SOLVED v6.6 /export showing spurious changes (RANCID 2.3.8)

framer99 · December 6, 2013, 3:07pm

EDIT: Ignore issue #2 about /tool e-mail listed here, I found the cause of it, described in the next post below this one.

I just got RANCID 2.3.8 working which has built in Mikrotik support. It’s working well with the exception of some spurious changes that show up in the configuration from time to time. I haven’t dug in too deep but I believe the output in question comes from the /export command. There are 2 differences that pop up on some runs of /export:

The /port section , which we never touch is sometimes present and sometimes not.
A scheduled script runs to send a backup file via email. tool-email config shows last use status… or not

Here’s an example of #1:

Index: configs/myrouter
===================================================================
retrieving revision 1.10
diff -U 4 -r1.10 myrouter
@@ -50,8 +50,11 @@
  /ip hotspot user profile
  set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
  /ip pool
  add name=vpn-pool ranges=10.1.1.240-10.1.1.248
+ /port
+ set 0 name=serial0
+ set 1 name=serial1
  /ppp profile
  add bridge=vpn-bridge change-tcp-mss=yes local-address=vpn-pool name=ovpn remote-address=vpn-pool
  /routing ospf area
  add area-id=0.0.0.1 name=area1

Sometimes those three /port lines will be missing, resulting in an email and diff file (showing -'s instead of +'s of course), then some time later they reappear and I get another email showing they were added back. Rancid runs every hour to check and diff the config of the router.

Here’s an example of the diff for #2

Index: configs/myrouter
===================================================================
retrieving revision 1.11
diff -U 4 -r1.11 myrouter
@@ -435,9 +435,9 @@
  /system script
  add name=backupscript policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="/system backup save name=myrouter"
  add name=mailscript policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="/tool e-mail send file=myrouter.backup to=mtbu@example.com subject=[/system identity get name]"
  /tool e-mail
- set address=10.1.1.10 from=<myrouter@example.com> last-status=succeeded port=587
+ set address=10.1.1.10 from=<myrouter@example.com> port=587
  /tool graphing interface
  add allow-address=10.1.0.0/20
  /tool graphing resource
  add allow-address=10.1.0.0/20

as you can see, in this case the “last-status” argument for the /tool e-mail is disappearing and reappearing.

I checked the uptime on this router and it’s over 16 days, so it’s not rebooting and nobody is making any changes to the router either. I realize 6.x change the /export default mode to “compact”, but then my question is: Why does the /port config, which is untouched and still at the defaults, ever show up at all?

For the /tool e-mail config… why does last-status seem to time-out and dissappear?

RANCID has or can be made to have a method of filtering out trivial changes like this, but I thought I’d ask about them here and see if anyone had any ideas why RouterOS is acting like this.

Thank you in advance!

framer99 · December 6, 2013, 4:37pm

Replying to myself here, I spoke to another tech who actually had been in the router in question above and was messing with the /tool e-mail server ip. He had changed it and changed it back before RANCID ran again and picked up the IP change. As a result RANCID never saw the momentary IP change, but RouterOS properly showed the last-status missing since the server-ip was actually “new” and had not be tested or used, until later after the scheduled run/email.

Sorry about that confusion I shouldn’t have assumed I knew what was going on.

As for the /port issue, that still stands as described.

framer99 · December 12, 2013, 5:09am

for the /port issue, if i change the name of the port to something different than the default, I never see the ports dissappear again in the export.

so, i’ve worked around that problem which was happening on RB532s and CCR’s

The email tool issue where the last-status= dissapears is actually still a problem. I had mistakenly thought it was due to technicians messing with the email tool settings, but even after things settled down i still see the last-status appear and dissapear once or twice a day on 4 different CCR’s.

I haven’t seen the email tool last-status issue on anything but CCR’s. I think I will have to fix rancid to just strip out the last-status setting, as it’ snot a configurable item anyway.

framer99 · January 13, 2014, 3:08pm

solved or “worked around”, at any rate:

The /tool e-mail last-status issue can be fixed by scheduling another email to be sent more often than 24 hours. I’m not sure at what point the “last-status=succeeded” expires because I set up an empty email to be sent every hour and I no longer see the last-status change like it did when I had only the single daily “email me a backup file” task (but I’m guessing 24hrs).

The /port name= issues seems to be fixed by merely altering the default name of the port. I added the suffix “test” (name=serial0test) to all the ports on my routerboard devices and have not seen the port “name=” setting disappear from any config pulls by rancid for weeks.