[rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

heasley heas at shrubbery.net
Tue Jun 6 06:43:39 UTC 2017


Tue, May 30, 2017 at 01:25:29PM +0000, Alexander Griesser:
> Hi,
> 
> me too (tm).
> On all of my fortigates - also happens on Quaggas, fwiw.
> The linebreaks are hard to ignore for diff, but this one:
> 
> -     next
> + next
>   end

Is the command to disable the pager perhaps not working?

> can be fixed by adding "ignore-whitespace" as a diff option which would make sense in all situations I guess; not sure if there's any router/switch/firewall which really cares about whitespace syntax-wise.

True, but this would filter spaces that are legitimate. :)

> -----Ursprüngliche Nachricht-----
> Von: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] Im Auftrag von Chris Wopat
> Gesendet: Dienstag, 30. Mai 2017 15:17
> An: rancid-discuss at shrubbery.net
> Betreff: [rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+
> 
> Two notes with Fortigate (fnrancid)- one a feature request, the other an issue we're trying to pin down.
> 
> 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled.

I do not know the platform; you folks tell me.  or, covert it to a module and
have more than one spec.

> 
> 2) issue with spacing / tabbing causing excessive diffs. This seemed to have begun happening in FortiOS 5.4 and was not happening on 5.2.
> It happens in both 5.4 and 5.6 and across various devices (half dozen, 1000d, 600d, 100d.).
> 
> Random sections of the config line wrap or change their spacing and flip back and forth. It doesn't seem to be excessively wide lines, nor any specific section of the config.
> 
> This is a change detected between two consecutive runs with no changes made to a device:
> 
>   config system global
> -     set admintimeout 35
> +     set admintimeout
> +  35
> 
> 
>   config system global
> -     set admintimeout
> -  35
> +     set admintimeout 35
> 
> 
> .. and another:
> 
>   config system global
> -     set disk-usage wanopt
> +     set disk-usage
> +  wanopt
> 
>   config system global
> -     set disk-usage
> -  wanopt
> +     set disk-usage wanopt
> 
> 
> .. and another:
> 
> - config
> - system accprofile
> + config system accprofile
>       edit "prof_admin"
>           set mntgrp read-write
> 
> 
> .. and so on
> 
> -     next
> + next
>   end
> 
> 
> - next
> +     next
>   end
> 
> Curious if others are seeing this as well. I've opened a case w/ Fortinet as I believe it's on their side, but have a hard time convincing them.
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss



More information about the Rancid-discuss mailing list