I'm trying to write an expect script that allows me to ssh into a switch, look for a certain set of software in flash, then delete it. I would like to say that if you see result "A" do action "B", and if you see result "C" do action "B". All of these results are displayed when I run one command.
This is an example of a result I'm expecting.
B3898_RM23_SW1#dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
bs: Directory or file name
cns: Directory or file name
flash1: Directory or file name
flash2: Directory or file name
flash: Directory or file name
null: Directory or file name
nvram: Directory or file name
system: Directory or file name
tar: Directory or file name
tmpsys: Directory or file name
vb: Directory or file name
xmodem: Directory or file name
ymodem: Directory or file name
<cr>
B3898_RM23_SW1#
What I'm looking for is the "flash1:" directory. Now there is a possibility of their being a total of nine flash file systems. You'll always have "flash1:"; what I want to do is go into each of the possible directories and delete either a file or an entire directory. And if their is no other directories just to move on.
What I want to know is how to properly use exp_continue, or if I need to use it at all in this instance. This is what I've got written, and it will copy the software to flash1, but if flas2 and so on exist it wont copy or delete the software over to the other flashes.
send "dir ?\r"
expect {
-re {\mflash1\M} {
send "delete /force /recursive flash1:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash1:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash2\M} {
send "delete /force /recursive flash2:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash2:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash3\M} {
send "delete /force /recursive flash3:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash3:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash4\M} {
send "delete /force /recursive flash4:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash4:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash5\M} {
send "delete /force /recursive flash5:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash5:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {mflash6\M} {
send "delete /force /recursive flash6:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash6:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash7\M} {
send "delete /force /recursive flash7:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash7:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash8\M} {
send "delete /force /recursive flash8:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash8:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
-re {\mflash9\M} {
send "delete /force /recursive flash9:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive flash9:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
}
#This deletes the IOS from a single device, then tftps the IOS to flash. If the TFTP fails it tries one more time.
send "copy tftp: flash1:\r"
expect "Address or name of remote host []?"
send "204.208.204.209\r"
expect "Source filename []?"
send "c3750-ipservicesk9-mz.122-55.SE7.bin\r"
expect "Destination filename"
send "\r"
expect {
-re {\mtimed out\M} {
send "copy tftp: flash:\r"
expect "Address or name of remote host []?"
send "XXX.XXX.XXX.XXX\r"
expect "Source filename []?"
send "c3750-ipservicesk9-mz.122-55.SE7.bin\r"
expect "Destination filename [c3750-ipservicesk9-mz.122-55.SE7.bin]?"
send "\r"
expect "*#"
}
-re {\mOK - 13010154 bytes\M}
}
# checks to see if there are other members in the stack, and if there are it will copy the ios from flash1 to the other devices.
send "dir ?\r"
expect {
-re {\mflash\M} {
send "\r"
expect "*#"
}
-re {\mflash1\M} {
send "\r"
expect "*#"
}
-re {\mflash2\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash2:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash3\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash3:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash4\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash4:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash5\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash5:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash6\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash6:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash7\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash7:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash8\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash8:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
-re {\mflash9\M} {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash9:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
}
Here is the output from the script when I pipe it to a file... I'm only capturing the first loop.
send: sending "dir ?\r" to { exp7 }
Gate keeper glob pattern for '\m(flash[1-9])\M' is 'flash?'. Activating booster.
