Some time ago I described How to : Install RANCID on openSUSE 11.4 “Celadon”. However, just after installation RANCID will do nothing without proper configuration.
So, in this lab I will show how to:
- create group of devices in rancid
- add information about credentals to RANCID
- add 2 Cisco routers to that group
- collect configuration from routers
- setup cron task to run rancid automatically
Systems which will be used to demonstrate how to add device to RANCID and collect configuration:
- lab-gw-01 – IP: 172.16.90.5 – openSUSE witn RANCID – installed on VMware Workstation
- lab-r1 – IP: 172.16.90.123 – Cisco router – started on GNS3
- lab-r2 – IP: 172.16.90.124 – Cisco router – started on GNS3
Create group of devices in RANCID
RANCID stores information about devices in groups. Group is just a set of devices from which we want to collect configurations. It brings some logic to rancid repositories and allows to divide configuration collections according to certain rules (for example: separate company site, one group per customer, one group per functional network, etc.).
In order to define group we need to make change in /etc/rancid/rancid.conf file.
# list of rancid groups #LIST_OF_GROUPS="sl joebobisp" # more groups... #LIST_OF_GROUPS="$LIST_OF_GROUPS noc billybobisp" LIST_OF_GROUPS="LAB"
rancid@lab-gw-01:~> rancid-cvs LAB Committed revision 1. Checked out revision 1. A configs Adding configs Committed revision 2. A router.db Adding router.db Transmitting file data . Committed revision 3. rancid@lab-gw-01:~>
Add routers to RANCID
To demonstrate whole process step by step I separated few stages of adding devices to RANCID repository:
- /etc/hosts – adding hostnames for devices we want to collect to DNS/hosts files (depends on configuration)
- /etc/rancid/.cloginrc – defining credentials for devices we want to collect configuration from
- routers.db – definigs list of routers for repository with type of device
Let’s see what is behind each of those steps.
/etc/hosts
First of all I make sure that each of two test routers is available via hostname. As in this small lab environment I do not maintain DNS server and separate DNS zone, I will just simply add both routers and their IP addresses to /etc/hosts file on RANCID server.
172.16.90.123 lab-r1 172.16.90.124 lab-r2
Next thing to do is to inform RANCID what credentials should be used in order to access devices.
/etc/rancid/.cloginrc
RANCID is using set of scripts and applications to get access to devices. However, each device in network is protected by username and password. In order to allow RANCID to access device(s) and collect information appropriate credentials have to be provided to RANCID in .cloginrc file. In my installation this file is located in /etc/rancid folder.
I will be collecting configuration files from lab-r1 and lab-r2, so need to inform RANCID how to access those devices by adding following lines to /etc/rancid/.cloginrc:
add password lab-r1 rancid12 add user lab-r1 rancid add method lab-r1 ssh telnet add autoenable lab-r1 1
add password lab-r2 rancid12 add user lab-r2 rancid add method lab-r2 ssh telnet add autoenable lab-r2 1
On each router separate user has been created for RANCID automation use and privilege assigned to that user is level 15.
lab-r1(config)#username rancid privilege 15 password 0 rancid12
/var/lib/rancid/LAB/router.db
Once we have routers available via hostname and RANCID has been informed what credentials should be used to access devices we have to tell rancid what type of devices are behind lab-r1 and lab-r2. Basically we need to add those two routers to RANCID repository created at the beginning of the whole process, indicate type of the device (in that case both are Cisco routers) and tell RANCID that both devices are up and running.
RANCID keeps list of devices for particular repository in router.db file located in root repository folder. Default folder for all RANCID repositories in my RANCID installation is /var/lib/rancid. Then I told RANCID to create repository called LAB, so root path to our LAB repository will be /var/lib/rancid/LAB and there router.db is located.
By default, after new repository is created router.db is empty, so I have to populate this with information about 2 routers from LAB environment by adding following lines to /var/lib/rancid/router.db file:
lab-r1:cisco:up lab-r2:cisco:up
Collect configuration from routers
Now we fully set to run router configuration collection process for the first time.
lab-gw-01:~ # su - rancid rancid@lab-gw-01:~> rancid-run LAB You have mail in /var/spool/mail/rancid rancid@lab-gw-01:~>
After some time (depends how many devices have been added and how fast connection to devices is) RANCID will return to shell. Now it’s time to go and check what is in repository now:
rancid@lab-gw-01:~> cd /var/lib/rancid/LAB/configs rancid@lab-gw-01:/var/lib/rancid/LAB/configs> ls -l total 16 -rw-r----- 1 rancid rancid 4687 Jan 23 11:55 lab-r1 -rw-r----- 1 rancid rancid 4665 Jan 23 11:55 lab-r2 rancid@lab-gw-01:/var/lib/rancid/LAB/configs>
So, two files with names same as routers (lab-r1, lab-r2) collected in repository. RANCID setup worked correctly and initial, full configuration from both devices is in repository. From now on each RANCID collection process will download full configuration to repository, compare with existing one and stores as new version of configuration in Subversion repository.
Setup cron task to run RANCID automatically
Now RANCID is fully configured and able to collect configurations from devices. It’s time to automate collection process, so RANCID will gather changes from devices itself and populate repository. That will provide automated solution to keep track what has changed in network configuration on devices. In addition to that RANCID is generating log files, so it will be nice to maintain those log files (basically remove them) after some time.
To automate RANCID, I will use cron as built-in Linux tool. So, first I will change user context from root to rancid and then I will go to cron schedule configuration:
lab-gw-01:~ # su - rancid rancid@dfw10-net-01:~> crontab -e
To run RANCID on a regular basis as a background task I will add following lines to cron schedule table:
# run config differ every 4 hours, 45 minutes after full hour 45 0,4,8,12,16,20 * * * /usr/bin/rancid-run # clean config differ logs 50 23 * * * /usr/bin/find /var/lib/rancid/logs -type f -mtime +2 -exec rm {} \;
I guess now RANCID is fully set to collect, store and compare configuration from 2 Cisco routers I have in Lab environment.
Reference materials
Articles which might be helpful in LAB environment preparation and/or RANCID deployment:
- How to : Install RANCID on openSUSE 11.4 “Celadon”
- How-to : VMware Workstation 8 and GNS3 integration
Enjoy! 🙂
- How-to : Configuring RANCID to send email(s) with changes on routers
- How-to : Using WebSVN as RANCID repository access tool
This documentation is great but slightly dated. With the newest version of RANCID, you will need to edit your router.db file with ; as opposed to :. (ex lab-3;cisco;up) Otherwise this is a good guide! Thanks!
This procedure works with openSUSE 13.2 and Rancid-3.2 and the difference in needing to use a SemiColon instead of a Colon as Joe stated still stands.
Now I just need to get sendmail and WebSVN to work!
Hi everyone, I was doing a configuration for Rancid can make connecting a cisco switch to another switch cisco to obtain the configuration file, but can not find such information, only the settings using the cloging but not as collect the configuration file in this case the “running-config” Can you provide me this information?
Greetings and thank you