Copyright

Creative Commons License

This work is licenced under a Creative Commons Licence.

User login

Automatically Backing up Network Configurations with RANCID

RANCID is a very useful tool for automatically backing up your network configurations. If you follow the default installation instructions, it will grab the current configuration of your network devices every hour, diff them against the previous ones, and check any changes into subversion or cvs. Under the hood, it's just a bash script that runs various expect scripts, logs into each network device, and gets their configuration in a vendor-specific manner. It is exceptionally quick to set up, so there really is no excuse not to do so!

Obviously, RANCID is very useful, but it is also very simple to use. After following the installation instructions (or installing a package if you have one), you only need to edit two files for each network device:

/usr/local/rancid/.cloginrc    #file containing login details for devices
/usr/local/rancid/var/networking/router.db    #list of devices

A simple example would be to monitor an HP switch, with IP address 192.168.1.1, that has an admin user of "manager" and admin password of "insecure-password".

#/usr/local/rancid/.cloginrc
add user 192.168.1.1 manager
add password 192.168.1.1 insecure-password
add autoenable 192.168.1.1 1  

The autoenable value is required for devices where you do not login as an initial user and then elevate permissions to another.

By default sessions are spawned over telnet, but you can make logins occur over SSH using the following:

add method 192.168.1.1 ssh

You can test that logins are working correctly as follows:

/usr/local/rancid/bin/clogin 192.168.1.1

This will go through all the steps to log into the device, and leave you at a prompt on the device. You'll need to exit manually when testing.

Now that we have added the login details, and validated them, we have to tell RANCID to monitor the device. This is done by simply adding the following to /usr/local/rancid/var/networking/router.db:

192.168.1.1:hp:up

These arguments are in order device_name:device_type:state. You might need to play around a bit with the manufacturer, as it's not strict that the best match for how your device works will be the scripts written specifically for that manufacturer. Configurations will only be gathered if the state is set to "up"; any other value will cause the device to be ignored. More information, particularly on the device_type file, can be found in the man page.

man /usr/local/rancid/share/man/man5/router.db.5

You can manually run rancid using:

/usr/local/rancid/bin/rancid-run

It should send you two emails when you first run it, one stating that a new device has been added, and another with the information of what it is has checked into version control.

The raw config files can be found in /usr/local/rancid/var/networking/configs, each saved as the IP address of the device in question.

You can leave it to run from cron hourly (the default in the docs), and add your remaining devices, safe in the knowledge that you will always have the latest network configurations from your devices and that nobody is "forgetting" to check their changes into version control first.

I am stuck when I test if the logins is working correctly

Hi all,

I configured my .cloginrc as shown in your procedure but when I ran /usr/local/rancid/bin/clogin [ip-of-my-router], rancid connect to it then it somehow not able to push my password through.

here is what I got:

[[email protected] ~]$ /usr/local/rancid/bin/clogin [ip-of-my-router]
[ip-of-my-router]
spawn ssh -c 3des -x -l crong [ip-of-my-router]
Password:
Password:
Password:
[email protected][ip-of-my-router]'s password:
Connection closed by [ip-of-my-router]

Error: Connection closed (ssh): [ip-of-my-router]

Any suggestion?

Many thanks in advance :-)

Ps: Nice tuto thanks!