expect: does "\r\n 6 -rwx 28612 Apr 23 2012 02:35:18 +02:00 config.text.backup\r\n 5 -rwx 1276 Mar 1 1993 01:04:41 +01:00 vlan.dat\r\n 4 -rwx 2404 Jun 17 2013 14:01:30 +02:00 private-config.text\r\n 88 -rwx 2404 Apr 23 2012 02:35:18 +02:00 private-config.text.backup\r\n 8 -rwx 43535 Jun 17 2013 14:01:29 +02:00 config.text\r\n\r\n32514048 bytes total (19417088 bytes free)\r\nB3762_6D205C_SW1&2#" (spawn_id exp7) match regular expression "\m(flash[1-9])\M"? Gate "flash?"? gate=no
"*#"? yes
expect: set expect_out(0,string) "\r\n 6 -rwx 28612 Apr 23 2012 02:35:18 +02:00 config.text.backup\r\n 5 -rwx 1276 Mar 1 1993 01:04:41 +01:00 vlan.dat\r\n 4 -rwx 2404 Jun 17 2013 14:01:30 +02:00 private-config.text\r\n 88 -rwx 2404 Apr 23 2012 02:35:18 +02:00 private-config.text.backup\r\n 8 -rwx 43535 Jun 17 2013 14:01:29 +02:00 config.text\r\n\r\n32514048 bytes total (19417088 bytes free)\r\nB3762_6D205C_SW1&2#"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "\r\n 6 -rwx 28612 Apr 23 2012 02:35:18 +02:00 config.text.backup\r\n 5 -rwx 1276 Mar 1 1993 01:04:41 +01:00 vlan.dat\r\n 4 -rwx 2404 Jun 17 2013 14:01:30 +02:00 private-config.text\r\n 88 -rwx 2404 Apr 23 2012 02:35:18 +02:00 private-config.text.backup\r\n 8 -rwx 43535 Jun 17 2013 14:01:29 +02:00 config.text\r\n\r\n32514048 bytes total (19417088 bytes free)\r\nB3762_6D205C_SW1&2#"
send: sending "copy tftp: flash:\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
d
expect: does "d" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
i
expect: does "di" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
r
expect: does "dir" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
expect: does "dir " (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
?
expect: does "dir ?" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
bs: Directory or file name
cns: Directory or file name
flash1: Directory or file name
flash2: Directory or file name
flash: Directory or file name
null: Directory or file name
nvram: Directory or file name
system: Directory or file name
tar: Directory or file name
tmpsys: Directory or file name
vb: Directory or file name
xmodem: Directory or file name
ymodem: Directory or file name
<cr>
B3762_6D205C_SW1&2#dir
expect: does "dir ?\r\n /all List all files\r\n /recursive List files recursively\r\n all-filesystems List files on all filesystems\r\n bs: Directory or file name\r\n cns: Directory or file name\r\n flash1: Directory or file name\r\n flash2: Directory or file name\r\n flash: Directory or file name\r\n null: Directory or file name\r\n nvram: Directory or file name\r\n system: Directory or file name\r\n tar: Directory or file name\r\n tmpsys: Directory or file name\r\n vb: Directory or file name\r\n xmodem: Directory or file name\r\n ymodem: Directory or file name\r\n <cr>\r\n\r\nB3762_6D205C_SW1&2#dir " (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
expect: does "dir ?\r\n /all List all files\r\n /recursive List files recursively\r\n all-filesystems List files on all filesystems\r\n bs: Directory or file name\r\n cns: Directory or file name\r\n flash1: Directory or file name\r\n flash2: Directory or file name\r\n flash: Directory or file name\r\n null: Directory or file name\r\n nvram: Directory or file name\r\n system: Directory or file name\r\n tar: Directory or file name\r\n tmpsys: Directory or file name\r\n vb: Directory or file name\r\n xmodem: Directory or file name\r\n ymodem: Directory or file name\r\n <cr>\r\n\r\nB3762_6D205C_SW1&2#dir \r\n" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
Directory of flash:/
2 -rwx 9240 Jun 17 2013 14:01:30 +02:00 multiple-fs
