[rancid] Reasoning behind not running a "show vlan" if specific VTP options are set?
Piegorsch, Weylin William
weylin at bu.edu
Wed Jan 25 13:53:17 UTC 2017
Is there a mechanism to blank-out a site-specific file’s size and timestamp, built-in to the config files to obviate needing to locally modify the codebase? Perhaps by defining a regex in router.db, or in .cloginrc, or in rancid.types.conf, or some other config file? I’m not sure if this capability exists already, I’m hearing several people request this capability (I have to believe there’s a sizeable number of others, too).
I had the same exact problem in an earlier version of rancid, when I turned on IP Source Guard and IP Device Tracking, the IPSG and IPDT binding databases would change daily and I had to blank-out the same info from a specific file on “flash0:”.
Weylin
From: Daniel Kerse <daniel.kerse at gmail.com>
Date: Tuesday, January 24, 2017 at 17:58
To: Weylin Piegorsch <weylin at bu.edu>, Lee <ler762 at gmail.com>, "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set?
Can someone please look at iosxr.pm<http://iosxr.pm> and see if a similar change is also required?
We get a lot of unwanted diffs there for growing files.
Here:
!Flash: harddiska: 3093 -rw- 32 Thu Jul 28 15:47:35 2016 env_hist
!Flash: harddiska: 3094 -rw- 2996 Tue Oct 11 23:18:49 2016 env_cont
!Flash: harddiska: 3095 -rw- 32 Thu Jul 28 15:47:43 2016 genstr_hist
-!Flash: harddiska: 3096 -rw- 977158 Mon Jan 23 16:01:55 2017 genstr_cont
+!Flash: harddiska: 3096 -rw- 980538 Mon Jan 23 16:56:16 2017 genstr_cont
!Flash: harddiska: 3097 -rw- 32 Thu Jul 28 15:47:39 2016 errmsg_hist
!Flash: harddiska: 3098 -rw- 15531 Wed Oct 12 01:12:37 2016 errmsg_cont
!Flash: harddiska: 3099 -rw- temp_static_data
Here:
!Flash: harddiska: 3176 -rw- 1892 Thu Oct 20 03:50:48 2016 temp_hist
!Flash: harddiska: 3177 -rw- temp_cont
!Flash: harddiska: 3178 -rw- 1124 Wed Sep 30 00:54:09 2015 volt_static_data
-!Flash: harddiska: 3179 -rw- 7800 Mon Nov 14 03:39:04 2016 volt_hist
+!Flash: harddiska: 3179 -rw- 8260 Tue Jan 24 02:48:19 2017 volt_hist
!Flash: harddiska: 3180 -rw- volt_cont
!Flash: harddiska: 3181 -rw- 514 Sun Jan 15 22:25:01 2017 errmsg_hist
!Flash: harddiska: 3182 -rw- 75802 Tue Jan 24 00:18:13 2017 errmsg_cont
And here:
!Flash: harddiska: 3179 -rw- 7800 Mon Nov 14 03:39:04 2016 volt_hist
!Flash: harddiska: 3180 -rw- volt_cont
!Flash: harddiska: 3181 -rw- 514 Sun Jan 15 22:25:01 2017 errmsg_hist
-!Flash: harddiska: 3182 -rw- 71876 Mon Jan 23 15:43:30 2017 errmsg_cont
+!Flash: harddiska: 3182 -rw- 73084 Mon Jan 23 16:59:46 2017 errmsg_cont
!Flash: harddiska: 3183 -rw- 24 Tue Jun 4 08:13:53 2013 diag_hist
!Flash: harddiska: 3184 -rw- 24 Tue Jun 4 08:13:55 2013 diag_cont
In iosxr.pm<http://iosxr.pm> sub DirSlotN I see:
# filter frequently changing files from IOX bootflash, hardiska,
# and nvram
if ($dev =~ /(bootflash|harddisk|nvram)/) {
if (/(ce_switch.log|temp_cont|temp_static_data|uptime_cont|volt_cont)\s*$/) {
# change
# 57 -rw- 23100 <no date> volt_cont
# 614788 drwx 4096 Fri Aug 20 12:06:25 2010 temp_cont
# to
# 57 -rw- <no date> volt_cont
# 614788 drwx temp_cont
So perhaps that second if statement needs to catch a few other filenames please. We are running rancid-3.2-2 from here: http://pkgs.fedoraproject.org/cgit/rpms/rancid.git/?h=epel7
Thanks,
Dan
On Tue, Jan 24, 2017 at 10:07 AM Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
Thanks Lee. I haven’t looked yet, and probably won’t until February at the earliest. I can copy/paste that code, replacing “log” for “debug” on the pasted portion. I’ll try it out and see how it works. If that works, is that something that can be forward ported into new versions of code? I’m a network engineer, my group doesn’t have software development as a core competency, but I’m willing to do this if there’s “vendor” support (to use the generic term my boss uses) in future versions.
weylin
On 1/22/17, 18:09, "Lee" <ler762 at gmail.com<mailto:ler762 at gmail.com>> wrote:
On 1/21/17, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
> Thanks Lee. Is ios.pm<http://ios.pm> called for NX-OS devices (“cisco-nx”)? I tried
> looking through nxos.pm<http://nxos.pm> but didn’t see anything equivalent. I’m using
> v3.4.1 if it makes a difference.
