[rancid] ignoring toggling/changing output lines

heasley heas at shrubbery.net
Tue Aug 7 23:18:18 UTC 2012 

Tue, Aug 07, 2012 at 09:57:18AM -0700, heasley:
> Tue, Aug 07, 2012 at 11:27:56AM +0200, Roman Hochuli:
> > Dear All
> > 
> > As much as I love RANCID I am fighting with two anoyances which I, at
> > the moment, have no ideas how to fix them.
> > 
> > 
> > The first one I do not seem to be the only one beeing hit by: changing
> > type 7 passwords within l2tp-class-sections on Cisco routers. As from
> > what the archives say this is probably even expected behaviour according
> > to TAC. Changesets look something like this:
> > --snip
> >   l2tp-class NAME
> >    hidden
> >    authentication
> > -  password 7 abcabcabcabcabcabc
> > +  password 7 xyzxyzxyzxyzxyzxyz
> >   !
> > --snap
> > 
> > To be honest: I would be glad with a solution that simply ingores the
> > password, but only the l2tp-class one. I would like to keep the other
> > passwords in the config. Any ideas?
> 
> that must be an ios bug.  you should contact TAC and insist that they open
> a ticket.
> 
> the only way to filter it would be to filter all passwords, or write a
> filter that kept state to know when it enters/leaves a l2t-class def.

I came across these; tell us if it works:
http://www.shrubbery.net/pipermail/rancid-discuss/2010-July/005023.html

Thu, Jul 08, 2010 at 08:34:46AM +0200, Martin Moens:
> Hi John,
>  
> I have tested several sw and hw combinations, a few of them:
> 3925: c3900-universalk9-mz.SPA.150-1 and c3900-universalk9-mz.SPA.150-1.M2
> 2811: c2800nm-advipservicesk9-mz.124-24.T
> 7206: c7200-advipservicesk9-mz.122-33.SRD1
> 7606: c7600rsp72043-advipservicesk9-mz.122-33.SRD4
> As you can see the problem is not specific to a certain hardware or software  
> version, I suppuse I can assume all versions have this problem....

Hack for rancid 2.3.4
> >
> >Index: rancid.in
> >===================================================================
> >--- rancid.in        (revision 2211)
> >+++ rancid.in        (working copy)
> >@@ -1523,6 +1523,7 @@
> > sub WriteTerm {
> >     print STDERR "    In WriteTerm: $_" if ($debug);
> >     my($lineauto,$comment,$linecnt) = (0,0,0);
> >+    my($subconfig) = "";
> >
> >     while (<INPUT>) {
> >     tr/\015//d;
> >@@ -1539,6 +1540,9 @@
> >         my($len) = length($1);
> >         s/^$1\s{$len}//;
> >     }
> >+    if (/^\S/) {
> >+        $subconfig = "";
> >+    }
> >     /^! no configuration change since last restart/i && next;
> >     # skip emtpy lines at the beginning 
> >     if (!$linecnt && /^\s*$/) {
> >@@ -1579,6 +1583,21 @@
> >     }
> >     $comment = 0;
> >
> >+    # l2tp-class
> >+    if (/^l2tp-class /) { $subconfig = "l2tp-class"; }
> >+    if ($subconfig == "l2tp-class" && /password ((\d) \S+|\S+)/) {
> >+        if ($filter_pwds >= 2) {
> >+            ProcessHistory("L2TP","keysort","$subconfig",
> >+                           "! password <removed>\n");
> >+        } elsif ($filter_pwds >= 1 && $4 ne "5"){
> >+            ProcessHistory("L2TP","keysort","$subconfig",
> >+                           "! password <removed>\n");
> >+        } else {
> >+            ProcessHistory("L2TP","keysort","$subconfig","$_");
> >+        }
> >+        next;
> >+    }
> >+ 
> >     # Dog gone Cool matches to process the rest of the config

> > The second issue involves Brocades (former Foundry Networks) Metro Ring
> > Protocol. You have to specify two interfaces which are defining the east
> > and west side of the ring as from this boxes perspective. Sure, they
> > might change if a break in the ring happens. But I am seeing toggling
> > between these interfaces way more than we have ring-breaks...
> > 
> > A typical output of such a changeset would look like this:
> > --snip
> >    metro-ring ID
> > -   ring-interfaces  ethernet 1  ethernet 7
> > +   ring-interfaces  ethernet 7  ethernet 1
> > --snap
> > 
> > Any ideas how to filter this toggling, but still keep the informations
> > about the ring-interfaces in the output?
> 
> same answer; the state should never be reflected in the configuration.  of
> course, i do not know if foundry has ever fixed a UI bug, so they're
> unlikely to fix it.  so, you will need a filter or some sorting; if ring
> interfaces can be configured one per-line, like
>    ring-interfaces  ethernet 7
>    ring-interfaces  ethernet 1
> then i would split those lines like this and use ProcessHistory to sort on
> the interface.
> 
> > -- 
> > Best regards,
> > Roman Hochuli
> > Operations Manager
> > 
> > nexellent ag
> > Saegereistrasse 33
> > CH-8152 Glattbrugg
> > 
> > Phone:       +41 44 872 20 00
> > Fax:         +41 44 872 20 01
> > URL:         www.nexellent.ch
> > X-NCC-RegID: ch.nexellent
> > 
> > Imagination is the one weapon in the war
> > against reality.
> >                     -- Jules de Gaultier
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list