3 -rwx 13006601 Apr 24 2012 19:24:08 +02:00 c3750-ipservicesk9-mz.122-55.SE5.bin
6 -rwx 28612 Apr 23 2012 02:35:18 +02:00 config.text.backup
5 -rwx 1276 Mar 1 1993 01:04:41 +01:00 vlan.dat
4 -rwx 2404 Jun 17 2013 14:01:30 +02:00 private-config.text
88 -rwx 2404 Apr 23 2012 02:35:18 +02:00 private-config.text.backup
8 -rwx 43535 Jun 17 2013 14:01:29 +02:00 config.text
32514048 bytes total (19417088 bytes free)
B3762_6D205C_SW1&2#
expect: does "dir ?\r\n /all List all files\r\n /recursive List files recursively\r\n all-filesystems List files on all filesystems\r\n bs: Directory or file name\r\n cns: Directory or file name\r\n flash1: Directory or file name\r\n flash2: Directory or file name\r\n flash: Directory or file name\r\n null: Directory or file name\r\n nvram: Directory or file name\r\n system: Directory or file name\r\n tar: Directory or file name\r\n tmpsys: Directory or file name\r\n vb: Directory or file name\r\n xmodem: Directory or file name\r\n ymodem: Directory or file name\r\n <cr>\r\n\r\nB3762_6D205C_SW1&2#dir \r\nDirectory of flash:/\r\n\r\n 2 -rwx 9240 Jun 17 2013 14:01:30 +02:00 multiple-fs\r\n 3 -rwx 13006601 Apr 24 2012 19:24:08 +02:00 c3750-ipservicesk9-mz.122-55.SE5.bin\r\n 6 -rwx 28612 Apr 23 2012 02:35:18 +02:00 config.text.backup\r\n 5 -rwx 1276 Mar 1 1993 01:04:41 +01:00 vlan.dat\r\n 4 -rwx 2404 Jun 17 2013 14:01:30 +02:00 private-config.text\r\n 88 -rwx 2404 Apr 23 2012 02:35:18 +02:00 private-config.text.backup\r\n 8 -rwx 43535 Jun 17 2013 14:01:29 +02:00 config.text\r\n\r\n32514048 bytes total (19417088 bytes free)\r\nB3762_6D205C_SW1&2#" (spawn_id exp7) match glob pattern "Address or name of remote host ?"? no
c
Here's an example of what it would look like if I ran all of those commands manually.
B3762_6D205C_SW1&2#term length 0
B3762_6D205C_SW1&2#wr
Building configuration...
[OK]
B3762_6D205C_SW1&2#dir flash:
# This first DIR tells me whether or not I have .bin version 5 or version 7. If I have version 7 I exit out of the script and I move on to upgrading another device. If it has version 5 continue on through the script.
Directory of flash:/
3 -rwx 13006601 Apr 24 2012 19:24:08 +02:00 c3750-ipservicesk9-mz.122-55.SE5.bin
6 -rwx 28612 Apr 23 2012 02:35:18 +02:00 config.text.backup
5 -rwx 1276 Mar 1 1993 01:04:41 +01:00 vlan.dat
4 -rwx 9240 Jun 18 2013 07:44:01 +02:00 multiple-fs
7 -rwx 43535 Jun 18 2013 07:44:01 +02:00 config.text
88 -rwx 2404 Apr 23 2012 02:35:18 +02:00 private-config.text.backup
8 -rwx 2404 Jun 18 2013 07:44:01 +02:00 private-config.text
32514048 bytes total (19417088 bytes free)
# This dir tells me how many flash file systems there are. I want to use this output to determine how many flash file systems I have to delete the old version 5 .bin file from.
B3762_6D205C_SW1&2#dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
bs: Directory or file name
cns: Directory or file name
flash1: Directory or file name
flash2: Directory or file name
flash: Directory or file name
null: Directory or file name
nvram: Directory or file name
system: Directory or file name
tar: Directory or file name
tmpsys: Directory or file name
vb: Directory or file name
xmodem: Directory or file name
ymodem: Directory or file name
<cr>
B3762_6D205C_SW1&2#delete /force /recursive flash1:c3750-ipservicesk9-mz.122-55.SE5.bin
B3762_6D205C_SW1&2#delete /force /recursive flash2:c3750-ipservicesk9-mz.122-55.SE5.bin
B3762_6D205C_SW1&2#copy tftp: flash:
Address or name of remote host []? 204.208.204.209
Source filename []? c3750-ipservicesk9-mz.122-55.SE7.bin
Destination filename [c3750-ipservicesk9-mz.122-55.SE7.bin]?
Accessing tftp://204.208.204.209/c3750-ipservicesk9-mz.122-55.SE7.bin...
