Zurück zur Übersicht
administrator-blogdeveloper-blog

Mike Kesler

06.02.2015

RANCID on Ubuntu 14.10

Just a quick one today…

RANCID (Really Awesome New Cisco config Differ) is a software to monitor a routers software and hardware configuration, and to maintain history of configuration changes by using CVS.

If you need more information about Rancid, you can take a look at their website.

Installing RANCID

Installing Rancid is easy:

root@server:/# apt-get install rancid

After the installation, we can check for a new group and user on the system:

root@server:/# cat /etc/group /etc/passwd | grep rancid

rancid❌133:

rancid❌122:133::/var/lib/rancid:/bin/bash

Configuring RANCID

First, let’s create groups to organize our devices, such as “switches” and “router” groups, and/or you might want to group them by their location.

root@server:/# vi /etc/rancid/rancid.conf

LIST_OF_GROUPS=”switches”

To receive Email-Notifications about configuration changes, we need to add email aliases in our /etc/aliases file.

root@server:/# vi /etc/aliases

rancid-admin-switches: rancid-switches

rancid-switches: admins

admins: admin@your-domainname.xyz

Now we need to run rancid-cvs, to create the CVS folder structure that our device configurations will be stored in. Make sure to run this command as the RANCID user.

root@server:/# sudo su -c /var/lib/rancid/bin/rancid-cvs -s /bin/bash -l rancid

You should now see a bunch of new directories in /var/lib/rancid, named after the groups you defined earlier (in our example, this would be /var/lib/rancid/switches. Inside each of these directories, there will be a file named router.db. This is where we tell RANCID what devices exist for each group. The format of the device definition is “hostname:type: status”, where “hostname” is the FQDN or IP, “type” is the type of the device and “status” is up or down.

root@server:/# vi /var/lib/rancid/switches/router.db

switch1.your-domainname.xyz:hp:up

switch2.your-domainname.xyz:hp:up

1.2.3.4:hp:up

1.2.3.5:hp:down

Login & Authentication

Next, we edit /var/lib/rancid/.cloginrc to tell RANCID how to access the devices. Depending on your devices, this might or might not be fairly easy or quite complicated. It’s best to man cloginrc to see all available options that you can use. In our example, we use a simple HP-Router setup:

root@server:/# vi /var/lib/rancid/switches/.cloginrc

add method switch1.your-domainname.xyz {ssh}

add cyphertype switch1.your-domainname.xyz {3des}

add user switch1.your-domainname.xyz {username}

add password switch1.your-domainname.xyz {password} {enable_password}

add autoenable switch1.your-domainname.xyz

Testing our setup

We can test our setup by using clogin with a configuration and device specified:

root@server:/# /usr/lib/rancid/bin/clogin -f /var/lib/rancid/.cloginrc switch1.your-domainname.xyz

If you have done everything right, you will end up in enable mode on the specified device. It’s time to test the real thing now: Let’s go ahead and manually invoke a rancid-run.

root@server:/# sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid

This command may take a while to run, depending on how many devices you have configured. After it finished, you should receive Emails from RANCID sent to the addresses that you specified earlier. You can now also review the logfiles in /var/log/rancid to see if there are any problems, and check for the downloaded configuration files in /var/lib/rancid//configs.

You might end up running into a problem though, where logging in with clogin works fine, but when trying to actually run a rancid-run, it will leave you with a “timeout” or “password incorrect” error. I found out this can cause quite a headache and is caused by rancid-run depending on certain options in the .cloginrc, that are not necessary when testing the .cloginrc options with clogin itself. Again, i can only point out to man cloginrc for further information and troubleshooting.

Finalizing RANCID

Finally, we want to automate RANCID, by creating a cronjob that calls “rancid-run” on a regular basis. Depending on your needs, you can run it every 15 Minutes, once a Week or any time period in between. In this example, we trigger a rancid-run every half hour:

root@server:/# sudo su -c “/usr/bin/crontab -e -u rancid”

m h dom mon dow command

/30 * * * * /usr/bin/rancid-run

If you end up running into any problems or just want more information, you can also check the RANCID mailing list: http://www.shrubbery.net/pipermail/rancid-discuss/.