Rancid Install File

What is rancid?

Rancid monitors a router ' s (or more generally a device ' s) configuration,including software and hardware (cards, serial num Bers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes.

What Rancid Does

Login to all device in the router table (router.db), run various commands to get the information that'll be Saved,cook t He output; Re-format, remove oscillating or incrementing data,email any differences from the previous collection to a mail List,and f Inally commit those changes to the Reivision control system

Download Rancid

Http://www.shrubbery.net/rancid/

Rancid installation in Debian

Rancid require installation of expect and CVS before being installed.

# Apt-get Install expect CVS

Rancid User creation (this user would launch all rancid related process)

# AddUser--home/home/rancid Rancid

Create a named Netadm which would eventually has access to the rancid directory.

# Groupadd Netadm

Create A user named Rancid that would be used to run the network device backups every night. Here we do rancid a member of the NETADM Group and make/usr/local/rancid its home directory.

# useradd-g Netadm-c "Network Backups"-d/usr/local/rancid Rancid

Once you ' ve got the rancid archive and you need to uncompress it (IN/USR/SRC for example)

# CP RANCID-2.3.1.TAR.GZ/USR/SRC

# CD/USR/SRC

# tar Xvfz rancid-2.3.1.tar.gz

# CD rancid-2.3.1

And now you need install it

Note:the following commands has to be typed as root. But once rancid are installed, rancid user must be owner of his directory (Chown-r rancid:rancid/usr/local/rancid).

#./configure-prefix=/usr/local/rancid

There is a sample password file named Cloginrc.sample. You'll need to copy it to the/usr/local/rancid/home directory as the hidden FILE/USR/LOCAL/RANCID/.CLOGINRC.

# CP CLOGINRC.SAMPLE/USR/LOCAL/RANCID/.CLOGINRC

Finally you'll need to set the. cloginrc file permissions to be readable by the rancid user and the new Netadm Linux Gro Up. You'll also has the ownership and permissions of the home directory in a similar
Fashion.

#chmod 0640/USR/LOCAL/RANCID/.CLOGINRC

#chown-R Rancid:netadm/usr/local/rancid/

#chmod 770/usr/local/rancid/

Now, the installation are complete, and you'll need to do some initial configuration to get rancid into work.

Configuring Rancid

Now We create a group called Debianhelp on the rancid configuration by editing the File/home/rancid/etc/rancid.conf.all F Iles related to this group would be stored in a sub-directory of the same name under the Var sub-directory of the Rancid Ho Me directory. In other Words/usr/local/var/debianhelp

By default rancid filters out passwords and SNMP community strings. Want to set the Filter_pwds and NOCOMMSTR variables to "NO" to prevent this.

List_of_groups= "Debianhelp"

Filter_pwds=no; Export Filter_pwds

Nocommstr=no; Export NOCOMMSTR

Rancid would send status emails to mailing lists defined in the/etc/aliases file. The "Debianhelp" rancid group would need to has groups named Rancid-admin-networking and Rancid-networking. A Rancid Group named
"Alldevices" would have groups named Rancid-admin-alldevices and Rancid-alldevices.

In this example, the emails go to the NOC mailing list made up of the addresses [email protected]

# Rancid Email Addresses

#

Rancid-admin-networking:rancid-networking

Rancid-networking:admin

admin: [Email protected]

The email aliases then need to being added Postfix alias database with the newaliases command

# newaliases

The next couple steps need to is done as the rancid user. Use the SU command to become the rancid user.

# Su-rancid

The RANCID-CVS command needs to being used to create the/usr/local/var/debianhelp directory and its associated database and Network device List files.

$/usr/local/rancid/bin/rancid-cvs

No conflicts created by this import

CVS Checkout:updating debianhelp

CVS Checkout:updating Debianhelp/configs

CVS add:scheduling file ' router.db ' for addition

CVS Add:use ' CVs commit ' to add this file permanently

RCS file:/usr/local/rancid//var/cvs/debianhelp/router.db,v

Done

Checking in Router.db;

/usr/local/rancid//var/cvs/debianhelp/router.db,v <--router.db

Initial revision:1.1

Done

The README file is useful, so copy it to the home directory before deleting the rancid sub-directory under the Tar su B-directory.

