FORID:10
ISO-8859-1
Search
Share
r Linux Home Networking Topics Intro ducti on to Netw orkin g Linu x Netw orkin g Simp le Netw ork Trou blesh ootin g Trou blesh ootin g Linu x with Syslo g Instal ling Linu x Soft ware The Linu x Boot Proce
Contents
[hide]
1 Introduction 2 Rancid Installation 3 Initial Rancid Configuration 4 Rancid File Locations o 4.1 Table 1-1 : Rancid File Locations o 4.2 The Rancid router.db file 4.2.1 Table 1-2 : Various device types for Rancid o 4.3 The Rancid .clogin.rc file 5 Testing Rancid o 5.1 Testing A Login for a Single Device o 5.2 Testing For All Devices o 5.3 Troubleshooting Using the Rancid Log Files 5.3.1 Successful Execution 5.3.2 Possible Reasons for Failure 6 Getting Rancid Help 7 Conclusion
Introduction
One of the most commonly overlooked aspects of network management is the failure to backup network device configurations. Sadly it is only viewed as being a priority after disaster strikes. Fortunately there is a Linux / Unix open source package called Rancid that can get the job done automatically for most devices that have command prompt method for configuration.
The product can be downloaded from the rancid website and has the added advantage of automatically archiving the older configuration versions in a Concurrent Versions System (CVS). This tutorial will show you how to quickly install and configure it for your network backup needs.
Rancid Installation
Under Fedora Linux, installation is relatively easy, but there are a large number of simple steps to follow. Let's begin: 1. Rancid uses the expect programming language to operate which you will have to install in advance. Use the rpm command with the -q qualifier to determine whether you have expect installed. In this case, it isn't so the yum command is used to do so.
[root@bigboy tmp]# rpm -q expect package expect is not installed [root@bigboy rancid-2.3.2a2]# yum -y install expect Repository updates-released already added, not adding again Repository base already added, not adding again Setting up Install Process ... ... ... [root@bigboy rancid-2.3.2a2]#
2) Create a Linux group named netadm which will eventually have access to the Rancid directory.
[root@bigboy tmp]# groupadd netadm
3) Create a user named rancid that will be used to run the network device backups every night. Here we make rancid a member of the netadm group and make /usr/local/rancid its home directory.
[root@bigboy tmp]# useradd -g netadm -c "Networking Backups" -d /usr/local/rancid rancid
4) Create a directory called /usr/local/rancid/tar and use the wget command to get the latest version of the Rancid tar file from its web site.
[root@bigboy tmp]# mkdir /usr/local/rancid/tar [root@bigboy tmp]# cd /usr/local/rancid/tar [root@bigboy tar]# wget ftp://ftp.shrubbery.net/pub/rancid/rancid2.3.2a2.tar.gz --01:14:26-ftp://ftp.shrubbery.net/pub/rancid/rancid2.3.2a2.tar.gz => `rancid-2.3.2a2.tar.gz' ...
ss Confi gurin g the DHC P Serve r Linu x Users and sudo Wind ows, Linu x and Samb a Shari ng Reso urces with Samb a Samb a Secur ity and Trou blesh ootin g Linu x Wirel ess Netw orkin g Linu x Firew alls Usin g iptabl es Linu x FTP Serve
153.28K/s
5) Rancid needs to be compiled. Next, you will need to extract the files from the Rancid tar file as a pre-compilation step. In this case the file is named rancid2.3.2a2.tar.gz so the extraction process will place all the preliminary files in a directory named rancid-2.3.2a2.
[root@bigboy tar]# tar -xvzf rancid-2.3.2a2.tar.gz rancid-2.3.2a2/bin/Makefile.am rancid-2.3.2a2/bin/Makefile.in rancid-2.3.2a2/bin/alogin.in ... ... ... rancid-2.3.2a2/man/lg.conf.5.in rancid-2.3.2a2/man/rancid.conf.5.in rancid-2.3.2a2/man/lg_intro.1.in [root@bigboy tar]#
7) In this directory there is a README file with instructions on what to do next. You can view it using the less command to see the various configuration options offered. We will proceed in this example by using a very simple scenario.
