Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RANCID>
  3. Users
change rancid.conf config setting once a week
me at falz
Dec 3, 2021, 6:13 AM
Post #1 of 4 (362 views)
Permalink
Hi folks,

We run rancid hourly. Some devices (fortigate) have what i consider a
bug where every time you display the config, it encrypts the passwords
differently. We have this filtered with `FILTER_OSC=ALL; export
FILTER_OSC` in rancid.conf. Without this, there would be a diff every
time it runs.

On a less frequent schedule, we would like to capture these passwords,
perhaps weekly. I'm thinking we could set up a 2nd cronjob for this
but with `FILTER_OSC=NO`.

Is there any way to pass these config settings to this separate cron
entry without modifying rancid.conf? The config file looks to be
setting environment variables but I'm unsure if a local environment
variable would override rancid.conf's settings.

Cheers,
--Chris

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: change rancid.conf config setting once a week [ In reply to ]
heas at shrubbery
Dec 3, 2021, 7:49 AM
Post #2 of 4 (362 views)
Permalink
Fri, Dec 03, 2021 at 08:13:22AM -0600, Chris Wopat:
> Is there any way to pass these config settings to this separate cron
> entry without modifying rancid.conf? The config file looks to be
> setting environment variables but I'm unsure if a local environment
> variable would override rancid.conf's settings.

if a separate group is used, a group-specific rancid.conf can be used
to over-ride the global config. /pathto/<groupname>/rancid.conf,
next to the group's router.db.

it could be done in the environment that exececute rancid-run, but
other changes would be needed to facilitate that..

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: change rancid.conf config setting once a week [ In reply to ]
me at falz
Dec 3, 2021, 8:02 AM
Post #3 of 4 (362 views)
Permalink
On Fri, Dec 3, 2021 at 9:49 AM heasley <heas@shrubbery.net> wrote:
>
> if a separate group is used, a group-specific rancid.conf can be used
> to over-ride the global config. /pathto/<groupname>/rancid.conf,
> next to the group's router.db.
>
> it could be done in the environment that exececute rancid-run, but
> other changes would be needed to facilitate that..

We have everything one group now, so in theory i could setup a 2nd
group and i suppose have two copies of the config, each running at
their own separate intervals?

Main downside to this is being confused as to which config to look at.
Any further elaboration on 'other changes' with the environment
variable method, or is that a deep rabbit hole?

--Chris

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: change rancid.conf config setting once a week [ In reply to ]
heas at shrubbery
Dec 3, 2021, 11:26 AM
Post #4 of 4 (359 views)
Permalink
Fri, Dec 03, 2021 at 10:02:56AM -0600, Chris Wopat:
> On Fri, Dec 3, 2021 at 9:49 AM heasley <heas@shrubbery.net> wrote:
> >
> > if a separate group is used, a group-specific rancid.conf can be used
> > to over-ride the global config. /pathto/<groupname>/rancid.conf,
> > next to the group's router.db.
> >
> > it could be done in the environment that exececute rancid-run, but
> > other changes would be needed to facilitate that..
>
> We have everything one group now, so in theory i could setup a 2nd
> group and i suppose have two copies of the config, each running at
> their own separate intervals?
>
> Main downside to this is being confused as to which config to look at.

I would just send the diffmail for the secondary group to /dev/null.
you only care that the data is retained. since it changes upon each
run, it does not indicate if the underlying information is changing.

> Any further elaboration on 'other changes' with the environment
> variable method, or is that a deep rabbit hole?

the lines in rancid.conf(s)s would need to check for an existing value; eg

- foo=value;export foo
+ foo=${foo:-value};export foo

else rancid.conf would over-ride. I think that would be sufficient.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal