RANCID on Ubuntu 14.10

Just a quick one today…
RANCID (Really Awesome New Cisco config Differ) is a software to monitor a routers software and hardware configuration, and to maintain history of configuration changes by using CVS.
If you need more information about Rancid, you can take a look at their website.
Installing RANCID
Installing Rancid is easy:

root@[server]:/# apt-get install rancid

After the installation, we can check for a new group and user on the system:

root@[server]:/# cat /etc/group /etc/passwd | grep rancid
rancid:x:133:
rancid:x:122:133::/var/lib/rancid:/bin/bash

Configuring RANCID
First, let’s create groups to organize our devices, such as “switches” and “router” groups, and/or you might want to group them by their location.

root@[server]:/# vi /etc/rancid/rancid.conf
LIST_OF_GROUPS=”switches”

To receive Email-Notifications about configuration changes, we need to add email aliases in our /etc/aliases file.

root@[server]:/# vi /etc/aliases
rancid-admin-switches: rancid-switches
rancid-switches: admins
admins: admin@your-domainname.xyz

Now we need to run rancid-cvs, to create the CVS folder structure that our device configurations will be stored in. Make sure to run this command as the RANCID user.

root@[server]:/# sudo su -c /var/lib/rancid/bin/rancid-cvs -s /bin/bash -l rancid

You should now see a bunch of new directories in /var/lib/rancid, named after the groups you defined earlier (in our example, this would be /var/lib/rancid/switches. Inside each of these directories, there will be a file named router.db. This is where we tell RANCID what devices exist for each group. The format of the device definition is “hostname:type:status”, where “hostname” is the FQDN or IP, “type” is the type of the device and “status” is up or down.

root@[server]:/# vi /var/lib/rancid/switches/router.db
switch1.your-domainname.xyz:hp:up
switch2.your-domainname.xyz:hp:up
1.2.3.4:hp:up
1.2.3.5:hp:down

Login & Authentication
Next, we edit /var/lib/rancid/.cloginrc to tell RANCID how to access the devices. Depending on your devices, this might or might not be fairly easy or quite complicated. It’s best to man cloginrc to see all available options that you can use. In our example, we use a simple HP-Router setup:

root@[server]:/# vi /var/lib/rancid/switches/.cloginrc
add method switch1.your-domainname.xyz {ssh}
add cyphertype switch1.your-domainname.xyz {3des}
add user switch1.your-domainname.xyz {username}
add password switch1.your-domainname.xyz {password} {enable_password}
add autoenable switch1.your-domainname.xyz

Testing our setup
We can test our setup by using clogin with a configuration and device specified:

root@[server]:/# /usr/lib/rancid/bin/clogin -f /var/lib/rancid/.cloginrc switch1.your-domainname.xyz

If you have done everything right, you will end up in enable mode on the specified device. It’s time to test the real thing now: Let’s go ahead and manually invoke a rancid-run.

root@[server]:/# sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid

This command may take a while to run, depending on how many devices you have configured. After it finished, you should receive Emails from RANCID sent to the addresses that you specified earlier. You can now also review the logfiles in /var/log/rancid to see if there are any problems, and check for the downloaded configuration files in /var/lib/rancid//configs.
You might end up running into a problem though, where logging in with clogin works fine, but when trying to actually run a rancid-run, it will leave you with a “timeout” or “password incorrect” error. I found out this can cause quite a headache and is caused by rancid-run depending on certain options in the .cloginrc, that are not necessary when testing the .cloginrc options with clogin itself. Again, i can only point out to man cloginrc for further information and troubleshooting.
Finalizing RANCID
Finally, we want to automate RANCID, by creating a cronjob that calls “rancid-run” on a regular basis. Depending on your needs, you can run it every 15 Minutes, once a Week or any time period in between. In this example, we trigger a rancid-run every half hour:

root@[server]:/# sudo su -c “/usr/bin/crontab -e -u rancid”
# m h dom mon dow command
/30 * * * * /usr/bin/rancid-run

If you end up running into any problems or just want more information, you can also check the RANCID mailing list: http://www.shrubbery.net/pipermail/rancid-discuss/.

Kommentare

  1. Hi , it was looking like rancid change settings to make a single shipment notification email every 24 hours. I use RANCID for all my network device config backups. For non critical networks, or execs that wanted to know what was going on it the network .
    Greetings and thank you