[rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

Alexander Griesser AGriesser at anexia-it.com
Tue May 30 13:25:29 UTC 2017


Hi,

me too (tm).
On all of my fortigates - also happens on Quaggas, fwiw.
The linebreaks are hard to ignore for diff, but this one:

-     next
+ next
  end

can be fixed by adding "ignore-whitespace" as a diff option which would make sense in all situations I guess; not sure if there's any router/switch/firewall which really cares about whitespace syntax-wise.

Best,

Alexander Griesser
Head of Systems Operations

ANEXIA Internetdienstleistungs GmbH

E-Mail: AGriesser at anexia-it.com 
Web: http://www.anexia-it.com 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601


-----Ursprüngliche Nachricht-----
Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Chris Wopat
Gesendet: Dienstag, 30. Mai 2017 15:17
An: rancid-discuss at shrubbery.net
Betreff: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

Two notes with Fortigate (fnrancid)- one a feature request, the other an issue we're trying to pin down.

1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled.


2) issue with spacing / tabbing causing excessive diffs. This seemed to have begun happening in FortiOS 5.4 and was not happening on 5.2.
It happens in both 5.4 and 5.6 and across various devices (half dozen, 1000d, 600d, 100d.).

Random sections of the config line wrap or change their spacing and flip back and forth. It doesn't seem to be excessively wide lines, nor any specific section of the config.

This is a change detected between two consecutive runs with no changes made to a device:

  config system global
-     set admintimeout 35
+     set admintimeout
+  35


  config system global
-     set admintimeout
-  35
+     set admintimeout 35


.. and another:

  config system global
-     set disk-usage wanopt
+     set disk-usage
+  wanopt

  config system global
-     set disk-usage
-  wanopt
+     set disk-usage wanopt


.. and another:

- config
- system accprofile
+ config system accprofile
      edit "prof_admin"
          set mntgrp read-write


.. and so on

-     next
+ next
  end


- next
+     next
  end

Curious if others are seeing this as well. I've opened a case w/ Fortinet as I believe it's on their side, but have a hard time convincing them.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss



More information about the Rancid-discuss mailing list