Network Management & Monitoring

Using RANCID

Notes:

• Commands preceded with "$" imply that you should execute the command as a general user - not as root.
• Commands preceded with "#" imply that you should be working as root.
• Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") imply that you are executing commands on remote equipment, or within another program.

Exercises

1. Connect to your PC using ssh

2. Become root, verify that postfix (mail system) is installed and running.

   $ sudo bash
   # service postfix status
   ... result should be "postfix is running"
   

   Also check that the 'mutt' mail client is installed:

   # apt-get install mutt
   

3. Add an alias for the rancid user in /etc/aliases file

   # editor /etc/aliases
   
   
   rancid-all:     sysadm
   rancid-admin-all:   sysadm
   

   Save the file, then run:

   # newaliases
   

4. Install Rancid itself

   # apt-get install rancid telnet
   

5. Edit /etc/rancid/rancid.conf

   # editor /etc/rancid/rancid.conf
   

   Find the line with the parameter LISTOFGROUPS, and add a similar line with:

   LIST_OF_GROUPS="all"
   

   (with no '#' at the front of line)

6. Change to the rancid user

   From a root prompt, switch identity to become the 'rancid' user:

   # su -s /bin/bash rancid
   

   Check that you ARE the rancid user:

   $ id
   

   You should see something similar (numbers may be different):

   uid=114(rancid) gid=124(rancid) groups=124(rancid)
   

7. Create /var/lib/rancid/.cloginrc

   $ editor /var/lib/rancid/.cloginrc
   
   
   add user 10.10.254.xxx cisco
   add password 10.10.254.xxx cisco cisco
   

   (Replace 10.10.254.xxx with your router's IP address. The first 'cisco' is the username, the second and third 'cisco' are the password and enable password used to login to your router)

   Now protect this file so that it cannot be read by other users:

   $ chmod 600 /var/lib/rancid/.cloginrc
   

8. Initialize the CVS repository for rancid:

   $ /usr/lib/rancid/bin/rancid-cvs
   

   You should see something similar to this:

   No conflicts created by this import
   
   
   cvs checkout: Updating all
   Directory /var/lib/rancid/CVS/all/configs added to the repository
   cvs commit: Examining configs
   cvs add: scheduling file `router.db' for addition
   cvs add: use `cvs commit' to add this file permanently
   /var/lib/rancid/CVS/all/router.db,v  <--  router.db
   initial revision: 1.1
   

9. Test login to the router

   $  /usr/lib/rancid/bin/clogin 10.10.254.xxx
   

   If all goes well, rancid will proceed to automatically log you into the router. You should see this on your screen:

   User Access Verification
   
   
   Username: cisco
   Password: 
   
   
   router16>enable
   Password: 
   Router16#
   

   ... all this without having to type a username or password!

   Type 'exit' to logout

10. Create the router.db

    $ editor /var/lib/rancid/all/router.db
    

    Add this line:

    10.10.254.xxx:cisco:up
    

    (remember to replace xxx as appropriate)

11. Let's run rancid!

    $ /usr/lib/rancid/bin/rancid-run
    

    (Should take a few seconds)

12. Check out the logs:

    $ cd /var/lib/rancid/logs
    $ ls -l
    

    ... View the contents of the file(s):

    $ less all.*
    

13. Look at the configs

    $ cd /var/lib/rancid/all/configs
    $ less 10.10.254.xxx
    

    If all went well, you can see the config of the router.

14. Let's change an interface Description on the router

    $ /usr/lib/rancid/bin/clogin 10.10.254.xxx
    

    At the "RouterX#" prompt, enter the command:

    conf term
    

    You should see:

    Enter configuration commands, one per line.  End with CNTL/Z.
    RouterX(config)#
    

    Enter:

    interface Fa0/0
    

    You should get this prompt:

    RouterX(config-if)#
    

    Enter:

    RouterX(config-if)# description External interface to classroom
    RouterX(config-if)# end
    

    You should now have this prompt:

    RouterX#
    

    To save the config to memory:

    write memory
    

    You should see:

    Building configuration...
    [OK]
    

    To exit type:

    exit
    

15. Let's run rancid again:

    $ /usr/lib/rancid/bin/rancid-run
    

    Look at the config and logs

    $ ls /var/lib/rancid/logs/
    

16. Let's see the differences

    $ cd /var/lib/rancid/all/configs
    $ ls -l
    

    You should see all the router config files

    $ cvs log 10.10.254.xxx
    

    (where xxx is the IP of your router, .129 or .161)

    Notice the revisions. Let's view the difference between two versions:

    $ cvs diff -u -r 1.2 -r 1.3 10.10.254.xxx | less
    

    ... can you find your changes ?

17. Check your mail

    Now we will exit from these shells to get back to being the "sysadm" user, and run 'mutt' to see the mails which rancid has sent:

    $ exit
    # exit
    $ id
    ... check that you are now the 'sysadm' user again;
    ... if not, log out and in again
    $ mutt
    

    (When asked to create the Mail directory, say Yes)

    If everything goes as planned, you should be able to read the mails sent by Rancid.

    (use 'q' return to mail index, and 'q' again to quit mutt)

18. Finally, let's make rancid run automatically every 30 minutes from cron

    # crontab -e -u rancid
    

    Add this line:

    */30  *  *  *  *  /usr/lib/rancid/bin/rancid-run
    

    ... then save and quit