What is Rancid ?
RANCID monitors a router‘s (or more generally a device‘s)
configuration,including software and hardware (cards, serial
numbers, etc) and uses CVS (Concurrent Version System) or
Subversion to maintain history of changes.
What RANCID Does
login to each device in the router table (router.db),run various
commands to get the information that will be saved,cook the
output; re-format, remove oscillating or incrementing data,email
any differences from the previous collection to a mail list,and
finally commit those changes to the reivision control system
Download RANCID
http://www.shrubbery.net/rancid/
RANCID Installation
in Debian
Rancid require installation of expect and cvs before being
installed.
# apt-get install expect cvs
rancid user creation (this user will launch all rancid related
process)
# adduser --home /home/rancid rancid
Create a named netadm which will eventually have access to the
Rancid directory.
# groupadd netadm
Create a user named rancid that will be used to run the network
device backups every night. Here we make rancid a member of the
netadm group and make /usr/local/rancid its home directory.
# useradd -g netadm -c "Network Backups" -d /usr/local/rancid
rancid
Once you‘ve got the rancid archive, you need to uncompress it
(in /usr/src for example)
# cp rancid-2.3.1.tar.gz /usr/src
# cd /usr/src
# tar xvfz rancid-2.3.1.tar.gz
# cd rancid-2.3.1
and Now you need install it
Note : The following commands have to be typed as root. But once
Rancid is installed, rancid user MUST be owner of his directory
(chown -R rancid:rancid /usr/local/rancid).
# ./configure -prefix=/usr/local/rancid
There is a sample password file named cloginrc.sample. You‘ll
need to copy it to the /usr/local/rancid/ home directory as the
hidden file /usr/local/rancid/.cloginrc.
# cp cloginrc.sample /usr/local/rancid/.cloginrc
Finally you will need to set the .cloginrc file permissions to
be readable by the rancid user and the new netadm Linux group.
You will also have to change the ownership and permissions of
the home directory in a similar
fashion.
#chmod 0640 /usr/local/rancid/.cloginrc
#chown -R rancid:netadm /usr/local/rancid/
#chmod 770 /usr/local/rancid/
Now that the installation is complete, you‘ll need to do some
initial configuration to get Rancid to work.
Configuring RANCID
Now We create a group called debianhelp in the rancid
configuration by editing the file /home/rancid/etc/rancid.conf.All
files related to this group will be stored in a sub-directory of
the same name under the var sub-directory of the Rancid home
directory. In other words /usr/local/var/debianhelp
By default Rancid filters out passwords and SNMP community
strings. You may want to set the FILTER_PWDS and NOCOMMSTR
variables to "NO" to prevent this.
LIST_OF_GROUPS="debianhelp"
FILTER_PWDS=NO; export FILTER_PWDS
NOCOMMSTR=NO; export NOCOMMSTR
Rancid will send status emails to mailing lists defined in the
/etc/aliases file. The "debianhelp" Rancid group will need to
have groups named rancid-admin-networking and rancid-networking.
A Rancid group named
"alldevices" would have groups named rancid-admin-alldevices and
rancid-alldevices.
In this example, the emails go to the noc mailing list made up
of the addresses [email protected]
# Rancid email addresses
#
rancid-admin-networking: rancid-networking
rancid-networking: admin
admin: [email protected]
The email aliases then need to be added postfix alias database
with the newaliases command
# newaliases
The next couple steps need to be done as the rancid user. Use
the su command to become the rancid user.
# su - rancid
The rancid-cvs command needs to be used to create the
/usr/local/var/debianhelp directory and its associated database
and network device list files.