It looks like 3.4.1 already has code to blank out the file size &
timestamp. Starting at line 509 of rancid-3.4.1/lib/rancid/nxos.pm<http://nxos.pm>
# This routine parses "dir /all ((disk|slot)N|bootflash|nvram):"
sub DirSlotN {
down a bit further it's got:
next if (/BufferMonitor-1HourData/);
if (/ log\/$/) {
# change
# 8192 Jan 08 14:05:05 2015 log/
# to
# log/
if (/(\s*\d+\s+)(\S+ \d+\s+\d+:\d+:\d+ \d+)(.*)/) {
my($a, $dt, $rem) = ($1, $2, $3);
my($dtl) = length($dt);
my($fmt) = "%s%-". $dtl ."s%s\n";
$_ = sprintf($fmt, $a, "", $rem);
}
}
Regards,
Lee
> weylin
>
> On 1/21/17, 13:33, "Lee" <ler762 at gmail.com<mailto:ler762 at gmail.com>> wrote:
>
> On 1/20/17, Piegorsch, Weylin William <weylin at bu.edu<mailto:weylin at bu.edu>> wrote:
> >> What we see on most of our Nexus infrastructure is every night:
> >> ...
> >> Which is quite annoying...
> >
> > If there’s a mechanism for removing these “debug” updates for NX-OS,
> that
> > would be *awesome.* I opened a TAC case about this, it’s not
> something I
> > have any kind level of control over, whatsoever.
>
> Take a look at rancid/lib/rancid/ios.pm<http://ios.pm> - it has code to blank the
> file size & timestamp so that updates to the file(s) don't cause
> rancid to think the config has changed. Look for
> # filter frequently changing files (dhcp & vlan database)
> # change from:
> # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat
> # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat
> # to:
> # -rw- vlan.dat
> # -rw- vlan.dat
> and adapt as needed
>
> Regards,
> Lee
>
> >
> > weylin
> >
> > On 1/19/17, 15:55, "Mischa Diehm" <mischa.diehm at unibas.ch<mailto:mischa.diehm at unibas.ch>> wrote:
> >
> > Hi,
> >
> >
> > On 13.01.17, 19:37, "heasley" <heas at shrubbery.net<mailto:heas at shrubbery.net>> wrote:
> >
> >
> > >It causes nevery-ending changes in the config as ports become
> > >active/inactive,
> > >eg: someone disconnects or powers-off equipment. and in the case
> of
> > VTP,
> > >it
> > >potentially is network wide. if you wanted to monitor such
> things,
> > its
> > >probably best done in a NMS, where you'd catch all such changes.
> > >
> > >rancid 3.5 added for some modules:
> > >
> > ># FILTER_OSC determines if oscillating data such as keys,
> passwords,
> > etc
> > >are
> > ># filtered from configs by the value set (NO | YES). FILTER_PWDS
> may
> > >override
> > ># this. see rancid.conf(5).
> > >#FILTER_OSC=YES; export FILTER_OSC
> > >
> > >such a thing could be dependent upon this configuration, but
> again I
> > do
> > >not
> > >see the point.
> >
> > Thanks for the clarification. This really kind of depends on
> where
> > rancid
> > is run. In a campus/client env. I see your point but we also have
> more
> > static parts where this is usesful information. There it actually
> is
> > also
> > useful to see what ports actually have changed. But you are right
> maybe
> > no
> > worth it overall.
> > But thanks for pointing out the OSC part. What we see on most of
> our
> > Nexus
> > infrastructure is every night:
> >
> > - !Flash: debug: 124053 Jan 18 05:38:00 2017
> bootvar_debug.log
> > - !Flash: debug: 6 Jan 18 05:38:00 2017
> > bootvar_debug.meta
> > + !Flash: debug: 124872 Jan 19 05:38:05 2017
> bootvar_debug.log
> > + !Flash: debug: 6 Jan 19 05:38:05 2017
> > bootvar_debug.meta
> >
> >
> > And this:
> > - !Flash: logflash: 87092 Jan 17 05:43:42 2017
> accounting_log
> > + !Flash: logflash: 136367 Jan 18 05:43:35 2017
> accounting_log
> >
> >
> >
> > Which is quite annoying...
> >
> > >if you're not using VTP and its not including the vlan stuff, i
> do want
> > to
> > >fix that.
> >
> > Well then you have to fix it for this as said:
> > XXX-cc# show vtp status
> > Service not enabled
> >
> >
> > Cheers,
> > Mischa
> >
> > >
> > >> Yes. Which is yet another reason why it's so nice having the
> source
> > -
> > >> it's easy to make trivial changes like that. Or adding
> commands
> > like
> > >> 'show vlan all-ports'
> > >>
> > >> Regards,
> > >> Lee
> > >>
> > >> _______________________________________________
> > >> Rancid-discuss mailing list
> > >> Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> >
> >
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
>
>
>
>
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170125/f5a92947/attachment.html>
More information about the Rancid-discuss
mailing list