Installation is simple enough:
yum -y install make gcc expext cvs
wget -q -O- ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz | tar -xz -C /usr/src/
cd /usr/src/rancid-2.3.8/
./configure --prefix=/opt/rancid
make
make install
chown -R rancid:rancid /opt/rancid/
adduser -M -d /opt/rancid rancid
The software will be installed under /opt/rancid:
- bin: contains all executables;
- etc: contains configuration files;
- share: contains docs and man pages;
- var: will contain the CVS tree where all configurations will be saved.
Configuration
The main confutation file is rancid.conf which is self-explanatory. The only one line that should be modified is the following:LIST_OF_GROUPS="dep1 dep2"We want to make a group for each department, but any other configuration can be implemented.
At this point, as rancid user, let’s create the CVS repository:
su - rancid
bin/rancid-cvs
A repository for each LIST_OF_GROUPS variable will be created.
Device autentication
Under the rancid home directory the .cloginrc file must be created. This file will contain authentication credential and method needed for login to remote devices:
add method *.dep1.example.com ssh add user *.dep1.example.com backup_user add password *.dep1.example.com {backup_password} add autoenable *.dep1.exaomple.com 1
add user *.dep2.example.com admin add password *.dep2.example.com {password} {secret}
The first example describes authentication for all devices under dep1.example.com domain:
- authentication will use SSH protocol;
- the username backup_user has the “enable” privilege.
- authentication will use telnet protocol;
- the username admin requires “enable” password.
chmod 600 /opt/rancid/.cloginrc
chown rancid:rancid /opt/rancid/.cloginrc
Notifications
RANCID forwards emails using the local email system. The following aliases should be configured under/etc/aliases also:
rancid-admin-dep1: noc@example.com rancid-dep1: noc@dep1.example.com rancid-admin-dep2: noc@example.com rancid-dep2: noc@dep1.example.com
[...]
After adding the aliases, the configuration must be updated:
newaliases
Devices
For each department devices must be added to router.db under /opt/rancid/var. That file contains device IP/hostname, type and status.Let’s add a Cisco device to the dep1 group:
echo "router.dep1.example.com|cisco|up" >> /opt/rancid/var/dep1/router.dbRANCID will save get the configuration from router.dep1.example.com using authentication info defined in .cloginrc (see before). The router is defined as cisco device and is in up state. The status is important because deleting a device from router.db file will delete all configuration. An inactive device should be marked as “down” if configuration must be retained.
Many plugins are available for different vendor/type:
%vendortable = ( 'agm' => 'agmrancid', 'alteon' => 'arancid', 'arista' => 'arrancid', 'avocent' => 'avorancid', 'baynet' => 'brancid', 'cat5' => 'cat5rancid', 'cisco' => 'rancid', [...] 'tnt' => 'tntrancid', 'zebra' => 'zrancid' );
Test
Authentication is the most critical process; it can be tested:
su - rancid
bin/clogin router.dep1.example.com
The authentication sequenze will be shown. A complete debug session can be invocated with the following:
su - rancid
bin/rancid -d router.dep1.example.com
The complete execution for a group can be invoked:
su - rancid
bin/rancid-run dep1
All devices under dep1 group will be saved and logs will be available under /opt/rancid/var/log.
Automation
The RANCID process can be automated using cron:
0 */4 * * * /opt/rancid/bin/rancid-run > /dev/null 2>&1
30 * * * * /usr/bin/find /opt/rancid/var/logs -type f -mtime +2 -exec rm {} \; > /dev/null 2>&1
The previous example will invoke RANCID every four hours, and log will be cleaned.
Web Access
Last step makes configurations availalble using a web browser. There are a lot of CVS Web viewer, in this case CVSWeb will be used:
yum -y install httpd perl-IPC-Run perl-URI rcs
wget -q -O- ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/scop/cvsweb-3.0.6.tar.gz | tar -xz -C /usr/src/
mkdir -p /usr/local/etc/cvsweb/ /var/www/html/css/
cp -a /usr/src/cvsweb-3.0.6/cvsweb.cgi /var/www/cgi-bin/
cp -a /usr/src/cvsweb-3.0.6/css/cvsweb.css /var/www/html/css/cvsweb.css
cp -a /usr/src/cvsweb-3.0.6/cvsweb.conf /usr/local/etc/cvsweb/
chmod 755 /var/www/cgi-bin/cvsweb.cgi
The cvsweb.conf file must be properly configured:
[...] @CVSrepositories = ( 'local' => ['Local Repository', '/var/cvs'], 'rancid' => ['RANCID Repository', '/opt/rancid/var/CVS'], ); [...]
RANCID repository will be available using the URL http://rancid.example.com/cgi-bin/cvsweb.cgi/?cvsroot=rancid. The Web Server configuration should be properly secured.
References
- RANCID – Really Awesome New Cisco confIg Differ
- Modules for other devices
- Various device types for Rancid
- Alteon/Radware/Netscreen Addon
Thanks to routereflector.com
No comments:
Post a Comment