Introduction
If you looking for a guide on how to setup the latest version of RANCID which is currently 3.2 (June 2015) then you have come to the right place. I have previously done a post on RANCID setup on Ubuntu 10.04 which was an older version of RANCID in the Ubuntu repositories.
https://www.ip-life.net/rancid-setup-on-ubuntu-10-04-lts/
One major change in version 3.x is IPv6 support which has one gotcha. You now use the following format for adding devices to the router.db file:
<IPaddress>;cisco;up
Note the ; not :
This had me scratching my head for hours so hopefully it’ll save you time. This change is because of IPv6’s use of the colon in it’s written form hence the need for change. The version of View VC used is also a later version than on my old post which is a bit prettier but the same thing. If you’re thinking why change Linux distro’s, well my new employer used CentOS or Redhat so why not.
Installation
On your fresh CentOS box, please run through the following steps as root unless specified as rancid user. If you’re feeling especially lazy you can copy and paste all commands but I would suggest to please try and understand what is happening and how RANCID works as it will save you lots of time and effort moving forward:
yum upgrade
yum install nano wget ftp telnet perl tcl expect gcc cvs rcs httpd autoconf openssh-clients postfix
nano /etc/httpd/conf/httpd.conf
This is to edit your RANCID server name within the apache configuration file
groupadd netadm
useradd -g netadm -c “Networking Backups” -d /usr/local/rancid rancid
mkdir /usr/local/rancid/pkg
cd /usr/local/rancid/pkg
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.1.tar.gz
tar xzvf rancid-3.1.tar.gz
cd rancid-3.1
I would advise here to have a read of the README file in this location so you’re not blindly pushing on without understanding what is going on.
./configure –prefix=/usr/local/rancid/
make install
cp /usr/local/rancid/pkg/rancid-3.1/cloginrc.sample /usr/local/rancid/.cloginrc
chmod 0640 /usr/local/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 775 /usr/local/rancid/
This is now where you modify you file with the list of groups you require:
nano /usr/local/rancid/etc/rancid.conf
Once happy with your groups, you need to run rancid-cvs to create the directories/files required as the rancid user
su rancid
/usr/local/rancid/bin/rancid-cvs
Now is where you need to do some real work. You need to think and create your routers, firewalls and switches in the required group folders. I also recommend creating names for the devices instead of using IP addresses. If you don’t have valid DNS entries for your devices you could also create a simple host entry per device in the /etc/hosts file which is exactly what I did. The other major step is the edit of the .cloginrc file which is the file which holds all username/password combinations for the devices. I would also suggest testing you can access the device using RANCID before running the cron job to make sure the access is working as required. Please use SSH over the web, in fact use SSH where possible, RANCID even accepts keys.
The following executable runs RANCID for all groups. You can also specifically call a certain group by adding it to the end of the command.
bin/rancid-run
A small tidy up.
cd pkg/rancid-3.1
cp README /usr/local/rancid
rm -rf tar/rancid-3.1
rm -rf tar/rancid-3.1.tar.gz
Setup of CRON is straight forward
crontab -u rancid -e
1 * * * * /usr/local/rancid/bin/rancid-run #hourly router dump
00 00 1 * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime +30 -exec rm {} \;
service crond restart
I suggest if RANCID has been provisioned as a VM, snapshot at this point in case you make a any mistakes configuring View VC.
cd /usr/local/rancid/pkg
wget http://viewvc.tigris.org/files/documents/3330/49392/viewvc-1.1.23.tar.gz
tar -zxvf viewvc-1.1.23.tar.gz
cd viewvc-1.1.23
./viewvc-install ## we set the installation path as /usr/local/viewvc
Consult the INSTALL document for detailed information on completing the installation and configuration of ViewVC on your system. Here’s a brief overview of the remaining steps:
1) Edit the /usr/local/viewvc-1.1.23/viewvc.conf file.
2)Copy /usr/local/viewvc-1.1.23/bin/cgi/viewvc.cgi to an already-configured cgi-bin directory.
nano /usr/local/viewvc/viewvc.conf
root_parents = /usr/local/rancid/var/CVS : cvs
rcs_path = /usr/bin/
use_enscript = 1
enscript_path = /usr/bin/
use_highlight = 1
highlight_path = /usr/bin
cp /usr/local/viewvc/bin/cgi/*.cgi /var/www/cgi-bin/
chown apache:apache /var/www/cgi-bin/query.cgi
chown apache:apache /var/www/cgi-bin/viewvc.cgi
nano /etc/httpd/conf/httpd.conf
ScriptAlias /rancid “/var/www/cgi-bin/viewvc.cgi”
ScriptAlias /query “/var/www/cgi-bin/query.cgi”
service httpd restart
There you have it. You should now have a working RANCID platform backing up you network devices on your schedule. You can also configure email alerting for device configuration changes using postfix. I’m sure you’ll love RANCID, it saves so much time and effort. Logging on to devices is easy, config backups are a life saver and on Linux is rock solid reliability.
Enjoy.
Good write up.
I originally had RANCID running on an Ubuntu server, but it would never backup HP switch configs via SSH, only telnet. Even though you could manually connect using .cloginrc it just would not pickup the differences when issuing rancid-run. The RANCID logs complained that the “write terminal” command could not be issued on the switch, when I could do it manually.
I finally gave up trying to fix it and reinstalled RANCID on Centos following your guide and it fixed my issue.
I used Centos 6.7, but the same steps worked fine with no problems.
A tip for anybody following the guide blindly from a fresh install. Port 80 needs to be opened to view the repository through the web :
iptables -I INPUT -p tcp -m tcp –dport 80 -j ACCEPT
sudo service iptables save
Glad to be of service Ritchie.