[rancid] Fortigate rancid issues

john heasley heas at shrubbery.net
Wed Dec 7 22:38:54 UTC 2011 

Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits:
> Hi all,
> 
> I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere.
> 
> Example :
> 
> <snip>
> 
>       set av-failopen pass
> 
> - set av-failopen-session disable
> 
> +     set av-failopen-session disable
> 
>       set batch-cmdb enable
> </snip>
> 
> Or
> 
> <snip>
> 
>   config system amc-slot
> 
> -     edit "sw1"
> 
> +     edit
> 
> + "sw1"
> 
>       next
> 
> 
> &&
> 
> Then the next hour :
> 
> 
>   end
> 
>   config system amc-slot
> 
> -     edit
> 
> - "sw1"
> 
> +     edit "sw1"
> 
>       next
> 
>   end
> </snip>
> 
> 
> Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ?
> 
> Thanks

Could you try this patch?

http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html

and, a superset of that (from "Andy") is below.  i'd like some confirmation
if these work before committing the change.

Index: bin/fnlogin.in
===================================================================
--- bin/fnlogin.in	(revision 2343)
+++ bin/fnlogin.in	(working copy)
@@ -451,6 +451,10 @@
     expect -re $prompt; send -- "end\r"
     expect -re $prompt;
 
+# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html
+    # this is the only way i see to get rid of more prompts in o/p..grrrrr
+    log_user 0
+
     set commands [split $command \;]
     set num_commands [llength $commands]
     for {set i 0} {$i < $num_commands} { incr i} {
@@ -459,10 +463,12 @@
             -re "$prompt"			{ send "\r"
 						  sleep 0.5
 						}
-	    -gl "--More--"			{ send " "
+	    -gl "--More--\[^\n\r]*"		{ send " "
 						  exp_continue
-	    -re "\[\n\r]+"			{ exp_continue }
 						}
+	    -re "\[^\r\n]*\[\n\r]+"             { send_user -- "$expect_out(buffer)"
+						  exp_continue
+						}
 	}
      }
      expect {
@@ -573,8 +579,12 @@
 	}
     } elseif { $do_script } {
 	# Disable output paging.
+	send "config global\r"
+	expect -re $prompt	{}
 	send "config system console\r"
+	expect -re $prompt	{}
 	send "set output standard\r"
+	expect -re $prompt	{}
 	send "end\r"
 	expect -re $prompt	{}
 	source $sfile

More information about the Rancid-discuss mailing list