafe2]) THEN
CLI FailSafePassword
ENDIF
regexp {.*enter password again:.*} ${CLI.OUT} foundfailsafe3
IF ([info exists foundfailsafe3]) THEN
CLI FailSafePassword
ENDIF
configure failsafe-account permit all
#Configure Local Admin password
configure account "admin" password
regexp {.*Current user's password:.*} ${CLI.OUT} AdminAccount1
IF ([info exists AdminAccount1]) THEN
CLI Admin
ENDIF
regexp {.*New password:.*} ${CLI.OUT} AdminAccount2
IF ([info exists AdminAccount2]) THEN
CLI AdminPassword
ENDIF
regexp {.*Reenter password:.*} ${CLI.OUT} AdminAccount3
IF ([info exists AdminAccount3]) THEN
CLI AdminPassword
ENDIF
regexp {.*overwrite it?.*} ${CLI.OUT} foundit1
IF ([info exists foundit1]) THEN
CLI yes
ENDIF
save
regexp {.*overwrite it?.*} ${CLI.OUT} foundit2
IF ([info exists foundit2]) THEN
CLI yes
ENDIF

enable clipaging

so the question is, can this be scripted? Any ideas?

Thanks

9 replies

Userlevel 2
Try to add: enable cli scripting at the begining
Userlevel 1
Try to add: enable cli scripting at the begining

Hi

Thanks for the reply. That didn't work.
Userlevel 1
So i get the below debug error, which sort off indicates I am missing something.

2018-02-15 14:03:36,919 DEBUG [com.extremenetworks.epicenter.server.deviceCommunicator.session.cli.DeviceCliSession] 192.168.5.15|Completed Command|config failsafe-account permit all|
2018-02-15 14:03:36,920 DEBUG [com.extremenetworks.epicenter.server.deviceCommunicator.scriptInterpreter.ExecuteCLICommand] timeout for cli [CLI config failsafe-account] 55 seconds.
2018-02-15 14:03:36,920 DEBUG [com.extremenetworks.epicenter.server.deviceCommunicator.session.cli.DeviceCliSession] 192.168.5.15|Processing Command|config failsafe-account|
2018-02-15 14:03:39,245 DEBUG [com.extremenetworks.epicenter.server.scripting.beans.impl.ExpiringScriptCache] Expiring Script Cache:size=2] Found: 386
2018-02-15 14:03:43,433 DEBUG [com.extremenetworks.epicenter.server.scripting.beans.impl.ExpiringScriptCache] Expiring Script Cache:size=2] Found: 386
2018-02-15 14:03:46,976 ERROR [com.extremenetworks.ScriptingEngine] | 192.168.5.15 : Error: Timeout waiting for cli response
2018-02-15 14:03:46,978 DEBUG [com.extremenetworks.epicenter.server.deviceCommunicator.beans.impl.DeviceCommunicatorManagerBean] Error||Exception
tcl.lang.TclException: Error: Timeout waiting for cli response
Userlevel 6
The problem here seems to be that the "configure failsafe-account" command requires an interactive prompt. The switch/script is waiting for you to enter the user and password and times out. Try a simpler approach to entering that info just by adding it to the next lines after the command:

configure failsafe-acount
[u]
Userlevel 1
The problem here seems to be that the "configure failsafe-account" command requires an interactive prompt. The switch/script is waiting for you to enter the user and password and times out. Try a simpler approach to entering that info just by adding it to the next lines after the command:

configure failsafe-acount
[u]

Thanks for that, it still hangs.
Userlevel 6
The problem here seems to be that the "configure failsafe-account" command requires an interactive prompt. The switch/script is waiting for you to enter the user and password and times out. Try a simpler approach to entering that info just by adding it to the next lines after the command:

configure failsafe-acount
[u]

I actually tried the simple version above myself and it worked. What did your script look like (password omitted of course)?
Userlevel 1
The problem here seems to be that the "configure failsafe-account" command requires an interactive prompt. The switch/script is waiting for you to enter the user and password and times out. Try a simpler approach to entering that info just by adding it to the next lines after the command:

configure failsafe-acount
[u]

Hi

See below. This is a Oneview script not a Netsite command script.

#@MetaDataStart
#@DetailDescriptionStart
#############################################################################################
# Define your user parameters in this section. For reference, see bundled scripts.
##############################################################################################
#@DetailDescriptionEnd
#@MetaDataEnd
#Enter all CLI commands from here
disable clipaging
#Set failsafe-accountconfigure failsafe-account
CLI user
CLI password
CLI password
configure failsafe-account permit all
#Configure Local Admin password
configure account "admin" password
regexp {.*Current user's password:.*} ${CLI.OUT} AdminAccount1
IF ([info exists AdminAccount1]) THEN
CLI Admin
ENDIF
regexp {.*New password:.*} ${CLI.OUT} AdminAccount2
IF ([info exists AdminAccount2]) THEN
CLI AdminPassword
ENDIF
regexp {.*Reenter password:.*} ${CLI.OUT} AdminAccount3
IF ([info exists AdminAccount3]) THEN
CLI AdminPassword
ENDIF
regexp {.*overwrite it?.*} ${CLI.OUT} foundit1
IF ([info exists foundit1]) THEN
CLI yes
ENDIF
save
regexp {.*overwrite it?.*} ${CLI.OUT} foundit2
IF ([info exists foundit2]) THEN
CLI yes
ENDIF

enable clipaging
Userlevel 6
The problem here seems to be that the "configure failsafe-account" command requires an interactive prompt. The switch/script is waiting for you to enter the user and password and times out. Try a simpler approach to entering that info just by adding it to the next lines after the command:

configure failsafe-acount
[u]

So the same concept applies to the local admin accounts as well. This script is attempting to read CLI.OUT and respond. That isn't necessary. Just simply enter the responses for the prompted input line by line.

#@MetaDataStart
#@DetailDescriptionStart
#############################################################################################
# Define your user parameters in this section. For reference, see bundled scripts.
##############################################################################################
#@DetailDescriptionEnd
#@MetaDataEnd
#Enter all CLI commands from here
disable clipaging
#Set failsafe-account
configure failsafe-account
[u]

configure failsafe-account permit all
#Configure Local Admin password
configure account "admin" password



enable clipaging
Userlevel 6
i try that with an XMC Script and also failed.

CLI configure failsafe-account deny all
CLI configure failsafe-account permit serial

CLI configure failsafe-account
CLI failsafe
CLI abcd1234
CLI abcd1234

Test run:

CLI Login: admin
X440G2-48p-10G4 10.1.1.211 08/26/2019 04:41:45 PM at 04:41:45 PM
04:41:45 PM
X440G2-48p-10G4.1 # configure failsafe-account deny all
X440G2-48p-10G4.2 #

X440G2-48p-10G4.2 # configure failsafe-account permit serial
X440G2-48p-10G4.3 #

Error: session exceeded timeout: 30 secs
Error: session exceeded timeout: 30 secs
Error: session exceeded timeout: 30 secs
enter password again:
X440G2-48p-10G4.4 #

It seems XMC does not recognize switch prompt.

Reply