Network Management & Monitoring

Using RANCID Part II

Notes:

• Commands preceded with "$" imply that you should execute the command as a general user - not as root.
• Commands preceded with "#" imply that you should be working as root.
• Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") imply that you are executing commands on remote equipment, or within another program.

Exercises

1. Become the RANCID user

   Make sure you are the root user first. If not, then do:

   $ sudo bash
   

   To become the RANCID user do:

   # su -s /bin/bash rancid
   

2. Note the IP addresses for the routers

   10.10.254.xxx  where xxx goes from 1 to 26
   

3. Update /var/lib/rancid/.cloginrc

   Change the file to look like this:

   $ editor /var/lib/rancid/.cloginrc
   
   
   add user 10.10.254.* sysadmin
   add password 10.10.254.* pass enable_pass
   

   (This tells RANCID that all hosts called "10.10.254.*" use the same password and user -- no need to add every router by hand! The first match in the file wins)

4. Update the router.db

   $ editor /var/lib/rancid/all/router.db
   

   Add some other classroom routers to the file. You should end up with something like:

   10.10.254.5:cisco:up 
   10.10.254.6:cisco:up 
   10.10.254.7:cisco:up 
   10.10.254.8:cisco:up
   

   (Note that "cisco" means this is Cisco equipment -- it tells Rancid that we are expecting to talk to a Cisco device here. You can also talk to Juniper, HP, ...)

5. Run rancid again:

   $ /usr/lib/rancid/bin/rancid-run
   

   (Should take a few seconds)

6. Check out the logs:

   $ cd /var/lib/rancid/logs
   $ ls -l
   

   ... Pick the latest file and view it

   $ less all.YYYYMMDD.HHMMSS
   

7. Look at the configs

   $ cd /var/lib/rancid/all/configs
   $ less 10.10.*
   

   If all went well, you can see the configs of ALL routers

8. Change the configuration on the router (change the description on an interface, for example)

9. Run rancid again

   $ /usr/lib/rancid/bin/rancid-run
   

10. Play with clogin:

    $  /usr/lib/rancid/bin/clogin -c "show clock" 10.10.254.x
    

    What do you notice ?

11. Add the RANCID CVS repository in to CVSweb

    If you are still logged in as user rancid, get back to root

    $ exit
    #
    

    Install CVSweb:

    # apt-get install cvsweb
    

12. Edit the file /etc/cvsweb/cvsweb.conf

    # editor /etc/cvsweb/cvsweb.conf
    

    Below the line

    'local'   => ['Local Repository', '/var/lib/cvs'],
    

    add

    'rancid'   => ['Rancid Repository', '/var/lib/rancid/CVS'],
    

    Save and exit

13. Fix a link:

    # cd /var/www
    # ln -s /usr/share/cvsweb .
    

    Open a web browser to the link:

    http://pcXXX/cgi-bin/cvsweb/
    

    Select the RANCID repository and browse the files under the 'all' directory.

Rancid looking glass

Rancid can also provide a web interface for support staff to perform limited queries on routers, without letting them know the passwords.

To use it, install the rancid-cgi package, and point your web browser at http://pcXXX/cgi-bin/lg/lgform.cgi

You need to copy your routers.db to /etc/rancid/routers.db and your .clogin file to /var/www/.clogin, and make them readable only to the www-data user. Beware that if there are other CGIs running on your Apache server, they will be able to read these passwords.

Configuration file is /etc/rancid/lg.conf. Additional info is in man lg_intro and files in the directory /usr/share/doc/rancid-cgi, especially README.lg