routers,Catalyst,Foundry switches Configuration Using Rancid
What is Rancid ?
RANCID monitors a router's (or more generally a device's)
configuration,including software and hardware (cards, serial
numbers, etc) and uses CVS (Concurrent Version System) or
Subversion to maintain history of changes.
What RANCID Does
login to each device in the router table (router.db),run various
commands to get the information that will be saved,cook the
output; re-format, remove oscillating or incrementing data,email
any differences from the previous collection to a mail list,and
finally commit those changes to the reivision control system
Once you've got the rancid archive, you need to uncompress it
(in /usr/src for example)
# cp rancid-2.3.1.tar.gz /usr/src
# cd /usr/src
# tar xvfz rancid-2.3.1.tar.gz
# cd rancid-2.3.1
and Now you need install it
Note : The following commands have to be typed as root. But once
Rancid is installed, rancid user MUST be owner of his directory
(chown -R rancid:rancid /usr/local/rancid).
# ./configure -prefix=/usr/local/rancid
There is a sample password file named cloginrc.sample. You'll
need to copy it to the /usr/local/rancid/ home directory as the
hidden file /usr/local/rancid/.cloginrc.
# cp cloginrc.sample /usr/local/rancid/.cloginrc
Finally you will need to set the .cloginrc file permissions to
be readable by the rancid user and the new netadm Linux group.
You will also have to change the ownership and permissions of
the home directory in a similar
#chmod 0640 /usr/local/rancid/.cloginrc
#chown -R rancid:netadm /usr/local/rancid/
#chmod 770 /usr/local/rancid/
Now that the installation is complete, you'll need to do some
initial configuration to get Rancid to work.
Now We create a group called debianhelp in the rancid
configuration by editing the file /home/rancid/etc/rancid.conf.All
files related to this group will be stored in a sub-directory of
the same name under the var sub-directory of the Rancid home
directory. In other words /usr/local/var/debianhelp
By default Rancid filters out passwords and SNMP community
strings. You may want to set the FILTER_PWDS and NOCOMMSTR
variables to "NO" to prevent this.
FILTER_PWDS=NO; export FILTER_PWDS
NOCOMMSTR=NO; export NOCOMMSTR
Rancid will send status emails to mailing lists defined in the
/etc/aliases file. The "debianhelp" Rancid group will need to
have groups named rancid-admin-networking and rancid-networking.
A Rancid group named
"alldevices" would have groups named rancid-admin-alldevices and
In this example, the emails go to the noc mailing list made up
of the addresses email@example.com.
# Rancid email addresses
The email aliases then need to be added postfix alias database
with the newaliases command
The next couple steps need to be done as the rancid user. Use
the su command to become the rancid user.
# su - rancid
The rancid-cvs command needs to be used to create the
/usr/local/var/debianhelp directory and its associated database
and network device list files.
No conflicts created by this import
cvs checkout: Updating debianhelp
cvs checkout: Updating debianhelp/configs
cvs add: scheduling file `router.db' for addition
cvs add: use 'cvs commit' to add this file permanently
The Rancid network device list and password files will now have
to be edited before your configurations can be backed up, but
first, let's review the most important file locations.
Rancid router.db file
The router.db file is the device list rancid uses to do its
backups. It has the format:
Where dns-name-or-ip-address is the hostname or IP address of
the device,device-type is the expected type of operating system
the device should be running and status (which can be up or
down) which determines whether the device should be backed up or
not. This example is for a Cisco device with an IP address of
Note: According to the Rancid help pages, "a '#' at the
beginning of a line is considered as a comment and the entire
line is ignored. If a device is deleted from the router.db file,
then Rancid will clean up by removing the
device's configuration file /usr/local/rancid/var/debianhelp/configs
directory. The CVS information for the device will be moved to
CVS Attic directory (using cvs delete)."
Rancid .clogin.rc file
The .clogin.rc file lists all the passwords rancid will use. The
one that comes with the Rancid installation kit has a lot of
examples in it and is fairly self-explanatory. Unfortunately
some of the examples are not
commented out, so you will have to do so yourself. Here is a
sample snippet using some commonly encountered scenarios.