[root@bigboy rancid-2.3.2a2]# less README
8) Prepare the Rancid package for compiling with the configure command. Here, the --prefix switch is used to set the default directory to match the /usr/local/rancid/ home directory of our rancid user.
[root@bigboy rancid-2.3.2a2]# ./configure -prefix=/usr/local/rancid/ checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk ... ... ... config.status: creating include/config.h config.status: include/config.h is unchanged
r Setup Telne t, TFTP and xinet d Secur e Rem ote Logi ns and File Copy ing Confi gurin g DNS Dyna mic DNS The Apac he Web Serve r Confi gurin g Linu x Mail Serve rs Moni torin g Serve r Perfo rman ce Adva nced MRT G For Linu x The
10) There is a sample password file named cloginrc.sample. You'll need to copy it to the /usr/local/rancid/ home directory as the hidden file /usr/local/rancid/.cloginrc.
[root@bigboy rancid-2.3.2a2]# cp cloginrc.sample /usr/local/rancid/.cloginrc [root@bigboy rancid-2.3.2a2]#
11) Finally you will need to set the .cloginrc file permissions to be readable by the rancid user and the new netadm Linux group. You will also have to change the ownership and permissions of the home directory in a similar fashion.
[root@bigboy rancid-2.3.2a2]# chmod 0640 /usr/local/rancid/.cloginrc [root@bigboy rancid-2.3.2a2]# chown -R rancid:netadm /usr/local/rancid/ [root@bigboy rancid-2.3.2a2]# chmod 770 /usr/local/rancid/
Now that the installation is complete, you'll need to do some initial configuration to get Rancid to work. Don't worry, it is fairly straight forward.
NTP Serve r Netw orkBase d Linu x Instal lation Linu x Soft ware RAI D Expa nding Disk Capa city Mana ging Disk Usag e with Quot as Rem ote Disk Acce ss with NFS Confi gurin g NIS Centr alize d Logi ns Usin g LDA P and RAD IUS Contr olling Web
Initial configuration involves setting up Rancid to periodically backup your configurations and email status reports to the necessary users. 1) The rancid.conf file is used to determine where rancid stores its configurations and other general parameters. We'll need to edit it.
[root@bigboy rancid-2.3.2a2]# vi /usr/local/rancid/etc/rancid.conf
In this example, we'll create a Rancid device group called "networking". All files related to this group will be stored in a sub-directory of the same name under the var sub-directory of the Rancid home directory. In other words /usr/local/var/networking.
By default Rancid filters out passwords and SNMP community strings. You may want to set the FILTER_PWDS and NOCOMMSTR variables to "NO" to prevent this.
# # Sample rancid.conf # LIST_OF_GROUPS="networking" FILTER_PWDS=NO; export FILTER_PWDS NOCOMMSTR=NO; export NOCOMMSTR
Acce ss with Squid Modi fying the Kern el to Impr ove Perfo rman ce Basic MyS QL Confi gurati on
LHN Linux Forums Latest Threads Conn ect to intern et (Linu xHard ware, Netw orkin g& Secur ity) Dear all, I have a probl em using 'aptit ude', the ssh shell outpu ts an
2) Rancid will send status emails to mailing lists defined in the /etc/aliases file. The "networking" Rancid group will need to have groups named rancid-adminnetworking and rancid-networking. A Rancid group named "alldevices" would have groups named rancid-admin-alldevices and rancid-alldevices. In this example, the emails go to the noc mailing list made up of the addresses noc@my-web-site.org and manager@my-web-site.org.
# # Sample /etc/aliases # # # Rancid email addresses # rancid-admin-networking: rancid-networking: noc:
3) The email aliases then need to be added sendmail alias database with the newaliases command.
[root@bigboy rancid-2.3.2a2]# newaliases /etc/aliases: 82 aliases, longest 80 bytes, 983 bytes total [root@bigboy rancid-2.3.2a2]#
4) The next couple steps need to be done as the rancid user. Use the su command to become the rancid user.
