HOWTO_Rancid

Introduction

RANCID or (Really Awesome New Cisco confIg Differ) monitors a router's (or device's) configuration, including software and hardware (cards, serial numbers, etc), using CVS. Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Packeteer, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP procurve switches and a host of others.

Rancid logs into each of the devices in a router table file, runs various commands, chomps the output, and emails any differences ( sample) from the previous collection to a mail list.

Installation

The RANCID Package is a little trickier to install as it is not actually currently available as an ebuild today.

Preparation

RANCID is not part of the Gentoo Portage system so the install process for this application is manual. Before we get too involved in the delacies of downloading and installing rancid we should install some of the pre-required packages needed for rancid to function.

emerge -uavtD telnet-bsd sed tcl expect cvs

Environment

We need to create a user and group for the rancid application to run in to keep the world safe.

groupadd rancid
useradd -g rancid -c "Network Change Monitoring" -m -d /usr/rancid rancid

RANCID

Now, time to get and install Rancid, lets download the build from the developers site and put it in the new folder we created for Rancid's Home

cd /usr/rancid
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a3.tar.gz
tar -zxvf rancid-2.3.2a3.tar.gz 
rm rancid-2.3.2a3.tar.gz

Now, we have unpacked the distribution files to the sub-folder 'rancid-2.3.2a3 in the directory '/usr/rancid'.

We can now change into this directory, and configure the Makefile, and install the application

cd ./rancid-2.3.2a3 
./configure --prefix=/usr/rancid --localstatedir=/var/rancid 
make install 

Tidy Up

Rancid Puts information in its own folders, so we need to make a few links to get things back to standard configuration

First - we should ensure rancid has access to its own folders

chown -R rancid:rancid /usr/rancid
chmod 770 /usr/rancid
chown -R rancid:rancid /var/rancid
chmod 770 /var/rancid

Now lets put the magic '.clogin' configuration file in the new home folder for Rancid

cp /usr/rancid/rancid-2.3.2a3/cloginrc.sample /usr/rancid/.clogin
chmod 0640 /usr/rancid/.clogin

RANCID does not make the configuration files in the standard '/etc' folders so we will create some links

cd /etc
ln -s /usr/rancid/etc rancid

And lets keep the README's and delete the install source

cd /usr/rancid
cp ./rancid-2.3.2a3/README .
rm -rf rancid-2.3.2a3

RANCID Configuration

Now that the Rancid Application is installed, we need to congfigure and run the tool.

We will begin by making some modification to the Rancid .Conf file by adding the following lines to the end of the file.

LIST_OF_GROUPS="networking"
FILTER_PWDS=YES; export FILTER_PWDS
NOCOMMSTR=YES; export NOCOMMSTR

Now, the next few steps we will execute as the Rancid User we created earlier

su rancid
cd /usr/rancid/bin

We will begin by creating the CVS repository for all the devices we are going to be monitoring.

./rancid-cvs

No conflicts created by this import

cvs checkout: Updating networking
Directory /var/ccm/CVS/networking/configs added to the repository
cvs commit: Examining configs
cvs add: scheduling file `router.db' for addition
cvs add: use `cvs commit' to add this file permanently
/var/ccm/CVS/networking/router.db,v  <--  router.db
initial revision: 1.1

cd /usr/rancid/bin

Well we are almost 100% - lets add the scheduale for Rancid to run

# crontab -e
no crontab for ccm - using an empty one
#
# Rancid CRON Job
#

# Hourly Run the DIFF on all the Devices
* 1 * * * /usr/rancid/bin/rancid-run

# Clean Out the Differ Logs
50 23 * * * /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {}\;

Using RANCID

Adding A Web Interface

Rancid makes good use of CVS, so we will add support to our LAMP environment to browse the repoistory from a web interface

I have chosen to use the package 'viewcvs'

• note by myha: package is now called www-apps/viewvc

# USE="cvsgraph enscript" emerge -uavtD viewcvs 

ViewCVS has a requirement for Python to run, and Apache has a special module to help here. So we should go ahead and install this feature.

# emerge -uavtD mod_python

I would now go ahead an create a new Module file for ViewCVS and add it to the folder /etc/conf.d/apache2/modules.d. Using your editor create the file and add the following contents:

<IfDefine VIEWCVS>
        ScriptAlias /viewcvs /var/www/localhost/cgi-bin/viewcvs/viewcvs.cgi 
        ScriptAlias /cvsquery /var/www/localhost/cgi-bin/viewcvs/query.cgi
        ScriptAlias /configs /var/www/localhost/cgi-bin/viewcvs/viewcvs.cgi
        <Directory "/viewcvs">
                AddHandler python-program .py
                PythonPath "['/var/www/localhost/viewcvs/lib']+sys.path"
                PythonHandler apache
                PythonDebug On
        </Directory>
</IfDefine>

As you can see in this, I have added a flag VIEWCVS that we can use to enable the functions in the module, so as we enable Python we can also enable this module. Open /etc/conf.d/apache2 and add "-D PYTHON -D VIEWCVS" to APACHE2_OPTS:

# Added module support for Python and our VIEWCVS
#
APACHE2_OPTS="-D DEFAULT_VHOST -D PYTHON -D VIEWCVS"

Next we need to grant access to the Apache daemon to read the CVS Repository, so as this is owned by the group 'RANCID', we simpley add Apache to the group

usermod -G rancid apache

At this point we, are almost completed, we need to now make a few minor modifications to the ViewCVS configuration file, which is located at /var/www/localhost/viewcvs/viewcvs.conf

[general]

#
# This setting specifies each of the CVS roots on your system and assigns
# names to them. Each root should be given by a "name: path" value. Multiple
# roots should be separated by commas.
#
cvs_roots =
        Network : /var/ccm/CVS

# this is the name of the default CVS root.
default_root = Network

Thats it! Now open your new website: http://host/configs or htp://host/viewcvs