Network Management & Monitoring
Become the RANCID user
Make sure you are the root user first. If not, then do:
$ sudo bash
To become the RANCID user do:
# su -s /bin/bash rancid
Note the IP addresses for the routers
10.10.254.xxx where xxx goes from 1 to 26
Update /var/lib/rancid/.cloginrc
Change the file to look like this:
$ editor /var/lib/rancid/.cloginrc
add user 10.10.254.* sysadmin
add password 10.10.254.* pass enable_pass
(This tells RANCID that all hosts called "10.10.254.*" use the same password and user -- no need to add every router by hand! The first match in the file wins)
Update the router.db
$ editor /var/lib/rancid/all/router.db
Add some other classroom routers to the file. You should end up with something like:
10.10.254.5:cisco:up
10.10.254.6:cisco:up
10.10.254.7:cisco:up
10.10.254.8:cisco:up
(Note that "cisco" means this is Cisco equipment -- it tells Rancid that we are expecting to talk to a Cisco device here. You can also talk to Juniper, HP, ...)
Run rancid again:
$ /usr/lib/rancid/bin/rancid-run
(Should take a few seconds)
Check out the logs:
$ cd /var/lib/rancid/logs
$ ls -l
... Pick the latest file and view it
$ less all.YYYYMMDD.HHMMSS
Look at the configs
$ cd /var/lib/rancid/all/configs
$ less 10.10.*
If all went well, you can see the configs of ALL routers
Change the configuration on the router (change the description on an interface, for example)
Run rancid again
$ /usr/lib/rancid/bin/rancid-run
Play with clogin:
$ /usr/lib/rancid/bin/clogin -c "show clock" 10.10.254.x
What do you notice ?
Add the RANCID CVS repository in to CVSweb
If you are still logged in as user rancid, get back to root
$ exit
#
Install CVSweb:
# apt-get install cvsweb
Edit the file /etc/cvsweb/cvsweb.conf
# editor /etc/cvsweb/cvsweb.conf
Below the line
'local' => ['Local Repository', '/var/lib/cvs'],
add
'rancid' => ['Rancid Repository', '/var/lib/rancid/CVS'],
Save and exit
Fix a link:
# cd /var/www
# ln -s /usr/share/cvsweb .
Open a web browser to the link:
http://pcXXX/cgi-bin/cvsweb/
Select the RANCID repository and browse the files under the 'all' directory.
Rancid can also provide a web interface for support staff to perform limited queries on routers, without letting them know the passwords.
To use it, install the rancid-cgi
package, and point your web browser at
http://pcXXX/cgi-bin/lg/lgform.cgi
You need to copy your routers.db to /etc/rancid/routers.db
and
your .clogin file to /var/www/.clogin
, and make them readable only to the
www-data
user. Beware that if there are other CGIs running on your Apache
server, they will be able to read these passwords.
Configuration file is /etc/rancid/lg.conf
. Additional info is in
man lg_intro
and files in the directory /usr/share/doc/rancid-cgi
,
especially README.lg