Introduction

This post was supposed to be a post on how to install RANCID on the latest and greatest Ubuntu Server version 14.04. However I’m still working on it as it is not as straight forward as it should be! I did however speak to a great guy called Bejoy who has helped me try and get 14.04 working but also suggested Ubuntu 10.04 LTS was easy to get RANCID up and running so thought why not mention this install for now instead while we still look into getting it running on 14.04.

RANCID in case you are reading this thinking what is it? It is a great tool which stands for Really Awesome New Cisco ConfIg Differ. It takes backups of network device configuration with version control. That’s right, with version control you can quickly spot mistakes or changes and RANCID can alert admins of those changes when they happen. It can also be viewed through a browser making it much easier to deal with for non Linux savvy admins.

Installation

Now I will reiterate this works great on Ubuntu version 10.04 LTS and you can get that version here:

http://old-releases.ubuntu.com/releases/10.04.3/

The installation of Ubuntu is a simple affair so I won’t go over that as if you are installing RANCID you know IT.

Now to follow these guidelines the following apply. $ means the user whereas # means the root user which you can get to in Ubuntu by typing:

$sudo su

However the user needs to have sudo rights and if you haven’t, I suggest you stopping now as you should already this.

Install the base requirements 

#apt-get  install build-essential expect rancid

Rancid configuration

On Ubuntu, RANCID creates a number of different folders under its home  /var/lib/rancid directory. To create those folders, we need to modify the groups in the following file like so:

nano /etc/rancid/rancid.conf  

Once you have opened the file, you need to find the bold section and add another line underneath detailing your groups like the below:

#
# list of rancid groups
#LIST_OF_GROUPS=”sl joebobisp”; export LIST_OF_GROUPS
# more groups…
#LIST_OF_GROUPS=”$LIST_OF_GROUPS noc billybobisp”; export LIST_OF_GROUPS
LIST_OF_GROUPS=”HQ”
#

Now if you’re new to Linux, a # in configuration files means the line is not used or is “un-commented”. Therefore the line ending HQ is the group which I have added. Groups cannot contain spaces so you must use _ to separate words e.g. New_York. A space will be used between different groups as in the example bold line.

Creating the .cloginrc file

The next step is to create a file in the /var/lib/rancid folder.

#nano .cloginrc

The command assumes you are already in this directory. This is the file that contains the method, password and users. Now an obvious point, but one I shall make non the less is devices should be configured for SSH access not telnet. This should be the case regardless of devices being accessed via the web or an internal LAN as passwords are sent in clear text via telnet!

For the all devices use the same credentials:

add method * ssh
add user * rancid
add password * RancidPW EnablePW

If however you use different credentials on different devices, the list works in a top down fashion picking the first from the list in each section. Therefore the wildcard * entries would need to exist after all specific entries have been defined first.

Protecting the .cloginrc file

The next step is to protect the .cloginrc file. Without this step, an error will be seen that the file must not be world view-able.

#chmod 600 /var/lib/rancid/.cloginrc

Change the permission and ownership of rancid directories

#chown -R rancid:rancid /var/lib/rancid

Creating the RANCID CVS directories 

#su -c /var/lib/rancid/bin/rancid-cvs -s /bin/bash -l rancid 

The output should complete without conflicts and you should now see the groups you defined earlier created under /var/lib/rancid e.g. /var/lib/rancid/HQ

Inside the newly created directory/ies will be a file named router.db, this file is where the device information will be entered.

Creating Device Information

Edit the file with your favourite editor:

#nano /var/lib/rancid/HQ/router.db

Add a single line in the file per device. The format is hostname:type:status, where hostname is either the fqdn or the IP of the device, type is the type of device e.g. cisco and the status is whether the device is up or down. For example:

192.168.30.254:cisco:up

somerouter.routertown.com:cisco.down

If set to down, RANCID ignores the device. RANCID supports a number of different devices. Full lists of supported devices are in the RANCID documentation.

Checking Device Access 

$sudo -u rancid -H /var/lib/rancid/bin/./clogin <fqdn or IP address> 

If everything is good, rancid will login to the device. If not you will either get an error or permissions problem. Please make sure the section ‘Protecting the .cloginr file’ mentioned above has been followed.

Email Configuration Changes

RANCID can and will email configuration changes directly. I like Postfix so lets get that installed on the box:

#apt-get install postfix

Next step is to configure the aliases in the relevant file.

#nano /etc/aliases

Create a user and admin user per group for example:

postmaster: root
rancid-HQ: <your@email>
rancid-admin-HQ: <your@email>

Once that has been done, you will need to update the MTA by running the following command:

#newaliases

The next step is to point the RANCID box at your mail server to relay email. We just need to edit the main postfix config file:

#nano /etc/postfix/main.cf

The section you’re looking for is pretty obvious!

relayhost = <IP address of email server>

Now obviously the mail server needs to allow SMTP from the RANCID server. I’ll leave you to figure it out. If it isn’t working after this though then you have an issue on the mail server side as this is all the configuration you need in postfix for a simple SMTP relay.

Automating the Backups

Now everything has been confirmed as working correctly i hope. The next step is to configure a cron job to automatically login to your devices and poll for changes.

#crontab -e -u rancid

Once you are in the user cron tab. You just need to add a schedule to your liking. I like it to run at 1 minute past the hour every hour.

# m h dom mon dow command
1 * * * * /usr/bin/rancid-run

Save the cron job and it will run every hour or as however you specify.

Configuring a GUI

Now this is the part for Ubuntu 14.04 I have been having issues with. On 10.04 however it is a piece of cake. You have choices between cvsweb or viewvc. I like viewvc so lets get that on:

#apt-get install viewvc

Once installed we just need to configure viewvc to use the RANCID directory.

#nano /etc/viewvc/viewvc.conf

You just need to find the two lines and modify them to the following:

cvs_roots = rancid: /var/lib/rancid/CVS

default_root = rancid

Modifying your Apache2 Configuration

You need to make sure your Apache configuration resembles the following:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ “/usr/share/doc/”
<Directory “/usr/share/doc/”>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>

You can do this using your favourite editor:

#nano /etc/apache2/sites-enabled/000-default

After this is done you just need to type the following into your browser to access:

http://yourrancidserver/cgi-bin/viewvc.cgi

You should now have a functioning RANCID server. This will email you and any other admins configured when device configuration changes have been made. Also, admins can view the configuration via a web browser. I guarantee this will make your life easier and if you set it up for your company, they will think you are the nuts. Well worth having.

External Links

Without these incredibly helpful guides this would have probably taken me years to figure out. And maybe Ubuntu 14.04 will!

http://www.shrubbery.net/rancid/

http://bejoybkn.blogspot.co.uk/2011/07/how-to-setup-and-configure-rancid.html

http://evilttl.com/wiki/RANCID

https://help.ubuntu.com/community/RANCID

http://openmaniak.com/rancid_tutorial.php

 http://networklore.com/rancid-getting-started/

RANCID Setup on Ubuntu 10.04 LTS
Tagged on:             

2 thoughts on “RANCID Setup on Ubuntu 10.04 LTS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.