Loading c3750-ipservicesk9-mz.122-55.SE7.bin from 204.208.204.209 (via Vlan402): !OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!OO!O!OO!OO!OO!OOO!OO!OO!OO!OO!OO!OO!O!OO!OO!OO!OO!OO!OO!OO!OO
[OK - 13010154 bytes]
13010154 bytes copied in 281.312 secs (46248 bytes/sec)
B3762_6D205C_SW1&2#dir ?
# I want to use this "dir ?" to tell me I how many flash file systems I have to copy the new version 7 flash file system to.
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
bs: Directory or file name
cns: Directory or file name
flash1: Directory or file name
flash2: Directory or file name
flash: Directory or file name
null: Directory or file name
nvram: Directory or file name
system: Directory or file name
tar: Directory or file name
tmpsys: Directory or file name
vb: Directory or file name
xmodem: Directory or file name
ymodem: Directory or file name
<cr>
B3762_6D205C_SW1&2#copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin flash2:
Destination filename [c3750-ipservicesk9-mz.122-55.SE7.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
13010154 bytes copied in 171.731 secs (75759 bytes/sec)
B3762_6D205C_SW1&2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
B3762_6D205C_SW1&2(config)#boot system switch all flash:c3750-ipservicesk9-mz.122-55.SE7.bin
B3762_6D205C_SW1&2(config)#exit
B3762_6D205C_SW1&2#reload at 02:00 22 June
System configuration has been modified. Save? [yes/no]: yes
Building configuration...
[OK]
Reload scheduled for 02:00:00 CEST Sat Jun 22 2013 (in 90 hours and 3 minutes) by super.poop on vty0 (204.208.XXX.XXX)
Proceed with reload? [confirm]
B3762_6D205C_SW1&2#term length 50
B3762_6D205C_SW1&2#wr mem
Building configuration...
[OK]
B3762_6D205C_SW1&2#exit
This is the only section that's failing right now!
set DIR {flash2 flash3 flash4 flash5 flash6 flash7 flash8 flash9}
send "dir ?\r"
expect {
-re {\m(flash[2-9])\M} {
lappend DIR $expect_out(1,string)
exp_continue
}
"*#"
}
foreach X $DIR {
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin $X:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
I would say:
set flash_dirs {}
send "dir ?\r"
expect {
-re {\m(flash[1-9])\M} {
lappend flash_dirs $expect_out(1,string)
exp_continue
}
"*#"
}
foreach dir $flash_dirs {
send "delete /force /recursive $dir:c3750-ipservicesk9-mz.122-55.SE5\r"
expect "*#"
send "delete /force /recursive $dir:c3750-ipservicesk9-mz.122-55.SE5.bin\r"
expect "*#"
}
Then you copy stuff into flash1. After that, I assume the dir list has not changed, so you already know which flash drives are mounted:
foreach dir $flash_dirs {
if {$dir eq "flash1"} continue
send "copy flash1:c3750-ipservicesk9-mz.122-55.SE7.bin $dir:\r"
expect "Destination filename"
send "\r"
expect "*#"
}
Much DRYer. Untested of course.
Related
I have the following error message in the dovecot errors & warnings log after I've tried to rebuild my mail server.
Prior to these errors, I updated my aging system to the latest, and lots of things broke. The configuration was confetti, so I attempted to rebuild the mail server. To get this error, I simply login to Roundcube mail. I'm able to login, however I cant see any emails.
I'm seeing two issues in the error, just not sure how to fix it.
Feb 06 18:07:15 imap(brad#nostalgicmail.com)<96785><ZgOYWl3XtMwX/pCT>: Error: chdir(/var/vmail/nostalgicmail.com/brad#nostalgicmail.com/) failed: Permission denied (euid=150(<unknown>) egid=8(mail) missing +x perm: /var/vmail/nostalgicmail.com, dir owned by 2000:2000 mode=0700)
Feb 06 18:07:15 imap(brad#nostalgicmail.com)<96785><ZgOYWl3XtMwX/pCT>: Error: stat(/var/vmail/nostalgicmail.com/brad#nostalgicmail.com/subscriptions) failed: Permission denied
Issue 1: chdir(/var/vmail/nostalgicmail.com/brad#nostalgicmail.com/)
This is not the correct directory, it should be /var/vmail/nostalgicmail.com/brad
Issue 2: Permission denied (euid=150() egid=8(mail) missing +x perm: /var/vmail/nostalgicmail.com, dir owned by 2000:2000 mode=0700)
This might be fixed after Issue 1 is corrected.
