Agenda: exercises-rancid.txt

Network Management & Monitoring

Using RANCID

Notes:
------
* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root.
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") 
  imply that you are executing commands on remote equipment, or within 
  another program.

Exercises
---------

0. Log in to your PC or open a terminal window as the sysadmin user.

1. Verify that postfix (mail system) is installed and running.

    $ ps ax | grep postfix

2. Add an alias for the rancid user in /etc/aliases file

    $ sudo joe /etc/aliases

    rancid-all:     sysadmin
    rancid-admin-all:   sysadmin

    Save the file, then run:

    $ sudo newaliases

3. Install Rancid itself

    $ sudo apt-get install rancid

    (Say yes to the questions)

    $ sudo apt-get install rancid-cgi
    $ sudo apt-get install cvsweb
    $ sudo apt-get install cvs

    Or you could install everything at once:
    
    $ sudo apt-get install rancid rancid-cgi cvsweb cvs

4. Edit /etc/rancid/rancid.conf

    $ sudo joe /etc/rancid/rancid.conf

    Find the line with the parameter LIST_OF_GROUPS, and replace it with

    LIST_OF_GROUPS="all"

    (with no '#' at the front of line)

5. Choose which router you will manage:

        rX         ->          10.10.254.xxx


6. Change to the rancid user

    - First you need to become the root user:

    $ sudo bash
    
      Now you can become the RANCID user:
    
    # su -s /bin/bash rancid
    
    - Check that you ARE the rancid user:

    $ id

    - You should see something similar (numbers may be different):

    uid=114(rancid) gid=124(rancid) groups=124(rancid)

7. Create /var/lib/rancid/.cloginrc

    $ joe /var/lib/rancid/.cloginrc

    add user 10.10.254.xxx sysadmin
    add password 10.10.254.xxx pass enable_pass

        (Replace 10.10.254.xxx with your router's IP address. 'sysadmin',
        'pass' and 'enable_pass' are the username, password and enable
        password used to login to your router)

        Now protect this file so that it cannot be read by other users:

    $ chmod 600 /var/lib/rancid/.cloginrc

7. Initialize the CVS repository for rancid:

    $ /usr/lib/rancid/bin/rancid-cvs

    - You should see something similar to this:

No conflicts created by this import

cvs checkout: Updating all
Directory /var/lib/rancid/CVS/all/configs added to the repository
cvs commit: Examining configs
cvs add: scheduling file `router.db' for addition
cvs add: use `cvs commit' to add this file permanently
/var/lib/rancid/CVS/all/router.db,v  <--  router.db
initial revision: 1.1


8. Test login to the router

    $  /usr/lib/rancid/bin/clogin 10.10.254.xxx

        - If all goes well, rancid will proceed to automatically log you
          into the router.  You should see this on your screen:

User Access Verification

Username: cisco
Password: 

R16>enable
Password: 
R16#

        ... all this without having to type a username or password!

    - Type 'exit' to logout

9. Add the router.db

    $ joe /var/lib/rancid/all/router.db

    Add:

    10.10.254.xxx:cisco:up

    (remember to replace xxx as appropriate)

10. Let's run rancid!

    $ /usr/lib/rancid/bin/rancid-run

    (Should take a few seconds)

11. Check out the logs:

    $ cd /var/lib/rancid/logs
    $ ls -l

    ... View the contents of the file:

    $ less all.*


12. Look at the configs

    $ cd /var/lib/rancid/all/configs
    $ less 10.10.254.xxx

    - If all went well, you can see the config of the router.


13. Let's change an interface Description on the router

    $ /usr/lib/rancid/bin/clogin 10.10.254.xxx

    - At the "Rx#" prompt, enter the command:

    conf term

    - You should see:

Enter configuration commands, one per line.  End with CNTL/Z.
Rx(config)#

    - Enter:

    interface Fa0/1

    - You should get this prompt:

Rx(config-if)#

    - Enter:

    Rx(config-if)> description Internal Interface to PCx


    - Then type CTRL-Z (press Control + the Z key)

    - You should now have this prompt:

Rx#

    - To save the config to memory:

    write memory

    - You should see:

Building configuration...
[OK]

    - To exit type:

    exit

14. Let's run rancid again:

    $ /usr/lib/rancid/bin/rancid-run

    Look at the config and logs

    $ ls /var/lib/rancid/logs/

15. Let's see the differences

    $ cd /var/lib/rancid/all/configs
    $ ls -l

    You should see all the router config files

    $ cvs log 10.10.254.xxx

    (where xxx is the IP of your router, .129 or .161)

    Notice the revisions.  Let's view the difference between two versions:

    $ cvs diff -u -r 1.2 -r 1.3 10.10.254.xxx | less

    ... can you find your changes ?

16. Check your mail

    As the user "sysadmin", run the "mutt" mailer to see the mails that
    Rancid has sent:

    $ exit
    # su - sysadmin

    $ mutt

    If everything goes as planned, you should be able to read the mails
    sent by Rancid.

    (use q or x to quit mutt)

17. Finally, let's make rancid run automatically every 30 minutes from cron

    $ crontab -e

    - Add this line:

    */30  *  *  *  *  /usr/lib/rancid/bin/rancid-run

    ... then save and quit