[root@bigboy rancid-2.3.2a2]# su - rancid
5) The rancid-cvs command needs to be used to create the /usr/local/var/networking directory and its associated database and network device list files.
[rancid@bigboy ~]$ /usr/local/rancid/bin/rancid-cvs No conflicts created by this import cvs checkout: Updating networking cvs checkout: Updating networking/configs cvs add: scheduling file `router.db' for addition cvs add: use 'cvs commit' to add this file permanently RCS file: /usr/local/rancid//var/CVS/networking/router.db,v done Checking in router.db; /usr/local/rancid//var/CVS/networking/router.db,v <-router.db initial revision: 1.1 done [rancid@bigboy ~]$
6) The README file will be useful, so copy it to the home directory before deleting the rancid sub-directory under the tar sub-directory.
[rancid@bigboy ~]$ cp tar/rancid-2.3.2a2/README . [rancid@bigboy ~]$ rm -rf tar/rancid-2.3.2a2 [rancid@bigboy ~]$
7) Now edit the rancid user's crontab table file to schedule regular backups using the /usr/local/rancid/bin/rancid-run file.
[rancid@bigboy ~]$ crontab -e # # Rancid user's crontab file # # Run config differ hourly 1 * * * * /usr/local/rancid/bin/rancid-run # Clean out config differ logs 50 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f mtime +2 -exec rm {} \;
The Rancid network device list and password files will now have to be edited before your configurations can be backed up, but first, let's review the most important file locations.
error tellin g me it cann ot get to the ubunt u web addre ss to down load the... Dom ain Logi n (Linu xGene ral Topic s) i need to make a proje ct on doma in login. what thing s shoul di add to it and how. it woul d be very gener ous if some one helps me out. Debi
Where dns-name-or-ip-address is the hostname or IP address of the device, device-type is the expected type of operating system the device should be running and status (which can be up or down) which determines whether the device should be backed up or not. This example is for a Cisco device with an IP address of 192.168.1.1.
an Sque eze on Powe rPC MAC ! (Ubu ntu / Debi an) I have succe ssful instal led Debi an 6 on a Powe rPC MAC , work s great, confi gured nic with a hard ip. Setup FTP site work s great. Im havin ga issue. .. confi g send mail (Linu xSoft ware, Appli catio
192.168.1.1:cisco:up
Note: According to the Rancid help pages, "a '#' at the beginning of a line is considered as a comment and the entire line is ignored. If a device is deleted from the router.db file, then Rancid will clean up by removing the device's configuration file /usr/local/rancid/var/networking/configs directory. The CVS information for the device will be moved to CVS Attic directory (using cvs delete)." Table 1-2 shows some important device-types for the router.db file.
ns & Progr ammi ng) I want the send mail to be confi gued in sucha way that it must send mail as belo w. Code : -------W3C ALC ULA TOR [test @w3 calcu lator. com]. .. Findi ng out when IP addre ss chan ges but netw ork remai ns the same (Linu xHard ware, Netw orkin
Also see the foundry type. mrtd netscalar netscreen redback tnt zebra riverstone juniper A host running the (merit) MRTd daemon. A Netscalar load balancer. A Netscreen firewall. A Redback router, NAS, etc. A lucent TNT. Zebra routing software. A Riverstone NAS or Cabletron (starting with version ~9.0.3) router. A Juniper router.
