oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard
verified publisher icon ytti

FortiOS stopped doing a "show full-configuration"

Open captainfalcon23 opened this issue 1 year ago • 1 comments

Related: https://github.com/ytti/oxidized/issues/1699

As part of the above, a config change was made to stop doing a "show full-configuration" on FortiOS devices. That is a breaking change for us, since we are relying on some of the default values in a monkey patch to identify specific (dynamic) blocks and replace them. After this change, our monkey patch stopped working because those default lines no longer appear.

I don't think the specific line in the fortios.rb can be monkey patched itself :(

I have temporarily fixed this by copying the entire original fortios.rb to my own and reverting the change from 1699, but regardless, I think doing a show full-configuration makes SIGNIFICANT more sense. FortiOS change defaults all the time in upgrades, and doing a show-full has saved us many times/made it easy to quickly see whats changed between versions.

I propose:

  • the change be reverted, and show full-configuration return to the default
  • perhaps add an optional variable so the end user can decide what type of backup they want to do
  • review 1699 for a different resolution, since I doubt this was the actual root cause

If someone has any better ideas to monkey patch this, I am happy to do that, but I still do firmly believe a full config should be the default for backups.

captainfalcon23 avatar May 13 '24 06:05 captainfalcon23

Hi @captainfalcon23 ,

I'm sorry the change broke your setup :-( It is quite difficult to make changes to models, as we don't know how they are used in the field.

I don't like the option to reverse the change:

  • The actual behavior maps the configuration you get when making a configuration backup on Fortigate's web-UI
  • The show full-configuration produces a lot of garbage, which produced the timeout in #1699.

Monkey-Patching seems to be quite difficult because of how the model has been programmed (everything in post do...).

I like the Idea of an optional variable, but have no idea to implement it yet ;-) I'll have a look at it as soon as I find some time.

For now, your work-around (full copy of the model without money-patching) seams to be the best option.

robertcheramy avatar May 13 '24 07:05 robertcheramy