I do have other work to do to complete the server, such as making sure all SSL keys are correct, reintegrating sieve & spamassassin, dkim, spf, and so on. For now, I just need the email server to function.
My directory setup looks like so:
zion#hwsrv-890039:~$ sudo ls -Al /var/vmail/
total 16
drwx------ 5 vmail vmail 4096 Sep 10 19:06 kingmobiletransport.com
drwx------ 11 vmail vmail 4096 Jan 20 18:49 nostalgicmail.com
drwx------ 3 vmail vmail 4096 Aug 15 05:28 sites-by-brad.com
drwx------ 2 vmail vmail 4096 Feb 5 20:26 spamassassin
zion#hwsrv-890039:~$ sudo ls -Al /var/vmail/nostalgicmail.com/
total 36
drwx------ 4 vmail vmail 4096 Jan 10 19:47 brad
drwx------ 3 vmail vmail 4096 Jan 10 03:59 chronicle
drwx------ 3 vmail vmail 4096 Jul 22 2021 dirtywill
drwx------ 3 vmail vmail 4096 Jul 6 2021 emerald
drwx------ 3 vmail vmail 4096 Jul 6 2021 mickey
drwx------ 3 vmail vmail 4096 Jul 9 2021 mistyblue
drwx------ 4 vmail vmail 4096 Sep 21 20:54 mquin007
drwx------ 3 vmail vmail 4096 Jan 20 18:49 tribeofriche
drwx------ 3 vmail vmail 4096 Jul 29 2021 weather
zion#hwsrv-890039:~$ sudo ls -Al /var/vmail/nostalgicmail.com/brad/
total 12
lrwxrwxrwx 1 vmail vmail 21 Jul 9 2021 .dovecot.sieve -> sieve/roundcube.sieve
-rw------- 1 vmail vmail 726 Jan 10 19:47 .dovecot.svbin
drwx------ 22 vmail vmail 4096 Feb 5 21:57 Maildir
drwx------ 3 vmail vmail 4096 Jan 10 19:35 sieve
zion#hwsrv-890039:~$
Dovecot config looks like so:
zion#hwsrv-890039:~$ sudo doveconf -n > dovecot_config
zion#hwsrv-890039:~$ cat dovecot_config
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-cloud-amd64 x86_64 Debian 11.2 ext4
# Hostname: hwsrv-890039.nostalgicmail.com
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot_debug.log
first_valid_uid = 100
info_log_path = /var/log/dovecot_info.log
log_path = /var/log/dovecot_error_warnings.log
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%u
mail_privileged_group = mail
mail_uid = vmail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
postmaster_address = postmaster#nostalgicmail.com
protocols = " imap lmtp"
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0666
user = postfix
}
}
ssl_cert = </etc/letsencrypt/live/nostalgicmail.com/cert.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_ssl = yes
zion#hwsrv-890039:~$
Postfix looks like so:
zion#hwsrv-890039:~$ sudo postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = localhost
myhostname = hwsrv-890039.nostalgicmail.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
zion#hwsrv-890039:~$
#Andrew Richards
Thanks! Your reply gave me a lot of information to go on.
(For others facing a similar problem)
I started out by sending grep -rnw '/etc/dovecot' -e 'mail_location' to find all instances of mail_location to make changes there. Restarted dovecot.service
From there, I still had Error: stat(/var/vmail/nostalgicmail.com/brad#nostalgicmail.com) errors. I remember from the documentation that there are SQL queries that use the mailbox locations as well, so I sent grep -rnw '/etc/dovecot' -e '/var/vmail/%d/%u' to find them. Made corrections, and restarted dovecot.service again.
This cleaned up the first part of my errors, but I still had permissions issues.