g& Secur ity) Hello !I am using Ubun tu 10.04 and when I am conn ected to my prefe rred auto matic netw ork, my comp uter is assig ned a new IP addre ss every so often. .. Singl e Dom ain Multi ple locati on (Linu xGene ral Topic s) Hi all, I am a Linu x Syste
password} ################################################################## ## # # Devices with DNS names ending in my-web-site.org in the router.db # file or beginning with 172.16. have a different set of passwords. # # If the device prompts for a username, Rancid will use the Linux # "rancid" username and the first password in the list. If only a # login password is requested, rancid uses the first password in the # list. The second password is the "enable" password. # ################################################################## ## add password *.my-web-site.org password} add password 172.16.* password} {telnet-password} {telnet-password} {enable{enable-
################################################################## ## # # Everything else uses these passwords. Rancid will attempt to use # telnet then SSH for logins # ################################################################## ## add password add method * * {telnet-password} telnet ssh {enable-password}
Testing Rancid
Rancid has a number of scripts that can be run as part of a testing program and the logs they create are fairly detailed. Here are some examples. As a general rule, it is usually easiest to do testing as the rancid user.
m Admi nistra tor, I have been tryin g to confi gure Singl e Dom ain Multi ple locati on in Postfi x mail serve r (RHE L... hello (Red hat / Fedor a) hello How to confi gure DNS with BIN D (Linu xHard ware, Netw orkin g& Secur ity) Hi, I am new a Linu x newb ie,
192.168.1.1 spawn telnet 192.168.1.1 Trying 192.168.1.1... Connected to (192.168.1.1). Escape character is '^]'. User Access Verification Password: Type help or '?' for a list of available commands. pixfirewall> enable Password: ******** pixfirewall# pixfirewall# exit Logoff Connection closed by foreign host. [rancid@bigboy ~]$
You can still test if you are not logged in as the rancid Linux user, but are a member of the netadm group (or root). Simply use the clogin command as user rancid and using the /usr/local/rancid/.cloginrc password file as in the example below.
[root@bigboy tmp]$ /usr/local/rancid/bin/clogin \ -f /usr/local/rancid/.cloginrc -u netadm 192.168.1.1
but I am tryin g the best to make sure I know thing s i'm still lacki ng now. I am in charg e of instal lation of my... Abou t Spac e alloc ation (Linu xGene ral Topic s) Hi all, (Dun no whet her this is the right place to post this quest ion).. I was readi ng about space (bloc
Successful Execution
When successful, the Rancid log file has a "All routers successfully completed" message near the end.
[rancid@bigboy ~]$ less var/logs/networking.20050721.020101 starting: Thu Jul 21 02:01:01 PDT 2005 Trying to get all of the configs. All routers successfully completed. cvs cvs cvs cvs diff: Diffing . diff: Diffing configs commit: Examining . commit: Examining configs
If the rancid-run script was used, you should now see a copy of your configuration in the var/networking/configs/ directory as seen here.
[rancid@bigboy ~]$ ls var/networking/configs/ 192.168.1.1 CVS [rancid@bigboy ~]$
This could be due to any one of the following causes: 1. 2. 3. 4. The IP address or DNS name used in the router.db file is incorrect. The device type entry in the router.db file is incorrect. For Cisco devices, the login device prompt doesn't end in a ">". The device is inaccessible from the server running Rancid.
k) alloc ation to a file.It says.. . seper ate colu mn (Linu xSoft ware, Appli catio ns & Progr ammi ng) I have line as svar syste ms 1458 23 india I have to seper ate this line and store each colun m in a... DNS and NAT. .. sorry. (Linu xHard ware, Netw orkin g&
5. The password information in the .clogin.rc file is incorrect. 6. A device accessible by only SSH was replaced and the SSH keys on the device were not regenerated. A tell tale sign is that SSH sessions will get "connection refused" messages like this one:
[rancid@bigboy ~]$ ssh 192.168.1.1 ssh: connect to host 192.168.1.1 port 22: Connection refused [rancid@bigboy ~]$
1. The rancid-run command was previously run from the command line and was aborted using <CTRL-C>. This causes a lock file to be left behind. A new instance of Rancid will not run unless this file is deleted. In our case the file name is:
/tmp/.networking.run.lock
Secur ity) I am sure this has been answ ered befor e... I just excee ded my 3hour limit on headbangi ng. I am looki ng for a sense of direct ion, as I am sure I...
