This post was supposed to be a post on how to install RANCID on the latest and greatest Ubuntu Server version 14.04. However I’m still working on it as it is not as straight forward as it should be! I did however speak to a great guy called Bejoy who has helped me try and get 14.04 working but also suggested Ubuntu 10.04 LTS was easy to get RANCID up and running so thought why not mention this install for now instead while we still look into getting it running on 14.04.
RANCID in case you are reading this thinking what is it? It is a great tool which stands for Really Awesome New Cisco ConfIg Differ. It takes backups of network device configuration with version control. That’s right, with version control you can quickly spot mistakes or changes and RANCID can alert admins of those changes when they happen. It can also be viewed through a browser making it much easier to deal with for non Linux savvy admins.
Now I will reiterate this works great on Ubuntu version 10.04 LTS and you can get that version here:
The installation of Ubuntu is a simple affair so I won’t go over that as if you are installing RANCID you know IT.
Now to follow these guidelines the following apply. $ means the user whereas # means the root user which you can get to in Ubuntu by typing:
However the user needs to have sudo rights and if you haven’t, I suggest you stopping now as you should already this.
Install the base requirements
#apt-get install build-essential expect rancid
On Ubuntu, RANCID creates a number of different folders under its home /var/lib/rancid directory. To create those folders, we need to modify the groups in the following file like so:
Once you have opened the file, you need to find the bold section and add another line underneath detailing your groups like the below:
# list of rancid groups
#LIST_OF_GROUPS=”sl joebobisp”; export LIST_OF_GROUPS
# more groups…
#LIST_OF_GROUPS=”$LIST_OF_GROUPS noc billybobisp”; export LIST_OF_GROUPS
Now if you’re new to Linux, a # in configuration files means the line is not used or is “un-commented”. Therefore the line ending HQ is the group which I have added. Groups cannot contain spaces so you must use _ to separate words e.g. New_York. A space will be used between different groups as in the example bold line.
Creating the .cloginrc file
The next step is to create a file in the /var/lib/rancid folder.
The command assumes you are already in this directory. This is the file that contains the method, password and users. Now an obvious point, but one I shall make non the less is devices should be configured for SSH access not telnet. This should be the case regardless of devices being accessed via the web or an internal LAN as passwords are sent in clear text via telnet!
For the all devices use the same credentials:
add method * ssh
add user * rancid
add password * RancidPW EnablePW
If however you use different credentials on different devices, the list works in a top down fashion picking the first from the list in each section. Therefore the wildcard * entries would need to exist after all specific entries have been defined first.
Protecting the .cloginrc file
The next step is to protect the .cloginrc file. Without this step, an error will be seen that the file must not be world view-able.
#chmod 600 /var/lib/rancid/.cloginrc
Change the permission and ownership of rancid directories
#chown -R rancid:rancid /var/lib/rancid
Creating the RANCID CVS directories
#su -c /var/lib/rancid/bin/rancid-cvs -s /bin/bash -l rancid
The output should complete without conflicts and you should now see the groups you defined earlier created under /var/lib/rancid e.g. /var/lib/rancid/HQ
Inside the newly created directory/ies will be a file named router.db, this file is where the device information will be entered.
Creating Device Information
Edit the file with your favourite editor:
Add a single line in the file per device. The format is hostname:type:status, where hostname is either the fqdn or the IP of the device, type is the type of device e.g. cisco and the status is whether the device is up or down. For example:
If set to down, RANCID ignores the device. RANCID supports a number of different devices. Full lists of supported devices are in the RANCID documentation.
Checking Device Access
$sudo -u rancid -H /var/lib/rancid/bin/./clogin <fqdn or IP address>
If everything is good, rancid will login to the device. If not you will either get an error or permissions problem. Please make sure the section ‘Protecting the .cloginr file’ mentioned above has been followed.
Email Configuration Changes
RANCID can and will email configuration changes directly. I like Postfix so lets get that installed on the box:
#apt-get install postfix
Next step is to configure the aliases in the relevant file.
Create a user and admin user per group for example:
Once that has been done, you will need to update the MTA by running the following command:
The next step is to point the RANCID box at your mail server to relay email. We just need to edit the main postfix config file:
The section you’re looking for is pretty obvious!
relayhost = <IP address of email server>
Now obviously the mail server needs to allow SMTP from the RANCID server. I’ll leave you to figure it out. If it isn’t working after this though then you have an issue on the mail server side as this is all the configuration you need in postfix for a simple SMTP relay.
Automating the Backups
Now everything has been confirmed as working correctly i hope. The next step is to configure a cron job to automatically login to your devices and poll for changes.
#crontab -e -u rancid
Once you are in the user cron tab. You just need to add a schedule to your liking. I like it to run at 1 minute past the hour every hour.
# m h dom mon dow command
1 * * * * /usr/bin/rancid-run
Save the cron job and it will run every hour or as however you specify.
Configuring a GUI
Now this is the part for Ubuntu 14.04 I have been having issues with. On 10.04 however it is a piece of cake. You have choices between cvsweb or viewvc. I like viewvc so lets get that on:
#apt-get install viewvc
Once installed we just need to configure viewvc to use the RANCID directory.
You just need to find the two lines and modify them to the following:
cvs_roots = rancid: /var/lib/rancid/CVS
default_root = rancid
Modifying your Apache2 Configuration
You need to make sure your Apache configuration resembles the following:
Options Indexes FollowSymLinks MultiViews
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Allow from all
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
CustomLog /var/log/apache2/access.log combined
Alias /doc/ “/usr/share/doc/”
Options Indexes MultiViews FollowSymLinks
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
You can do this using your favourite editor:
After this is done you just need to type the following into your browser to access:
You should now have a functioning RANCID server. This will email you and any other admins configured when device configuration changes have been made. Also, admins can view the configuration via a web browser. I guarantee this will make your life easier and if you set it up for your company, they will think you are the nuts. Well worth having.
Without these incredibly helpful guides this would have probably taken me years to figure out. And maybe Ubuntu 14.04 will!