Permission denied (euid=150(<unknown>) egid=8(mail) missing +x perm:
The above line tells me that UID 150 is unknown to my system and
dir owned by 2000:2000 mode=0700) tells me who does own the directory.
grep -rnw '/etc/dovecot' -e '150' shows that the SQL string I had is setting a UID for me, so I changed 150 to 2000, restarted dovecot, and it works! I still wanted to know what user UID 2000 is, so I used
grep -rnw '/etc/dovecot' -e '2000' which happily reported that UID 2000 belongs to user vmail
You state "This is not the correct directory, it should be /var/vmail/nostalgicmail.com/brad". Your (helpfully supplied) config contains,
mail_location = maildir:/var/vmail/%d/%u
Dovecot's mail location variables will render %u as user#domain. Change this to %n, "User part in user#domain" for it to use the path you've mentioned.
You'll may still get the first error though, key part for me,
...Permission denied (euid=150(<unknown>) egid=8(mail) missing +x perm: /var/vmail/nostalgicmail.com, dir owned by 2000:2000 mode=0700)
Assuming the error remains, look up those UIDs in /etc/passwd to see what usernames are involved, then see how that relates to your config, perhaps esp. parts to do with auth. From there you'll likely need to adjust one or more of the Dovecot config, the authentication / mailbox lookup or directory ownership / permissions.
I'm trying to ssh into a server, run a command, and save its output to a variable, with no success.
spawn $env(SHELL)
expect "\$ "
send "ls\r"
expect "\$ "
send "ssh myserver1\r"
expect "\$ "
send "cd /tmp/remotedir1\r"
expect "\$ "
send "ls\r"
expect "\$ "
set myvar1 [exec ls]
puts "The value of \$myvar1 is: "
puts $myvar1
send "exit\r"
expect "\$ "
send "exit\r"
expect eof
When I run it, I get:
spawn /bin/bash
$ ls
localfile1 localfile2 localfile3
$ ssh myserver1
Last login: Tue Sep 10 15:45:07 2017 from 192.168.0.100
myserver1$ cd /tmp/remotedir1
myserver1$ ls
remotefile1
myserver1$ The value of $myvar1 is:
localfile1
localfile2
localfile3
exit
logout
Connection to myserver1 closed.
bash-3.2$ exit
exit
Apparently, instead of setting $myvar1 to "remotefile1", it sets to those 3 files in the $cwd on the local host.
Thank you for your help in advance!
Using exec will execute the command locally.
Upon sending the ls command, you have to make use of the expect_out array to get the response.
set prompt "(.*)(#|%|>|\\\$) $"
send "ls\r"
expect -re $prompt
puts $expect_out(1,string)
I have some issues using incremental builds with the image ruby-22-centos7.
I added the following script "save-artifacts" to .sti/bin directory :
#!/bin/sh -e
pushd ${HOME} >/dev/null
if [ -d ./bundle/ruby ]; then
tar cf - bundle/ruby
fi
popd >/dev/null
I have this error during the build steps :
I0330 13:53:05.022524 1 sti.go:213] Using assemble from image:///usr/libexec/s2i
15 I0330 13:53:05.022544 1 sti.go:213] Using run from image:///usr/libexec/s2i
16 I0330 13:53:05.022551 1 sti.go:213] Using save-artifacts from upload/src/.sti/bin
17 I0330 13:53:05.024552 1 sti.go:142] Existing image for tag 172.30.22.77:5000/blog/blog:latest detected for incremental build
18 I0330 13:53:05.024570 1 sti.go:147] Performing source build from file:///tmp/s2i-build462497527/upload/src
19 I0330 13:53:05.024654 1 sti.go:350] Saving build artifacts from image 172.30.22.77:5000/blog/blog:latest to path /tmp/s2i-build462497527/upload/artifacts
20 I0330 13:53:05.026788 1 docker.go:374] Both scripts and untarred source will be placed in '/tmp'
21 I0330 13:53:05.026820 1 docker.go:510] Creating container using config: {Hostname: Domainname: User: Memory:0 MemorySwap:0 CPUShares:0 CPUSet: AttachStdin:false AttachStdout:true AttachStderr:false PortSpecs:[] ExposedPorts:map[] Tty:false OpenStdin:false StdinOnce:false Env:[] Cmd:[/tmp/scripts/save-artifacts] DNS:[] Image:172.30.22.77:5000/blog/blog:latest Volumes:map[] VolumeDriver: VolumesFrom: WorkingDir: MacAddress: Entrypoint:[] NetworkDisabled:false SecurityOpts:[] OnBuild:[] Mounts:[] Labels:map[]}
22 I0330 13:53:05.685226 1 docker.go:524] Attaching to container
23 I0330 13:53:05.686542 1 docker.go:530] Starting container
24 E0330 13:53:10.836202 1 tar.go:207] Error reading next tar header: io: read/write on closed pipe
25 W0330 13:53:10.859154 1 sti.go:150] Clean build will be performed because of error saving previous build artifacts
26 I0330 13:53:10.859172 1 sti.go:152] ERROR: timeout waiting for tar stream
Any help would be greatly appreciated !
