Agenda: exercises-rancid.txt

Network Management & Monitoring

Using RANCID

Notes:
------
* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root.
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") 
  imply that you are executing commands on remote equipment, or within 
  another program.

Exercises
---------

0. Log in to your PC or open a terminal window as the sysadmin user.

1. Verify that postfix (mail system) is installed and running.

    $ ps ax | grep postfix

2. Add an alias for the rancid user in /etc/aliases file

    $ sudo joe /etc/aliases

    rancid-all:     sysadmin
    rancid-admin-all:   sysadmin

    Save the file, then run:

    $ sudo newaliases

3. Install Rancid itself

    $ sudo apt-get install rancid

    (Say yes to the questions)

    $ sudo apt-get install rancid-cgi
    $ sudo apt-get install cvsweb
    $ sudo apt-get install cvs

    Or you could install everything at once:
    
    $ sudo apt-get install rancid rancid-cgi cvsweb cvs

4. Edit /etc/rancid/rancid.conf

    $ sudo joe /etc/rancid/rancid.conf

    Find the line with the parameter LIST_OF_GROUPS, and replace it with

    LIST_OF_GROUPS="all"

    (with no '#' at the front of line)

5. Choose which router you will manage:

        rX         ->          10.10.254.xxx


6. Change to the rancid user

    - First you need to become the root user:

    $ sudo bash
    
      Now you can become the RANCID user:
    
    # su -s /bin/bash rancid
    
    - Check that you ARE the rancid user:

    $ id

    - You should see something similar (numbers may be different):

    uid=114(rancid) gid=124(rancid) groups=124(rancid)

7. Create /var/lib/rancid/.cloginrc

    $ joe /var/lib/rancid/.cloginrc

    add user 10.10.254.xxx sysadmin
    add password 10.10.254.xxx menog7 menog7

        (Replace 10.10.254.xxx with your router's IP address. 'sysadmin',
        'menog7' and 'menog7' are the username, password and enable
        password used to login to your router)

        Now protect this file so that it cannot be read by other users:

    $ chmod 600 /var/lib/rancid/.cloginrc

7. Initialize the CVS repository for rancid:

    $ /usr/lib/rancid/bin/rancid-cvs

    - You should see something similar to this:

No conflicts created by this import

cvs checkout: Updating all
Directory /var/lib/rancid/CVS/all/configs added to the repository
cvs commit: Examining configs
cvs add: scheduling file `router.db' for addition
cvs add: use `cvs commit' to add this file permanently
/var/lib/rancid/CVS/all/router.db,v  <--  router.db
initial revision: 1.1


8. Test login to the router

    $  /usr/lib/rancid/bin/clogin 10.10.254.xxx

        - If all goes well, rancid will proceed to automatically log you
          into the router.  You should see this on your screen:

User Access Verification

Username: cisco
Password: 

R16>enable
Password: 
R16#

        ... all this without having to type a username or password!

    - Type 'exit' to logout

9. Add the router.db

    $ joe /var/lib/rancid/all/router.db

    Add:

    10.10.254.xxx:cisco:up

    (remember to replace xxx as appropriate)

10. Let's run rancid!

    $ /usr/lib/rancid/bin/rancid-run

    (Should take a few seconds)

11. Check out the logs:

    $ cd /var/lib/rancid/logs
    $ ls -l

    ... View the contents of the file:

    $ less all.*


12. Look at the configs

    $ cd /var/lib/rancid/all/configs
    $ less 10.10.254.xxx

    - If all went well, you can see the config of the router.


13. Let's change an interface Description on the router

    $ /usr/lib/rancid/bin/clogin 10.10.254.xxx

    - At the "Rx#" prompt, enter the command:

    conf term

    - You should see:

Enter configuration commands, one per line.  End with CNTL/Z.
Rx(config)#

    - Enter:

    interface Fa0/1

    - You should get this prompt:

Rx(config-if)#

    - Enter:

    Rx(config-if)> description Internal Interface to PCx


    - Then type CTRL-Z (press Control + the Z key)

    - You should now have this prompt:

Rx#

    - To save the config to memory:

    write memory

    - You should see:

Building configuration...
[OK]

    - To exit type:

    exit

14. Let's run rancid again:

    $ /usr/lib/rancid/bin/rancid-run

    Look at the config and logs

    $ ls /var/lib/rancid/logs/

15. Let's see the differences

    $ cd /var/lib/rancid/all/configs
    $ ls -l

    You should see all the router config files

    $ cvs log 10.10.254.xxx

    (where xxx is the IP of your router, .129 or .161)

    Notice the revisions.  Let's view the difference between two versions:

    $ cvs diff -u -r 1.2 -r 1.3 10.10.254.xxx | less

    ... can you find your changes ?

16. Check your mail

    As the user "sysadmin", run the "mutt" mailer to see the mails that
    Rancid has sent:

    $ exit
    # su - sysadmin

    $ mutt

    If everything goes as planned, you should be able to read the mails
    sent by Rancid.

    (use q or x to quit mutt)

17. Finally, let's make rancid run automatically every 30 minutes from cron

    $ crontab -e

    - Add this line:

    */30  *  *  *  *  /usr/lib/rancid/bin/rancid-run

    ... then save and quit