Installing and configuring Rancid

Been looking for some easy to use and easy to maintain versioning system for all my networking equipment, and found Rancid from Shrubbery Networks inc. to be the ideal solution.

I have later made a post about how to add Support for Cisco Small Business in RANCID.

For me personally, it just had a minor, or you might call it major, catch. I had to install it on Linux!

Anyway, I learned some, and finally got it to work after much frustration.

I normally post my sources at the end, but a lot of this post is more or less a copy of this one: Quick HOWTO : Ch1 : Network Backups With Rancid so I’ll post the credits first.

Prerequisites for this post is the installation and setup of Postfix and installing and configuring CVS.

Lets start by looking at what we are aiming for:

ranciddiffs

 

Lets get the prereqs in place:

root@ubuntu:~# apt-get install expect make gcc g++

Creating a Group and Rancid user:

To be honest, I just did the group thing because the guides told me so, but here goes:

  1. Create a Linux group named netadm which will eventually have access to the Rancid directory.
    root@ubuntu:~# groupadd netadm
     
  2. Create a user named rancid that will be used to run the network device backups every night.
  3. Here we make rancid a member of the netadm group and make /usr/local/rancid its home directoryy
    If the user exist:
    root@ubuntu:~# usermod -G neadm rancid
    If Rancid user does not exist:
    root@ubuntu:~# useradd -g netadm -c "Networking Backups" -d /usr/local/rancid rancid
  4. Create a directory called /usr/local/rancid/tar and enter it. The -p makes all directories as needed up to and including tar.
    root@ubuntu:~# mkdir -p /usr/local/rancid/tar
    cd /usr/local/rancid/tar
  5. Use the wget command to get the latest version of the Rancid tar file from its web site.
    root@ubuntu:/usr/local/rancid/tar# wget ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz
  6. Next, you will need to extract the files from the Rancid tar file as a pre-compilation step. In this case the file is named rancid-2.3.8.tar.gz so the extraction process will place all the preliminary files in a directory named rancid-2.3.8
    root@ubuntu:/usr/local/rancid/tar# tar -xvzf rancid-2.3.8.tar.gz
  7. Enter the directory:
    root@ubuntu:/usr/local/rancid/tar# cd rancid-2.3.8
  8. Prepare the Rancid package for compiling with the configure command.
    Here, the –prefix switch is used to set the default directory to match the /usr/local/rancid/ home directory of our rancid user.

    root@ubuntu:/usr/local/rancid/tar/rancid-2.3.8:# ./configure --prefix=/usr/local/rancid/
  9. Install the package with the make command.
    root@ubuntu:/usr/local/rancid/tar/rancid-2.3.8:# make install
  10. There is a sample password file named cloginrc.sample.
    You’ll need to copy it to the /usr/local/rancid/ home directory as the hidden file /usr/local/rancid/.cloginrc.

    root@ubuntu:/usr/local/rancid/tar/rancid-2.3.8:# cp cloginrc.sample /usr/local/rancid/.cloginrc
  11. Finally you will need to set the .cloginrc file permissions to be readable by the rancid user and the new netadm Linux group. You will also have to change the ownership and permissions of the home directory in a similar fashion.
    root@ubuntu:~# chmod 0640 /usr/local/rancid/.cloginrc
    root@ubuntu:~# chown -R rancid:netadm /usr/local/rancid/
    root@ubuntu:~# chmod 770 /usr/local/rancid/

Initial Rancid Configuration

Initial configuration involves setting up Rancid to periodically backup your configurations and email status reports to the necessary users.

The rancid.conf file is used to determine where rancid stores its configurations and other general parameters. We’ll need to edit it.

root@ubuntu:~# nano /usr/local/rancid/etc/rancid.conf

In this example, we’ll create a Rancid device group called “networking”. All files related to this group will be stored in a sub-directory of the same name under the var sub-directory of the Rancid home directory. In other words /usr/local/var/networking.

By default Rancid filters out passwords and SNMP community strings. You may want to set the FILTER_PWDS and NOCOMMSTR variables to “NO” to prevent this.

#
# Sample rancid.conf
#
LIST_OF_GROUPS="networking"
FILTER_PWDS=NO; export FILTER_PWDS
NOCOMMSTR=NO; export NOCOMMSTR

 

Status mail setup

Rancid will send status emails to mailing lists defined in the /etc/aliases file. The “networking” Rancid group will need to have groups named rancid-admin-networking and rancid-networking. A Rancid group named “alldevices” would have groups named rancid-admin-alldevices and rancid-alldevices.

In this example, the emails go to the mylist mailing list made up of the address myself@nulldomain.eu

root@ubuntu:~# nano /etc/aliases
#
# Rancid email addresses
#
rancid-admin-networking:     rancid-networking
rancid-networking:           mylist
mylist:                      myself@nulldomain.eu
  1. The email aliases then need to be added sendmail alias database with the newaliases command.
    root@ubuntu:~# newaliases
  2. The next couple steps need to be done as the rancid user. Use the su command to become the rancid user.
    root@ubuntu:~# su - rancid
  3. The rancid-cvs command needs to be used to create the /usr/local/var/networking directory and its associated database and network device list files.
    rancid@ubuntu~$ /usr/local/rancid/bin/rancid-cvs
    No conflicts created by this import
    cvs checkout: Updating networking
    cvs checkout: Updating networking/configs
    cvs add: scheduling file `router.db' for addition
    cvs add: use 'cvs commit' to add this file permanently
    RCS file: /usr/local/rancid//var/CVS/networking/router.db,v
    done
    Checking in router.db;
    /usr/local/rancid//var/CVS/networking/router.db,v   <--   router.db
    initial revision: 1.1
    done
  4. The README file will be useful, so copy it to the home directory before deleting the rancid sub-directory under the tar sub-directory.
    rancid@ubuntu~$cp tar/rancid-2.3.8/README .
    rancid@ubuntu~$ rm -rf tar/rancid-2.3.8
  5. Now edit the rancid user’s crontab table file to schedule regular backups using the /usr/local/rancid/bin/rancid-run file.
    rancid@ubuntu~$ crontab -e
    #
    # Rancid user's crontab file
    #
    # Run config differ hourly
    1 * * * * /usr/local/rancid/bin/rancid-run
    
