Network Management & Monitoring

Using RANCID Part II

Notes:

Exercises

  1. Become the RANCID user

    Make sure you are the root user first. If not, then do:

    $ sudo bash
    

    To become the RANCID user do:

    # su -s /bin/bash rancid
    
  2. Note the IP addresses for the routers

    10.10.254.xxx  where xxx goes from 1 to 26
    
  3. Update /var/lib/rancid/.cloginrc

    Change the file to look like this:

    $ editor /var/lib/rancid/.cloginrc
    
    
    add user 10.10.254.* sysadmin
    add password 10.10.254.* pass enable_pass
    

    (This tells RANCID that all hosts called "10.10.254.*" use the same password and user -- no need to add every router by hand! The first match in the file wins)

  4. Update the router.db

    $ editor /var/lib/rancid/all/router.db
    

    Add some other classroom routers to the file. You should end up with something like:

    10.10.254.5:cisco:up 
    10.10.254.6:cisco:up 
    10.10.254.7:cisco:up 
    10.10.254.8:cisco:up
    

    (Note that "cisco" means this is Cisco equipment -- it tells Rancid that we are expecting to talk to a Cisco device here. You can also talk to Juniper, HP, ...)

  5. Run rancid again:

    $ /usr/lib/rancid/bin/rancid-run
    

    (Should take a few seconds)

  6. Check out the logs:

    $ cd /var/lib/rancid/logs
    $ ls -l
    

    ... Pick the latest file and view it

    $ less all.YYYYMMDD.HHMMSS
    
  7. Look at the configs

    $ cd /var/lib/rancid/all/configs
    $ less 10.10.*
    

    If all went well, you can see the configs of ALL routers

  8. Change the configuration on the router (change the description on an interface, for example)

  9. Run rancid again

    $ /usr/lib/rancid/bin/rancid-run
    
  10. Play with clogin:

    $  /usr/lib/rancid/bin/clogin -c "show clock" 10.10.254.x
    

    What do you notice ?

  11. Add the RANCID CVS repository in to CVSweb

    If you are still logged in as user rancid, get back to root

    $ exit
    #
    

    Install CVSweb:

    # apt-get install cvsweb
    
  12. Edit the file /etc/cvsweb/cvsweb.conf

    # editor /etc/cvsweb/cvsweb.conf
    

    Below the line

    'local'   => ['Local Repository', '/var/lib/cvs'],
    

    add

    'rancid'   => ['Rancid Repository', '/var/lib/rancid/CVS'],
    

    Save and exit

  13. Fix a link:

    # cd /var/www
    # ln -s /usr/share/cvsweb .
    

    Open a web browser to the link:

    http://pcXXX/cgi-bin/cvsweb/
    

    Select the RANCID repository and browse the files under the 'all' directory.


Rancid looking glass

Rancid can also provide a web interface for support staff to perform limited queries on routers, without letting them know the passwords.

To use it, install the rancid-cgi package, and point your web browser at http://pcXXX/cgi-bin/lg/lgform.cgi

You need to copy your routers.db to /etc/rancid/routers.db and your .clogin file to /var/www/.clogin, and make them readable only to the www-data user. Beware that if there are other CGIs running on your Apache server, they will be able to read these passwords.

Configuration file is /etc/rancid/lg.conf. Additional info is in man lg_intro and files in the directory /usr/share/doc/rancid-cgi, especially README.lg