[rancid] Rollback functionality and potential pitfalls

Skye Hagen skyeh at uidaho.edu
Tue Feb 12 20:55:42 UTC 2013 

You may want to look into the Cisco IOS 'configure replace' command. This
will replace the running configuration with another configuration. It is NOT
a merge operation like 'copy ... Running-config'. It can work using tftp,
ftp, scp, etc.

Configure replace will work with whole configurations only. If you are
removing passwords in RANCID, you would need to replace them beforehand,
otherwise they will be missing when you replace the config.

Skye.


On 2/12/13 12:42 PM, "andrew.brennan+rancid at drexel.edu"
<andrew.brennan+rancid at drexel.edu> wrote:

> One complication would be cases where a command's default state was one that
> isn't normally displayed in the configs.  You could do the CVS diff between
> good/bad configs and then parse for +/- to remove/add any change that was
> shown.  Then, parse the "no shutdown" so that you weren't doing something like
> "no no shutdown" (remove 'no' when present, add 'no' for other diff'd lines).
> 
> That *might* address the non-displayed default config lines, but I'm not sure
> I've thought through this completely yet.  You'll still have issues where
> lines 
> are eliminated from the RANCID store (passwds, etc.).
> 
> The other option would be to create a copy of the old/good config file and
> copy 
> it directly to startup-config for the next reboot.  You still have an issue
> with lines eliminated by RANCID, though.
> 
> andrew.
> 
> On Tue, 12 Feb 2013, Ramon wrote:
> 
>> Hello all,
>> 
>> I am currently looking in to a way to implement rollback functionality using
>> rancid. What would it take to reverse bad changes and restore the config of
>> a cisco device back to a previous saved version?
>> 
>> I ask because just pushing the original config on top of the modified
>> version would not remove or flush out certain statements, possibly leaving
>> duplicates that would have to be removed manually.
>> 
>> My first idea was to create a negative file, by generating a "no statement"
>> for every line in the new config that does not match the old config. After
>> pushing the negative file and removing the changes I would push the old
>> config to restore any of the deleted statements.
>> 
>> Feedback on any foreseeable issues such as possible hierarchical problems
>> (interfaces, acls, bgp) would be very welcomed.
>> 
>> Thanks,
>> Ramon
>> 
>> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list