Evil_TTL> show | s

RANCID

Category:Tools -> Monitoring
Category:Linux -> Ubuntu

This is how to install RANCID on Ubuntu.

apt-get install rancid 

This installation will create a new user and group named “rancid” with a home directory of /var/lib/rancid.

Now we have to crate one or several groups. Let’s create one. Open /etc/rancid/rancid.conf and add to the file:

LIST_OF_GROUPS="MainSite" 

If you don’t have a mail server it’s time to install it. Let’s install postfix:

apt-get install postfix 

Open file /etc/aliases which is created after postfix is installed and add the following lines to it:

rancid-MainSite:               adminname
rancid
-admin-MainSite:         adminname 

Update MTA by running as root /usr/bin/newaliases or /usr/sbin/postalias /etc/aliases

During installation a user named rancid is created automatically. RANCID doesn’t normally work with root user. So let’s grant our newly created user root privileges, that is place the user to group root:

sudo adduser rancid root
Adding user 
`rancid' to group `root' ...
Adding user rancid to group root
Done. 

Now we are ready to create RANCID groups. Issue the command to create groups automatically:

su -/var/lib/rancid/bin/rancid-cvs -/bin/bash -l rancid 

The output has to be without conflicts, like the following one:

root@ubuntu:~# su -c /var/lib/rancid/bin/rancid-cvs -s /bin/bash -l rancid

No conflicts created by this import

cvs checkout
Updating MainSite
Directory 
/var/lib/rancid/CVS/MainSite/configs put under version control
cvs commit
Examining configs
cvs add
scheduling file `router.db' for addition
cvs add: use 
`cvs commit' to add this file permanently
/var/lib/rancid/CVS/MainSite/router.db,v  <--  router.db
initial revision: 1.1
root@ubuntu:~# 

You should see a number of new directories created under “/var/lib/rancid”, named according to the RANCID groups you defined earlier (e.g. /var/lib/rancid/MainSite.  Inside the directory there will be a file named router.db. Inside router.db we let RANCID know what devices exist and at what location.  A single line in each file is used to identify a single device.  The format of the definitions is hostname:type:status, where hostname is the fully-qualified domain name or IP address, type defines the type of device (e.g. “cisco”, “hp”, “foundry”, etc.) and status is either “up” or “down”.  If “status” is set to “down”, RANCID will simply ignore the device.

Sample entries might look like this:

sw01-acc-loc01:cisco:up
192.168.1.5
:hp:up 

Once you have successfully added your devices to the appropriate “router.db” files, we need to let RANCID know how to access the devices (telnet, SSH, etc.) and what credentials to use to login.  This is done via the “.cloginrc” file.

#cp /var/lib/rancid/share/rancid/cloginrc.sample /var/lib/rancid/.cloginrc 

It is very important to assign the file access rights and the right owner:

chmod 600 .cloginrc
chown rancid
:rancid .cloginrc 

It means that only the owner of the file will have read and write rights and all other users will be denied access to it.

Place your accounting information in the file, so that RANCID could access the devices:

add autoenable 1
add method sw01
-acc-loc01 ssh
add method 192.168.1
.* telnet
add user 
DeviceAdmin
add password 
AdminPass

//address clogin manual for various syntax examples 

Check if RANCID can access the device:

sudo -u rancid -/var/lib/rancid/bin/./clogin <ip adress

If you didn’t assign 600 rights to .cloginrc you would encounter an error. If you won’t assign the owner, you would encounter the following error:

Errorcouldn't read file "/var/lib/rancid/.cloginrc": permission denied 

If everything is ok, you would be connected automatically. This is an example how I checked my home router:

root@ubuntu:/# sudo -u rancid -H /var/lib/rancid/bin/./clogin 192.168.1.1
192.168.1.1
spawn telnet 192.168.1.1
Trying 192.168.1.1
...
Connected to 192.168.1.1.
Escape character is '^]'.
login: *****
Password
 
__     ___                    ____  _ _____  ___
 \ \   
/ (___ _  ___  _ __  |___ \/ |___ / / _ \
  \ \ 
/ /| |/ _` |/ _ \| '__|   __) | | |_ \| | | |
   \ V / | | (_| | (_) | |     / __/| |___) | |_| |
    \_/  |_|\__, |\___/|_|    |_____|_|____/ \___/
            |___/
 Firmware version ("v1.5.x.y")

 ---------------------------------------------------
root@Vigor2130:~# 

It’s time to brush up your e-mail server and run RANCID:

sudo su -/var/lib/rancid/bin/rancid-run -/bin/bash -l rancid 

If the message is generated, everything is all right. Your mail server should deliver an email to you.

If you don’t have a domain and your mail doesn’t work, you can install GUI for RANCID.

Install ViewVC first:

apt-get install viewvc 

After this we need to configure ViewVC and show it the way to RANCID directory. Add the following lines to /etc/viewvc/viewvc.conf:

cvs_roots rancid: /var/lib/rancid/CVS

default_root 
rancid 

After this procedure GUI for RANCID will be available here:

https://yoursvnserver.com/cgi-bin/viewvc.cgi

. You have to have Apache server installed before. I think it’s trivial. If you are dealing with RANCID, Apache installation and configuration must not be any problem for you.

Now that we can access GUI it’s time to change the URL for a more convenient one. To do this create file /etc/apache2/conf.d/viewvc.conf and add the following lines to it:

Alias /viewvc-static /usr/lib/python2.4/site-packages/viewvc/templates-contrib/newvc/templates/docroot
ScriptAlias 
/viewvc /usr/lib/viewvc/cgi-bin/viewvc.cgi 

This will setup

http://yoursvnserver.com/viewvc

as url for browsing repository.

Here is the image where you can see the history of changes and what was changed:

RANCID-10.jpg

Mail server configuration for RANCID

**********************************************
** Restricted access! For private use only! **
**********************************************

Evil_TTL> enable
Password:  

By privilege15