I am trying to crytp using gpg2 the mails sent by Nagios3. For that, I have create this custom command on /etc/nagios3/commands.cfg :
/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/gpg2 --armor --encrypt --recipient toto#titi.com | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
Some points:
The e-mail is sent but it is "empty":
Sep 19 14:35:25 tutu nagios3: Finished daemonizing... (New PID=4313)
Sep 19 14:36:15 tutu nagios3: SERVICE ALERT:
tete_vm;HTTP;OK;HARD;4;HTTP OK: HTTP/1.1 200 OK - 347 bytes in 0.441
second response time Sep 19 14:36:15 tutu nagios3: SERVICE
NOTIFICATION: tata;tete_vm;HTTP;OK;notify-service-by-email;HTTP OK:
HTTP/1.1 200 OK - 347 bytes in 0.441 second response time
The command:
/usr/bin/gpg2 --armor --encrypt --recipient toto#titi.com | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$</code>
works very well on command line
I have tested this command:
/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/gpg2 --armor --encrypt --recipient toto#titi.com >> /tmp/toto.txt
The file /tmp/toto.txt is created but "empty".
So, it seems to be a problem using /usr/bin/gpg2 on this file, but I cannot find why!
The most common mistake when encrypting from within services using GnuPG is that the recipient's key was imported by another (system) user than the one the service is running under, for example imported by root, but the service runs as nagios.
GnuPG maintains per-user "GnuPG home directories" (usually ~/.gnupg) with per-user keyrings in them. If you imported as root, other service accounts don't know anything about the keys in there.
The first step for debugging the issue would be to redirect gpg's stderr to a file, so you can read the error message by adding 2>>/tmp/gpg-error.log to the GnuPG call:
/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/gpg2 --armor --encrypt --recipient toto#titi.com 2>>/tmp/gpg-error.log | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
If the issue is something like "key not found" or similar, you've got two possibilities to resolve the issue:
Import to the service's user account. Switch to the service's user, and import the key again.
Hard-code the GnuPG home directory to somewhere else using the --homedir [directory] option, for example in a place you also store your Nagios plugins.
Be aware of using appropriate, restrictive permissions. GnuPG is very picky if other users than the owner are allowed to read the files!
I want to automate the following interaction using Tcl/expect
[root#mgmt NAS]# ssh -q -p 8022 -l user 10.1.1.1
Password:
HP Network Automation Version 9.10.02
Type "HELP connect" to see how to connect to a device.
Type "HELP" to view a list of available commands.
NA>connect 10.1.1.2
WARNING: You do not have an approved reservation for this device at this time.
Attempting to connect to device bigip1.network.company.net (10.1.1.2).
Last login: Wed Sep 26 08:11:42 2012 from 10.2.1.1
Last login: Wed Sep 26 08:11:42 2012 from 10.2.1.1
[root#bigip1:Standby] config #
[root#bigip1:Standby] config #
[root#bigip1:Standby] config #
[root#bigip1:Standby] config # uname -a
Linux bigip1.network.company.net 2.6.18-164.11.1.el5.1.0.f5app #1 SMP Thu Apr 8 18:26:58 PDT 2010 i686 i686 i386 GNU/Linux
[root#bigip1:Standby] config # exit
logout
Disconnected from device bigip1.network.company.net (10.1.1.2).
