[rancid] Throttling per-host (odd situation)

Howard Jones howie at thingy.com
Tue Jun 20 22:06:56 UTC 2017

I have a homegrown script for grabbing individual configs from a 
multi-tenant firewall. It works in conjunction with a small hack to 
bin/rancid and bin/control_rancid, so that I can have a "host" called 
firewall1[TENANT1], and it knows to take the part in [] off, and use the 
remains as a hostname, and also not smash the case of the filename.

The upshot of this though, is that I have many connections to the same 
device as part of a rancid run. The device has a limit on the number of 
incoming ssh sessions, and even if it didn't I don't really want to DOS 
it with rancid. I know I can change PAR_COUNT so that it's less than the 
number of allowed connections, but then a complete run takes over an 
hour (there are plenty of other devices here) instead of the 
already-quite-long 30ish minutes with a PAR_COUNT of 10.

So - is there any convenient way to have rancid throttle connections for 
particular devices, groups, or hostnames matching a pattern? Or is it 
just a case of turn the timeouts up, and the retries up and let it grind 
through? (each attempt will get connection refused until a slot is open 
- so I suppose I'd need num_tenants/max_sessions retries, at least, 
which itself would be dynamic.

I realise this is not at all a standard situation, but maybe someone 
else has similar? Or, e.g. something with access via a serial console 
server that has similar limitations?

Without re-engineering the guts of rancid too much, I'm thinking about 
something like a pool of lockfiles that clogin (or rancid before it 
starts clogin) waits on...

Thanks in advance for any pointers...


More information about the Rancid-discuss mailing list