[rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

Merijn Evertse merijn at trans-ix.nl
Tue May 30 13:25:48 UTC 2017 

Hi,

We have the same issue with Fortigate 5.0 releases. 
There was already a discussion on the Rancid list about this, but at this moment the suggestions from that discussion did not solve it for us.

Merijn Evertse

-----Oorspronkelijk bericht-----
Van: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Namens Chris Wopat
Verzonden: dinsdag 30 mei 2017 15:17
Aan: rancid-discuss at shrubbery.net
Onderwerp: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

Two notes with Fortigate (fnrancid)- one a feature request, the other an issue we're trying to pin down.

1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled.


2) issue with spacing / tabbing causing excessive diffs. This seemed to have begun happening in FortiOS 5.4 and was not happening on 5.2.
It happens in both 5.4 and 5.6 and across various devices (half dozen, 1000d, 600d, 100d.).

Random sections of the config line wrap or change their spacing and flip back and forth. It doesn't seem to be excessively wide lines, nor any specific section of the config.

This is a change detected between two consecutive runs with no changes made to a device:

  config system global
-     set admintimeout 35
+     set admintimeout
+  35


  config system global
-     set admintimeout
-  35
+     set admintimeout 35


.. and another:

  config system global
-     set disk-usage wanopt
+     set disk-usage
+  wanopt

  config system global
-     set disk-usage
-  wanopt
+     set disk-usage wanopt


.. and another:

- config
- system accprofile
+ config system accprofile
      edit "prof_admin"
          set mntgrp read-write


.. and so on

-     next
+ next
  end


- next
+     next
  end

Curious if others are seeing this as well. I've opened a case w/ Fortinet as I believe it's on their side, but have a hard time convincing them.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

More information about the Rancid-discuss mailing list