The other thing I’ve noticed is that other folks also had passwords seem to be continually changing and causing alerts. I have never noted this in my clusters……………………yet.

-- Yes I see this all the time, every time a backup is run. I need to be able to backup a full config on other devices, (cisco, juicer) so can't disable the grabbing of password data in rancid as this would stop it being backed up for all cisco and juniper hardware. Not sure of any way to achieve this at the moment.

Rich

This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to ***@newnet.co.uk<mailto:***@newnet.co.uk> and delete any copies. For information about how we process data and monitor communications please see our privacy statement<http://www.newnet.co.uk/Bottom-Bar/privacy-policy.php>.

no files move, that i recall.
perhaps you can compare your o/s revisions and configs with Richard Savage to
possibly find what causes the passwords oscillate.

Yes either a group or a hardware type would be good. Some way of
excluding the password from certain hosts would be great. :)

Rich

This e-mail is sent on behalf of NewNet Limited, a company registered in England and Wales, registered number 03128506, registered office Carnac Lodge, Cams Estate, FAREHAM, Hampshire PO16 8UJ and regulated by Ofcom. The information in this e-mail is confidential and is intended solely for the use of that individual or entity to which it is addressed. Unauthorised use, dissemination, distribution, publication or copying of this communication is strictly prohibited. If you receive this in error, please notify us by email to ***@newnet.co.uk<mailto:***@newnet.co.uk> and delete any copies. For information about how we process data and monitor communications please see our privacy statement<http://www.newnet.co.uk/Bottom-Bar/privacy-policy.php>.

there might be fuzz w/ pre-3.0a.

Index: bin/control_rancid.in
===================================================================
--- bin/control_rancid.in (revision 2713)
+++ bin/control_rancid.in (working copy)
@@ -45,11 +45,12 @@

# print a usage message to stderr
pr_usage() {
- echo "usage: $0 [-V] [-r device_name] [-m mail rcpt] group" >&2;
+ echo "usage: $0 [-V] [-f group_config_file] [-r device_name] [-m mail rcpt] group" >&2;
}

# command-line options
# -V print version string
+# -f <group config file name>
# -m <mail recipients>
# -r <device name>
alt_mailrcpt=0
@@ -61,6 +62,16 @@
echo "@PACKAGE@ @VERSION@"
exit 0
;;
+ -f)
+ shift
+ # next arg is the alternate config file name
+ ENVFILE="$1"
+ if [ -z $ENVFILE ]; then
+ pr_usage
+ exit 1
+ fi
+ shift
+ ;;
-m)
shift
# next arg is the mail recipient
@@ -105,6 +116,12 @@
fi
DIR=$BASEDIR/$GROUP
TMP=${TMPDIR:=/tmp}/rancid.$GROUP.$$
+if [ -z "$ENVFILE" ] ; then
+ ENVFILE="$DIR/rancid.conf"
+fi
+if [ -e "$ENVFILE" ] ; then
+ . $ENVFILE
+fi
trap 'rm -fr $TMP;' 1 2 15

# disable noclobber
@@ -167,6 +184,14 @@
fi
fi

+# check if there is a rancid.conf and if it needs to be added to the RCS
+if [ -e rancid.conf ] ; then
+ LN=`$RCSSYS ls rancid.conf | wc -l`
+ if [ $LN -eq 0 ] ; then
+ $RCSSYS add rancid.conf
+ fi
+fi
+
# do cvs update of router.db in case anyone has fiddled.
$RCSSYS update router.db > $TMP 2>&1
grep "^C" $TMP > /dev/null
Index: CHANGES
===================================================================
--- CHANGES (revision 2713)
+++ CHANGES (working copy)
@@ -1,4 +1,7 @@
3.0a3
+ control_rancid: add group-specific rancid.conf file & supporting -f
+ option
+
nxrancid: filter snmp communities, tacacs keys and neighbor pwds - Alan
McKinnon

Index: man/control_rancid.1
===================================================================
--- man/control_rancid.1 (revision 2713)
+++ man/control_rancid.1 (working copy)
@@ -1,11 +1,14 @@
.\"
.hys 50
-.TH "control_rancid" "1" "5 October 2006"
+.TH "control_rancid" "1" "15 July 2013"
.SH NAME
control_rancid \- run rancid for devices of a group
.SH SYNOPSIS
.B control_rancid
[\fB\-V\fR] [\c
+.BI \-f\ \c
+group_config_file]\ \c
+[\c
.BI \-m\ \c
mail_rcpt]\ \c
[\c
@@ -28,6 +31,18 @@
.B \-V
Prints package name and version strings.
.TP
+.B \-f group_config_file
+Specify a rancid.conf specific to the given group. The global rancid.conf
+file is read by rancid-run, which calls
+.B control_rancid
+for each group, and
+.B control_rancid
+reads the group-specific rancid.conf, thereby overriding the global file.
+.sp
+The group-specific rancid.conf may not exist.
+.sp
+Default: <BASEDIR>/<group>/rancid.conf
+.TP
.B \-m mail_rcpt
Specify the recipient of diff mail, which is normally rancid-<group>. The
argument may be a single address, multiple comma separated addresses, or

see patch below
seems like a rather odd configuration for the primary and standy by answer
on the same management address when they're both active??

Index: bin/fnrancid.in
===================================================================
--- bin/fnrancid.in (revision 2279)
+++ bin/fnrancid.in (revision 2280)
@@ -175,7 +175,7 @@
next if /^\s*$/;
last if (/$prompt/);

- next if (/^System Time:/);
+ next if (/^system time:/i);
next if (/^\s*Virus-DB: .*/);
next if (/^\s*Extended DB: .*/);
next if (/^\s*IPS-DB: .*/);
@@ -207,7 +207,7 @@
# System time is fortigate extraction time
next if (/^\s*!System time:/);
# remove occurrances of conf_file_ver
- next if (/^conf_file_ver=/);
+ next if (/^#?conf_file_ver=/);
# filter variabilities between configurations. password encryption
# upon each display of the configuration.
if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) {