[rancid] rancid with Fortigate FG100A

Gavin McCullagh gmccullagh at gmail.com
Wed Jul 6 13:35:36 UTC 2011


Hi,

On Wed, 06 Jul 2011, Diego Ercolani wrote:

> I don't knoww deeply fortigate because if I can I prefer to use linux directly 
> so feel free to change the command or the command sequence to perform a 
> configuration dump.
> This is the power of opensource, every one can add a small piece of his 
> knowledge and bring the community a full (hopely errorproof) utility.

I couldn't agree more, but I'm hoping to work out what the community
in general thinks.  I don't think this question is particularly a Fortigate
one.  

  In general, is it better for Rancid to record and version the entire
  config of a device including defaults, or to just version the non-default
  config.

I can see arguments for both:

 - when you upgrade firmware, the defaults might change and rancid could
   presumably only note these if you version the entire config.

 - the config and patches can be quite complex if you version the entire
   config.

 - if the unit should fail, you get a new one and want to deploy the
   config from Rancid, I would usually prefer to just deploy our config
   changes and not override the defaults.  If rancid holds the full config,
   you can't really work out what are defaults and what are your settings.
   Perhaps others might prefer to actually set those defaults where
   necessary.

I imagine this issue arises with units other than the Fortigates.

> I have only one clustered installation of fortigate and what I noticed is that 
> from time to time, fortigate adds some line feed that make seem the 
> configuration has changed... this is very annoying but I can't do experiments 
> because it's a productin environment.

I've noticed the same actually, though generally it seems to be within the
"app-detect" lines which are all defaults (at least on our install).
Reducing this problem might be a happy side-effect of versioning the
reduced config.

Gavin




More information about the Rancid-discuss mailing list