[rancid] Couple of Questions. upgrading and Fortinet issue.

Tue Jul 23 22:14:14 UTC 2013

Mon, Jul 15, 2013 at 09:29:45PM +0000, Richard Savage:
> 
> 
> On 15/07/2013 22:27, "heasley" <heas at shrubbery.net> wrote:
> 
> >Mon, Jul 15, 2013 at 09:06:13PM +0000, Richard Savage:
> >> The other thing I?ve noticed is that other folks also had passwords
> >>seem to be continually changing and causing alerts.  I have never noted
> >>this in my clusters????????yet.
> >>
> >> -- Yes I see this all the time, every time a backup is run. I need to
> >>be able to backup a full config on other devices, (cisco, juicer) so
> >>can't disable the grabbing of password data in rancid as this would stop
> >>it being backed up for all cisco and juniper hardware.  Not sure of any
> >>way to achieve this at the moment.
> >
> >what if a <group>/rancid.conf were supported that could over-ride
> >configuration
> >of the global rancid.conf?
> 
> Yes either a group or a hardware type would be good.  Some way of
> excluding the password from certain hosts would be great. :)
> 
> Rich

there might be fuzz w/ pre-3.0a.

Index: bin/control_rancid.in
===================================================================

--- bin/control_rancid.in	(revision 2713)
+++ bin/control_rancid.in	(working copy)
@@ -45,11 +45,12 @@
 
 # print a usage message to stderr
 pr_usage() {
-    echo "usage: $0 [-V] [-r device_name] [-m mail rcpt] group" >&2;
+    echo "usage: $0 [-V] [-f group_config_file] [-r device_name] [-m mail rcpt] group" >&2;
 }
 
 # command-line options
 # -V print version string
+# -f <group config file name>
 # -m <mail recipients>
 # -r <device name>
 alt_mailrcpt=0
@@ -61,6 +62,16 @@
 	    echo "@PACKAGE@ @VERSION@"
 	    exit 0
 	    ;;
+	-f)
+	    shift
+	    # next arg is the alternate config file name
+	    ENVFILE="$1"
+	    if [ -z $ENVFILE ]; then
+		pr_usage
+		exit 1
+	    fi
+	    shift
+	    ;;
 	-m)
 	    shift
 	    # next arg is the mail recipient
@@ -105,6 +116,12 @@
 fi
 DIR=$BASEDIR/$GROUP
 TMP=${TMPDIR:=/tmp}/rancid.$GROUP.$$
+if [ -z "$ENVFILE" ] ; then
+    ENVFILE="$DIR/rancid.conf"
+fi
+if [ -e "$ENVFILE" ] ; then
+    . $ENVFILE
+fi
 trap 'rm -fr $TMP;' 1 2 15
 
 # disable noclobber
@@ -167,6 +184,14 @@
     fi
 fi
 
+# check if there is a rancid.conf and if it needs to be added to the RCS
+if [ -e rancid.conf ] ; then
+    LN=`$RCSSYS ls rancid.conf | wc -l`
+    if [ $LN -eq 0 ] ; then
+	$RCSSYS add rancid.conf
+    fi
+fi
+
 # do cvs update of router.db in case anyone has fiddled.
 $RCSSYS update router.db > $TMP 2>&1
 grep "^C" $TMP > /dev/null
Index: CHANGES
===================================================================
--- CHANGES	(revision 2713)
+++ CHANGES	(working copy)
@@ -1,4 +1,7 @@
 3.0a3
+	control_rancid: add group-specific rancid.conf file & supporting -f
+	option
+
 	nxrancid: filter snmp communities, tacacs keys and neighbor pwds - Alan
 	McKinnon
 
Index: man/control_rancid.1
===================================================================
--- man/control_rancid.1	(revision 2713)
+++ man/control_rancid.1	(working copy)
@@ -1,11 +1,14 @@
 .\"
 .hys 50
-.TH "control_rancid" "1" "5 October 2006"
+.TH "control_rancid" "1" "15 July 2013"
 .SH NAME
 control_rancid \- run rancid for devices of a group
 .SH SYNOPSIS
 .B control_rancid
 [\fB\-V\fR] [\c
+.BI \-f\ \c
+group_config_file]\ \c
+[\c
 .BI \-m\ \c
 mail_rcpt]\ \c
 [\c
@@ -28,6 +31,18 @@
 .B \-V
 Prints package name and version strings.
 .TP
+.B \-f group_config_file
+Specify a rancid.conf specific to the given group.  The global rancid.conf
+file is read by rancid-run, which calls
+.B control_rancid
+for each group, and 
+.B control_rancid
+reads the group-specific rancid.conf, thereby overriding the global file.
+.sp
+The group-specific rancid.conf may not exist.
+.sp
+Default: <BASEDIR>/<group>/rancid.conf
+.TP
 .B \-m mail_rcpt
 Specify the recipient of diff mail, which is normally rancid-<group>.  The
 argument may be a single address, multiple comma separated addresses, or