    # Clean out config differ logs
    50 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime +2 -exec rm {} \;

Adding Devices to Rancid

  1. The router.db file is the device list rancid uses to do its backups.If you forgot where it is, you can find it using (first line command, second line is result):
    rancid@ubuntu:~$ find -type f -name router.db
    ./var/networking/router.db
  2. It has the format:
    dns-name-or-ip-address:device-type:statusWhere dns-name-or-ip-address is the hostname or IP address of the device, device-type is the expected type of operating system the device should be running and status (which can be up or down) which determines whether the device should be backed up or not. This example is for a Cisco device with an IP address of 192.168.1.1.Sample entries might look like this:

    rancid@ubuntu:~$ nano var/networking/router.db
    192.168.1.1:cisco:up
    asa5505.my.domain.eu:cisco:up
    msm422.my.domain.eu:hp:Down

 

The Rancid .clogin.rc file

The .clogin.rc file lists all the passwords rancid will use. The one that comes with the Rancid installation kit has a lot of examples. Unfortunately some of the examples are not commented out, so you will have to do so yourself. You will basically have to comment out everything in the file, except the Things you are going to use.

rancid@ubuntu:~$ cd /usr/local/rancid
rancid@ubuntu:~$ nano .cloginrc
###################################################################
# networking
# two passwords, where first is login and second is enable.
# {ssh password}{enable password}
add method *            ssh
add user *              user-name
add password *          {paswd}      {paswd}

# I weren't sure if I needed these:
# set ssh encryption type, dflt: 3des # add cyphertype *                {3des}
# set the username prompt to "router login:" # add userprompt *              {"router login:"}

# If I want to be more specific I could do something like:
# Using this you can specify for different domains, or even specific devices as needed.
add method *.domain.eu            ssh
add user *domain.eu              user-name
add password *domain.eu          {paswd}      {paswd}
###################################################################

Testing Rancid

Rancid has a number of scripts that can be run as part of a testing program and the logs they create are fairly detailed. I havn’t used any of these except the following:

Testing A Login for a Single Device

The clogin script in the bin directory can be used to read the .cloginrc file as part of an interactive test.

In this example, we successfully log in to our 192.168.1.1 Cisco device and get an interactive enable prompt.

rancid@ubuntu~$ bin/clogin 192.168.1.1
192.168.1.1
spawn ssh -c 3des -x -l user-name 192.168.1.1
user-name@null192.168.1.1's password:
MOTD siger: Have fun!!
My ASA5505 Type help or '?' for a list of available commands.
ASA5505> enable
Password: ********
ASA5505#
ASA5505# exit
Logoff

Testing For All Devices and just plain see if it runs:

The rancid-run script in the bin directory can be used to read the .cloginrc file as part of a complete test. It might take a while.

rancid@ubuntu~$ bin/rancid-run

Troubleshooting Using the Rancid Log Files

The var/logs/ directory contains all the rancid logs sorted by date as we can see here. I’ve used these a lot, so don’t just skip these.

rancid@ubuntu~$ ls var/logs
networking.20130626.123228  networking.20130626.130101
rancid@ubuntu:~$ less var/logs/networking.20130626.140101
starting: Wed Jun 26 14:01:01 CEST 2013
Trying to get all of the configs.
All routers sucessfully completed.
cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs
ending: Wed Jun 26 14:01:18 CEST 2013
var/logs/networking.20130626.140101 (END)

( CTRL+Z to exit)

If the rancid-run script was used, you should now see a copy of your configuration in the var/networking/configs/ directory as seen here.

rancid@ubuntu~$ ls var/networking/configs/ 192.168.1.1 CVS

 Table 1-1 : Rancid File Locations

Location Description
/usr/local/rancid Base Rancid directory location
/usr/local/rancid/var/logs Location of the rancid backup log files. You can trace backup failures here.
/usr/local/rancid/bin Location of the executables
/usr/local/rancid/var/networking/configs Backup location of all the configurations
/usr/local/rancid/var/networking/router.db List of all devices that need to be backed up.
/usr/local/rancid/tar Location of the original rancid tar files
/usr/local/rancid/README General help file
/usr/local/rancid/.cloginrc Password file

Table 1-1 shows a list of important rancid file locations based on the configuration steps we’ve done.

Now you might want an easier way to look at your versioning files?

Go to my guide on setting up CVSweb

Primary sources:

Quick HOWTO : Ch1 : Network Backups With Rancid

Installing RANCID on Ubuntu 10.04 LTS – (incomplete as it turned out)

Network Administration : Installation of Tacacs+, Rancid, Cvsweb – Lots of info

http://www.shrubbery.net/rancid/FAQ

Posted in Linux, Postfix, Rancid
0 comments on “Installing and configuring Rancid
3 Pings/Trackbacks for "Installing and configuring Rancid"
  1. […] my hunt for using Rancid I continually bumbed into errors. Turned out I needed to install CVS seperately, and finally got […]

  2. […] be nice to be able to browse our Rancid repository, so went looking for some kind of web gui and found […]

  3. […] I had recently set up an extra send connector in ordre to accomplish some internal relay from an Rancid server I have […]

Leave a Reply