[rancid] rancid with Fortigate FG100A

john heasley heas at shrubbery.net
Wed Jul 6 22:06:24 UTC 2011


Wed, Jul 06, 2011 at 02:35:36PM +0100, Gavin McCullagh:
> On Wed, 06 Jul 2011, Diego Ercolani wrote:
> > This is the power of opensource, every one can add a small piece of his 
> > knowledge and bring the community a full (hopely errorproof) utility.

thats funny.

>   In general, is it better for Rancid to record and version the entire
>   config of a device including defaults, or to just version the non-default
>   config.
> 
> I can see arguments for both:
> 
>  - when you upgrade firmware, the defaults might change and rancid could
>    presumably only note these if you version the entire config.

thats the impetus for the command that is used.  hopefully the route of
least surprise if you must recover a device's config.

>  - if the unit should fail, you get a new one and want to deploy the
>    config from Rancid, I would usually prefer to just deploy our config
>    changes and not override the defaults.  If rancid holds the full config,
>    you can't really work out what are defaults and what are your settings.
>    Perhaps others might prefer to actually set those defaults where
>    necessary.

if thats a concern, perhaps you need a full and non-full version [in separate
groups].

> I imagine this issue arises with units other than the Fortigates.

CatOS.

> > I have only one clustered installation of fortigate and what I noticed is that 
> > from time to time, fortigate adds some line feed that make seem the 
> > configuration has changed... this is very annoying but I can't do experiments 
> > because it's a productin environment.

perhaps that is a defect in fnrancid's login script?


More information about the Rancid-discuss mailing list