$ cp/rancid-2.3.1/readme.

$ rm-rf/rancid-2.3.1

Now edit the rancid user ' scrontabTable file to schedule regular backups using The/usr/local/rancid/bin/rancid-run file.

$ crontab-e

# Run config differ hourly

1 * * * */usr/local/rancid/bin/rancid-run

# clean out config differ logs

0 * * */usr/bin/find/usr/local/rancid/var/logs-type f-mtime +2-exec rm {} \;

The Rancid network device list and password files would now has to be edited before your configurations can is backed up, But first, let's review the most important file locations.

Rancid router.db file

The router.db file is the device list rancid uses to does its backups. It has the format:

Dns-name-or-ip-address:device-type:status

Where dns-name-or-ip-address is the hostname or IP address of the Device,device-type is the expected type of operating SYS TEM The device should be running and status (which can is up or down) which determines whether the device should be backed Up or not. This example are for a Cisco device with an IP address of 172.15.1.1.

172.15.1.1:cisco:up

Note:according to the rancid help pages, "A ' # ' in the beginning of a line are considered as a comment and the entire line is ignored. If a device is deleted from the router.db file and then rancid'll clean up by removing the
Device ' s configuration file/usr/local/rancid/var/debianhelp/configs directory. The CVS information for the device would be moved to CVS Attic directory (using CVS delete). "

Rancid. clogin.rc file

The. clogin.rc file lists all the passwords rancid would use. The one, comes with the rancid installation kit have a lot of examples in it and is fairly self-explanatory. Unfortunately some of the examples is not
Commented out, so you'll have the to do so yourself. Here is a sample snippet using some commonly encountered scenarios.

# Sample. clogin.rc file

#
####################################################################

#

# Device 172.15.1.1 have a unique username and password, but

# doesn ' t logins do not get the enable prompt.

#

# If The device prompts for a username, Rancid would use the Linux

# "Rancid" username and the first password in the list. If only A

# login password is requested, Rancid uses the first password in the

# list. The second password is the "enable" password.

#

####################################################################



Add password 172.15.1.1 {Telnet-password} {Enable-password}

####################################################################

#

# Devices with DNS names ending in my-web-site.org in the router.db

# file or beginning with 172.16. Have a different set of passwords.

#

# If The device prompts for a username, Rancid would use the Linux

# "Rancid" username and the first password in the list. If only A

# login password is requested, Rancid uses the first password in the

# list. The second password is the "enable" password.

#

####################################################################
Add password *.yourwebsite.com {Telnet-password} {Enable-password}

Add password 172.16.* {Telnet-password} {Enable-password}

####################################################################

#

# Everything else uses these passwords. Rancid'll attempt to use

# Telnet then SSH for logins

#

####################################################################

Add password * {Telnet-password} {Enable-password}

Add method * Telnet ssh

Cvsweb

You need a webserver installed before installing/using Cvsweb. Apache2 is used for this document if you want to install apache2 with PHP support click here.

# Apt-get Install Cvsweb

Modify the Cvsweb configuration file to create the group "Debianhelp": File:/etc/cvsweb.conf

@CVSrepositories = (
' Local ' = [' local Repository ', '/var/lib/cvs '],
' Debianhelp ' = [' Debianhelp devices ',
'/home/rancid/var/rancid/cvs '],
);

If the directory containing the cvsweb icons and CSS files is not in/var/www, you have to add a symbolic link

# ln-s/usr/share/cvsweb/var/www/cvsweb

Configuration history was now available via cvsweb at the following URL:
Http://yourserverip/cgi-bin/cvsweb/debianhelp/configs/?cvsroot=debianhelp

This article is from the "7464112" blog, please be sure to keep this source http://7474112.blog.51cto.com/7464112/1826125

Rancid Install File