Some time ago I described How to : Install RANCID on openSUSE 11.4 “Celadon”. However, just after installation RANCID will do nothing without proper configuration.

So, in this lab I will show how to:

  • create group of devices in rancid
  • add information about credentals to RANCID
  • add 2 Cisco routers to that group
  • collect configuration from routers
  • setup cron task to run rancid automatically

Systems which will be used to demonstrate how to add device to RANCID and collect configuration:

  • lab-gw-01 – IP: 172.16.90.5 – openSUSE witn RANCID – installed on VMware Workstation
  • lab-r1 – IP: 172.16.90.123 – Cisco router – started on GNS3
  • lab-r2 – IP: 172.16.90.124 – Cisco router – started on GNS3


Create group of devices in RANCID

RANCID stores information about devices in groups. Group is just a set of devices from which we want to collect configurations. It brings some logic to rancid repositories and allows to divide configuration collections according to certain rules (for example: separate company site, one group per customer, one group per functional network, etc.).

In order to define group we need to make change in /etc/rancid/rancid.conf file.

# list of rancid groups
#LIST_OF_GROUPS="sl joebobisp"
# more groups...
#LIST_OF_GROUPS="$LIST_OF_GROUPS noc billybobisp"
LIST_OF_GROUPS="LAB"
rancid@lab-gw-01:~> rancid-cvs LAB
Committed revision 1.
Checked out revision 1.
A         configs
Adding         configs
Committed revision 2.
A         router.db
Adding         router.db
Transmitting file data .
Committed revision 3.
rancid@lab-gw-01:~>


Add routers to RANCID

To demonstrate whole process step by step I separated few stages of adding devices to RANCID repository:

  • /etc/hosts – adding hostnames for devices we want to collect to DNS/hosts files (depends on configuration)
  • /etc/rancid/.cloginrc – defining credentials for devices we want to collect configuration from
  • routers.db – definigs list of routers for repository with type of device

Let’s see what is behind each of those steps.

/etc/hosts

First of all I make sure that each of two test routers is available via hostname. As in this small lab environment I do not maintain DNS server and separate DNS zone, I will just simply add both routers and their IP addresses to /etc/hosts file on RANCID server.

172.16.90.123   lab-r1
172.16.90.124   lab-r2

Next thing to do is to inform RANCID what credentials should be used in order to access devices.

/etc/rancid/.cloginrc

RANCID is using set of scripts and applications to get access to devices. However, each device in network is protected by username and password. In order to allow RANCID to access device(s) and collect information appropriate credentials have to be provided to RANCID in .cloginrc file. In my installation this file is located in /etc/rancid folder.

I will be collecting configuration files from lab-r1 and lab-r2, so need to inform RANCID how to access those devices by adding following lines to /etc/rancid/.cloginrc:

add password    lab-r1          rancid12
add user        lab-r1          rancid
add method      lab-r1          ssh telnet
add autoenable  lab-r1          1
add password    lab-r2          rancid12
add user        lab-r2          rancid
add method      lab-r2          ssh telnet
add autoenable  lab-r2          1

On each router separate user has been created for RANCID automation use and privilege assigned to that user is level 15.

lab-r1(config)#username rancid privilege 15 password 0 rancid12

/var/lib/rancid/LAB/router.db

Once we have routers available via hostname and RANCID has been informed what credentials should be used to access devices we have to tell rancid what type of devices are behind lab-r1 and lab-r2. Basically we need to add those two routers to RANCID repository created at the beginning of the whole process, indicate type of the device (in that case both are Cisco routers) and tell RANCID that both devices are up and running.

RANCID keeps list of devices for particular repository in router.db file located in root repository folder. Default folder for all RANCID repositories in my RANCID installation is /var/lib/rancid. Then I told RANCID to create repository called LAB, so root path to our LAB repository will be /var/lib/rancid/LAB and there router.db is located.

By default, after new repository is created router.db is empty, so I have to populate this with information about 2 routers from LAB environment by adding following lines to /var/lib/rancid/router.db file:

lab-r1:cisco:up
lab-r2:cisco:up


Collect configuration from routers

Now we fully set to run router configuration collection process for the first time.

lab-gw-01:~ # su - rancid
rancid@lab-gw-01:~> rancid-run LAB
You have mail in /var/spool/mail/rancid
rancid@lab-gw-01:~>

After some time (depends how many devices have been added and how fast connection to devices is) RANCID will return to shell. Now it’s time to go and check what is in repository now:

rancid@lab-gw-01:~> cd /var/lib/rancid/LAB/configs
rancid@lab-gw-01:/var/lib/rancid/LAB/configs> ls -l
total 16
-rw-r----- 1 rancid rancid 4687 Jan 23 11:55 lab-r1
-rw-r----- 1 rancid rancid 4665 Jan 23 11:55 lab-r2
rancid@lab-gw-01:/var/lib/rancid/LAB/configs>

So, two files with names same as routers (lab-r1, lab-r2) collected in repository. RANCID setup worked correctly and initial, full configuration from both devices is in repository. From now on each RANCID collection process will download full configuration to repository, compare with existing one and stores as new version of configuration in Subversion repository.


Setup cron task to run RANCID automatically

Now RANCID is fully configured and able to collect configurations from devices. It’s time to automate collection process, so RANCID will gather changes from devices itself and populate repository. That will provide automated solution to keep track what has changed in network configuration on devices. In addition to that RANCID is generating log files, so it will be nice to maintain those log files (basically remove them) after some time.

To automate RANCID, I will use cron as built-in Linux tool. So, first I will change user context from root to rancid and then I will go to cron schedule configuration:

lab-gw-01:~ # su - rancid
rancid@dfw10-net-01:~> crontab -e

To run RANCID on a regular basis as a background task I will add following lines to cron schedule table:

# run config differ every 4 hours, 45 minutes after full hour
45 0,4,8,12,16,20 * * * /usr/bin/rancid-run
# clean config differ logs
50 23 * * * /usr/bin/find /var/lib/rancid/logs -type f -mtime +2 -exec rm {} \;

I guess now RANCID is fully set to collect, store and compare configuration from 2 Cisco routers I have in Lab environment.


Reference materials

Articles which might be helpful in LAB environment preparation and/or RANCID deployment:

Enjoy! 🙂

Next articles in RANCID series to be released soon:

  • How-to : Configuring RANCID to send email(s) with changes on routers
  • How-to : Using WebSVN as RANCID repository access tool