$ /usr/local/rancid/bin/rancid-cvs
No conflicts created by this import
cvs checkout: Updating debianhelp
cvs checkout: Updating debianhelp/configs
cvs add: scheduling file `router.db‘ for addition
cvs add: use ‘cvs commit‘ to add this file permanently
RCS file: /usr/local/rancid/ /var/CVS/debianhelp/router.db,v
done
Checking in router.db;
/usr/local/rancid/ /var/CVS/debianhelp/router.db,v <-- router.db
initial revision: 1.1
done
The README file will be useful, so copy it to the home directory
before deleting the rancid sub-directory under the tar
sub-directory.
$ cp /rancid-2.3.1/README .
$ rm -rf /rancid-2.3.1
Now edit the rancid user‘s crontab table file to schedule
regular backups using the /usr/local/rancid/bin/rancid-run file.
$ crontab -e
# Run config differ hourly
1 * * * * /usr/local/rancid/bin/rancid-run
# Clean out config differ logs
0 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime
+2 -exec rm {} \;
The Rancid network device list and password files will now have
to be edited before your configurations can be backed up, but
first, let‘s review the most important file locations.
Rancid router.db file
The router.db file is the device list rancid uses to do its
backups. It has the format:
dns-name-or-ip-address:device-type:status
Where dns-name-or-ip-address is the hostname or IP address of
the device,device-type is the expected type of operating system
the device should be running and status (which can be up or
down) which determines whether the device should be backed up or
not. This example is for a Cisco device with an IP address of
172.15.1.1.
172.15.1.1:cisco:up
Note: According to the Rancid help pages, "a ‘#‘ at the
beginning of a line is considered as a comment and the entire
line is ignored. If a device is deleted from the router.db file,
then Rancid will clean up by removing the
device‘s configuration file /usr/local/rancid/var/debianhelp/configs
directory. The CVS information for the device will be moved to
CVS Attic directory (using cvs delete)."
Rancid .clogin.rc file
The .clogin.rc file lists all the passwords rancid will use. The
one that comes with the Rancid installation kit has a lot of
examples in it and is fairly self-explanatory. Unfortunately
some of the examples are not
commented out, so you will have to do so yourself. Here is a
sample snippet using some commonly encountered scenarios.
# Sample .clogin.rc file
#
####################################################################
#
# Device 172.15.1.1 has a unique username and password, but
# doesn‘t logins do not get the enable prompt.
#
# If the device prompts for a username, Rancid will use the
Linux
# "rancid" username and the first password in the list. If only
a
# login password is requested, rancid uses the first password in
the
# list. The second password is the "enable" password.
#
####################################################################
add password 172.15.1.1 {telnet-password} {enable-password}
####################################################################
#
# Devices with DNS names ending in my-web-site.org in the
router.db
# file or beginning with 172.16. have a different set of
passwords.
#
# If the device prompts for a username, Rancid will use the
Linux
# "rancid" username and the first password in the list. If only
a
# login password is requested, rancid uses the first password in
the
# list. The second password is the "enable" password.
#
####################################################################
add password *.yourwebsite.com {telnet-password}
{enable-password}
add password 172.16.* {telnet-password} {enable-password}
####################################################################
#
# Everything else uses these passwords. Rancid will attempt to
use
# telnet then SSH for logins
#
####################################################################
add password * {telnet-password} {enable-password}
add method * telnet ssh
CvsWeb
You need a webserver installed before installing/using cvsweb.
Apache2 was used for this document if you want to install
apache2 with php support click here.
# apt-get install cvsweb
Modify the cvsweb configuration file to create the group "debianhelp"
: File : /etc/cvsweb.conf
@CVSrepositories = (
‘local‘ => [‘Local Repository‘, ‘/var/lib/cvs‘],
‘debianhelp‘ => [‘debianhelp devices‘,
‘/home/rancid/var/rancid/CVS‘],
);
If the directory containing the cvsweb icons and css files is
not in /var/www, you have to add a symbolic link
# ln -s /usr/share/cvsweb /var/www/cvsweb
Configuration history is now available via cvsweb at the
following url :
http://yourserverip/cgi-bin/cvsweb/debianhelp/configs/?cvsroot=debianhelp