[rancid] Strange Jerancid/Rancid behavior

Mack, David A (Dave) dmack at verizon.com
Tue Aug 23 17:31:54 UTC 2011


All,
	I agree with Konstantin. Would it be possible to pass a REGEX to diff so that it will ignore the offending password lines. Perhaps using the command line option below:

-I RE  --ignore-matching-lines=RE  Ignore changes whose lines all match RE.

Thanks!
Dave


-----Original Message-----
From: Yudayev, Konstantin 
Sent: Tuesday, August 23, 2011 9:16 AM
To: john heasley; Mack, David A (Dave)
Cc: rancid-discuss at shrubbery.net; Yudayev, Konstantin
Subject: RE: [rancid] Strange Jerancid/Rancid behavior

John,

Is there any way to make rancid ignore "fluctuating" password lines during diff rather than removing them from configs? Configs with removed passwords are not suitable for restore for example.

----
Konstantin Yudayev 

Verizon - IP Systems Operations & Support 
Office: (703) 886-6694
22001 Loudoun County Parkway, Ashburn, VA 20147
Email: kyudayev at verizon.com



-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley
Sent: Monday, August 22, 2011 18:32
To: Mack, David A (Dave)
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Strange Jerancid/Rancid behavior

Mon, Aug 22, 2011 at 12:34:01PM -0400, Mack, David A (Dave):
> All,
> 	Hello! I am in the process of bringing up a new Rancid server and have run into something with at least the jerancid script for Juniper ERXs. What I am seeing is related to password removal. I have filter passwords globally set to "no". However the ERXs have certain passwords that have their hashes calculated on the fly. So each time they are display the values shown will change. This means you get a new CVS every run. Jerancid has routines to handle two of these conditions for FTP and MPLS LDP passwords:
> 
> # ftp host encrypted password oscillates
>         if (/^(host \S+ \S+ ftp) /) {
>             if ($filter_pwds >= 1 || /^host \S+ \S+ ftp \d /) {
>                 ProcessHistory("","","","!$1 <removed>\n"); next;
>             }
>         }
>  # mpls ldp encrypted password oscillates
>         if (/^(mpls ldp neighbor \S+ password)/) {
>             if ($filter_pwds >= 1 || /^mpls ldp neighbor \S+ password \d /) {
>                 ProcessHistory("","","","!$1 <removed>\n"); next;
>             }
>         }
> 
> I am comparing the collected configuration files between my old Rancid install and my new one and here is what I am seeing:
> 
> Old Rancid:
> 
> !host "FTP1" 172.15.1.1 ftp <removed>
> !host "FTP2" 172.15.1.2 ftp <removed>
> 
> New Rancid:
> 
> ! <removed>
> ! <removed>

Does this fix it?

Index: jerancid.in
===================================================================
--- jerancid.in	(revision 2320)
+++ jerancid.in	(working copy)
@@ -444,14 +444,16 @@
 
 	# ftp host encrypted password oscillates
 	if (/^(host \S+ \S+ ftp) /) {
+	    my($prefix) = $1;
 	    if ($filter_pwds >= 1 || /^host \S+ \S+ ftp \d /) {
-		ProcessHistory("","","","!$1 <removed>\n"); next;
+		ProcessHistory("","","","!$prefix <removed>\n"); next;
 	    }
 	}
 	# mpls ldp encrypted password oscillates
 	if (/^(mpls ldp neighbor \S+ password)/) {
+	    my($prefix) = $1;
 	    if ($filter_pwds >= 1 || /^mpls ldp neighbor \S+ password \d /) {
-		ProcessHistory("","","","!$1 <removed>\n"); next;
+		ProcessHistory("","","","!$prefix <removed>\n"); next;
 	    }
 	}
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


More information about the Rancid-discuss mailing list