NA>quit
Logging out of the NA Proxy Interface.
<Blank Line: couldn't show it with simple formatting>
The user input is essentially:
password
connect 10.1.1.2
uname -a
exit
quit
The script I wrote out, connect.exp, is as follows:
#!/usr/local/bin/expect
# Set the input parameters
set nashost [lindex $argv 0]
set port [lindex $argv 1]
set user [lindex $argv 2]
set passw [lindex $argv 3]
set device [lindex $argv 4]
set cmd [lindex $argv 5]
set binpath /usr/bin
log_user 0
# Set timeout to 45 seconds
set timeout 45
#check if all were provided
if { $nashost == "" || $port == "" || $user == "" || $passw == "" || $device == "" || $cmd == "" } {
puts "Usage: <nashost> <port> <user> <passw> <device> <command>\n"
exit 1
}
# String Variables
set nasprompt "NA>$"
set prompt "config # $"
# Flag Variables
set running 1
set count 0
# SSH to specified NAS host
if { [catch {spawn $binpath/ssh -q -p $port -o "StrictHostKeyChecking no" -l $user $nashost} error] } {
puts "Spawn: SSH failed: $error"
exit
}
expect {
"assword: " {
send "$passw\r"
incr count
if {$count > 3} {
puts "SSH failed on authentication after 3 tries"
set running 0
} else {
exp_continue
}
}
-re "$nasprompt" {
set running 1
}
"Connection refused" {
puts "$expect_out(buffer)"
set running 0
}
"Offending key" {
puts "Host key verification failed."
set running 0
}
eof {
puts -nonewline "Connection terminated unexpectedly:\n$expect_out(buffer)"
set running 0
}
timeout {
puts "ssh: connect to NAS host $host: Connection timed out"
set running 0
}
}
if {$running == 1} {
send "connect $device\r"
expect {
-re "$nasprompt" {
if {$running > 0} {
puts "connect to Device $device failed:\n$expect_out(buffer)"
}
send "quit\r"
}
-re "$prompt" {
if {$running > 0} {
send "$cmd\r"
set running 0
exp_continue
} else {
puts "$expect_out(buffer)"
send "exit\r"
}
}
full_buffer {
puts "$expect_out(buffer)"
exp_continue
}
eof {
puts "ssh: Connection terminated unexpectedly during command execution: $host."
}
timeout {
puts "ssh: Connection timed out during command execution: $host."
}
}
}
The issue I face is that the output I get for this interaction with this script is inconsistent.
I call the script as follows: expect connect.exp 10.1.1.1 8022 user 'pwd' 10.1.1.2 'uname -a'
Output one:
[root#bigip1:Standby] config #
[root#bigip1:Standby] config # uname -a
Linux bigip1.network.company.net 2.6.18-164.11.1.el5.1.0.f5app #1 SMP Thu Apr 8 18:26:58 PDT 2010 i686 i686 i386 GNU/Linux
[root#bigip1:Standby] config #
Output two:
<blank line>
<blank line>
u[root#bigip1:Standby] config #
[root#bigip1:Standby] config #
The u at the beginning of line 3 is part of the output, not a typo.
Other variations of output two exist as well.
The output I expected is:
Linux bigip1.network.company.net 2.6.18-164.11.1.el5.1.0.f5app #1 SMP Thu Apr 8 18:26:58 PDT 2010 i686 i686 i386 GNU/Linux
[root#bigip1:Standby] config #
What am I doing incorrect in my script?
After you send the password, you don't actually wait for the NA prompt before sending the connect command. Change your first expect command to:
set running false
expect {
"assword: " {
incr count
if {$count > 3} {
puts "SSH failed on authentication after 3 tries"
} else {
send "$passw\r"
exp_continue
}
}
"Connection refused" {
puts "$expect_out(buffer)"
}
"Offending key" {
puts "Host key verification failed."
}
eof {
puts -nonewline "Connection terminated unexpectedly:\n$expect_out(buffer)"
}
timeout {
puts "ssh: connect to NAS host $host: Connection timed out"
}
-re "$nasprompt" {
set running true
}
}
if {$running} {
send "connect ...