Conclusion
Backing up of network configuration files is an essential network engineering maintenance activity. Rancid, is a very popular, reliable and effective application that should capably handle most of your needs. Retrieved from "http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_: _Network_Backups_With_Rancid" ========================================================== ========================================================== ====
Contents
[hide]
1 This is for the those on the bleeding edge 2 Getting OpenNMS with RANCID Support 3 What is Rancid 4 What is RANCID RWS ? o 4.1 Download RANCID RWS 5 Install and configure RANCID o 5.1 Set the trap destination in rancid-trap o 5.2 Set the OpenNMS notification command in rancid.conf 6 Set Up the RWS Server o 6.1 Make the CGI Files Available to the Web Server o 6.2 Configure httpd.conf o 6.3 Configure rancid.rws.rc RWS Configuration File 7 Set up ViewVC 8 Configure OpenNMS to communicate with RWS 9 Getting Help 10 Caution
What is Rancid
rancid (Really Awesome New Cisco confIg Differ) is a tool for monitoring network devices (i.e. routers, switches, etc.) to track software and hardware configuration changes and to maintain a complete history of them by the means of a revision's control system (i.e. CVS or Subversion) repository. It is distributed by Shrubbery Networks, Inc As most "good-old-school" unix-based tools, rancid's configuration is performed by editing a set of configuration files on the hosting system; rancid's execution is
started from the system's command line or automatically scheduled via the unix cron daemon; the information repositories generated by rancid can be accessed by any CVS or Subversion browsing tool.
rcvr="10.11.12.13"
Be careful, for the moment (1.7.2) you need to have several configuration items set. The minimal rancid.conf file is :
add user cisco.example.com dummy_user add method cisco.example.com telnet add password cisco.example.com password enablepassword
Configure httpd.conf
Then, configure your httpd.conf so that Apache runs as the RANCID user. This step is necessary because Apache's mod_suexec "cleans" the environment of scripts that run under it, rendering that strategy incompatible with the use of mod_setenv's SetEnv directive to configure the RWS services.
NameVirtualHost *:80 User rancid Group rancid <VirtualHost *:80> DocumentRoot /var/www/rws-server/html ServerName rws.mycompany.org ErrorLog logs/rws-error_log TransferLog logs/rws-access_log ScriptAlias /rws "/var/www/rws-server/rws-cgi/rws-cgi.tcl" AddHandler cgi-script .tcl SetEnv RWS_LOGFILE /var/log/httpd/rws-cgi.log SetEnv RWS_LOGLEVEL debug <Directory /var/www/rws-server/rws-cgi> AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/rws-server/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost>
Set up ViewVC
Download latest stable viewVC from the site. Install it using the provided install script in your /var/www path.
chown -R rancid:rancid /var/www/viewvc
Add it to your Apache configuration by adding this ScriptAlias under the /rws alias :
ScriptAlias /viewvc "/var/www/viewvc/bin/cgi/viewvc.cgi"
...to:
opennms.rancidIntegrationEnabled = true
We used a virtual host instead of localhost, so we edited rws-configuration.xml and change the following line:
<base-url server_url="http://localhost"/>
...to:
<base-url server_url="http://rws.mycompany.org"/>
Once these steps are done, the node details page for every node in the OpenNMS web UI will contain a View Node Rancid Inventory Info link in the General box. This link takes you to a page where you can see a summary of the node's device configurations and (if maintained in RANCID) its stored software images. From the configurations summary you can also drill into a page that embeds the ViewVC interface, which lets you browse the historical device configurations for the node. Note that the success of this integration depends on the OpenNMS node label of a given node being identical (including upper / lower case) to the name by which RANCID knows that device. If these two names are even slightly mismatched, no configurations or software images will be visible from the OpenNMS web UI.
Getting Help
If you continue to have issues, Rocco Rionero wrote a fantastic README. Take a
look through that for details. If you still have problems, please try the discussion lists.
Caution
Please backup your RANCID configuration. The RWS server will update the .cloginrc file as changes are made inside OpenNMS.
Retrieved from "http://www.opennms.org/wiki/RANCID_RWS"