1 | Network Management & Monitoring |
---|
2 | |
---|
3 | Using RANCID |
---|
4 | ============ |
---|
5 | |
---|
6 | Notes: |
---|
7 | ------ |
---|
8 | * Commands preceded with "$" imply that you should execute the command as |
---|
9 | a general user - not as root. |
---|
10 | * Commands preceded with "#" imply that you should be working as root. |
---|
11 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
---|
12 | imply that you are executing commands on remote equipment, or within |
---|
13 | another program. |
---|
14 | |
---|
15 | Exercises |
---|
16 | --------- |
---|
17 | |
---|
18 | 1. Connect to your PC using ssh |
---|
19 | |
---|
20 | 2. Become root, verify that postfix (mail system) is installed and running. |
---|
21 | |
---|
22 | $ sudo bash |
---|
23 | # service postfix status |
---|
24 | ... result should be "postfix is running" |
---|
25 | |
---|
26 | Also check that the 'mutt' mail client is installed: |
---|
27 | |
---|
28 | # apt-get install mutt |
---|
29 | |
---|
30 | You might get a prompt on Postfix install, select "Internet.." |
---|
31 | |
---|
32 | 3. Add an alias for the rancid user in /etc/aliases file |
---|
33 | |
---|
34 | # joe /etc/aliases |
---|
35 | |
---|
36 | rancid-all: sysadm |
---|
37 | rancid-admin-all: sysadm |
---|
38 | |
---|
39 | Save the file, then run: |
---|
40 | |
---|
41 | # newaliases |
---|
42 | |
---|
43 | 4. Install Rancid itself |
---|
44 | |
---|
45 | # apt-get install rancid telnet |
---|
46 | |
---|
47 | It will prompt for warning, and Really continue? Select Yes |
---|
48 | |
---|
49 | 5. Edit /etc/rancid/rancid.conf |
---|
50 | |
---|
51 | # joe /etc/rancid/rancid.conf |
---|
52 | |
---|
53 | Find the line with the parameter LIST_OF_GROUPS, and add a similar |
---|
54 | line with: |
---|
55 | |
---|
56 | LIST_OF_GROUPS="all" |
---|
57 | |
---|
58 | (with no '#' at the front of line) |
---|
59 | |
---|
60 | 6. Change to the rancid user |
---|
61 | |
---|
62 | From a root prompt, switch identity to become the 'rancid' user: |
---|
63 | |
---|
64 | # su -s /bin/bash rancid |
---|
65 | |
---|
66 | Check that you ARE the rancid user: |
---|
67 | |
---|
68 | $ id |
---|
69 | |
---|
70 | You should see something similar (numbers may be different): |
---|
71 | |
---|
72 | uid=104(rancid) gid=109(rancid) groups=109(rancid) |
---|
73 | |
---|
74 | 7. Create /var/lib/rancid/.cloginrc |
---|
75 | |
---|
76 | $ joe /var/lib/rancid/.cloginrc |
---|
77 | |
---|
78 | add user 10.10.* cisco |
---|
79 | add password 10.10.* cisco cisco |
---|
80 | |
---|
81 | (Replace 10.10.x.254 with your router's IP address. The first |
---|
82 | 'cisco' is the username, the second and third 'cisco' are the |
---|
83 | password and enable password used to login to your router) |
---|
84 | |
---|
85 | Now protect this file so that it cannot be read by other users: |
---|
86 | |
---|
87 | $ chmod 600 /var/lib/rancid/.cloginrc |
---|
88 | |
---|
89 | 8. Initialize the CVS repository for rancid: |
---|
90 | |
---|
91 | $ /usr/lib/rancid/bin/rancid-cvs |
---|
92 | |
---|
93 | You should see something similar to this: |
---|
94 | |
---|
95 | No conflicts created by this import |
---|
96 | |
---|
97 | cvs checkout: Updating all |
---|
98 | Directory /var/lib/rancid/CVS/all/configs added to the repository |
---|
99 | cvs commit: Examining configs |
---|
100 | cvs add: scheduling file `router.db' for addition |
---|
101 | cvs add: use `cvs commit' to add this file permanently |
---|
102 | /var/lib/rancid/CVS/all/router.db,v <-- router.db |
---|
103 | initial revision: 1.1 |
---|
104 | |
---|
105 | 9. Test login to the router |
---|
106 | |
---|
107 | $ /usr/lib/rancid/bin/clogin 10.10.X.254 |
---|
108 | |
---|
109 | If all goes well, rancid will proceed to automatically log you |
---|
110 | into the router. You should see this on your screen: |
---|
111 | |
---|
112 | User Access Verification |
---|
113 | |
---|
114 | Username: cisco |
---|
115 | Password: |
---|
116 | |
---|
117 | router16>enable |
---|
118 | Password: |
---|
119 | Router16# |
---|
120 | |
---|
121 | ... all this without having to type a username or password! |
---|
122 | |
---|
123 | Type 'exit' to logout |
---|
124 | |
---|
125 | 10. Create the router.db |
---|
126 | |
---|
127 | $ joe /var/lib/rancid/all/router.db |
---|
128 | |
---|
129 | Add this line: |
---|
130 | |
---|
131 | 10.10.xxx.254:cisco:up |
---|
132 | |
---|
133 | (remember to replace xxx as appropriate) |
---|
134 | |
---|
135 | 11. Let's run rancid! |
---|
136 | |
---|
137 | $ /usr/lib/rancid/bin/rancid-run |
---|
138 | |
---|
139 | (Should take a few seconds) |
---|
140 | |
---|
141 | 12. Check out the logs: |
---|
142 | |
---|
143 | $ cd /var/lib/rancid/logs |
---|
144 | $ ls -l |
---|
145 | |
---|
146 | ... View the contents of the file(s): |
---|
147 | |
---|
148 | $ less all.* |
---|
149 | |
---|
150 | 13. Look at the configs |
---|
151 | |
---|
152 | $ cd /var/lib/rancid/all/configs |
---|
153 | $ less 10.10.x.254 |
---|
154 | |
---|
155 | If all went well, you can see the config of the router. |
---|
156 | |
---|
157 | 14. Let's change an interface Description on the router |
---|
158 | |
---|
159 | $ /usr/lib/rancid/bin/clogin 10.10.x.254 |
---|
160 | |
---|
161 | At the "RouterX#" prompt, enter the command: |
---|
162 | |
---|
163 | conf term |
---|
164 | |
---|
165 | You should see: |
---|
166 | |
---|
167 | Enter configuration commands, one per line. End with CNTL/Z. |
---|
168 | RouterX(config)# |
---|
169 | |
---|
170 | Enter: |
---|
171 | |
---|
172 | interface Fa0/0 |
---|
173 | |
---|
174 | You should get this prompt: |
---|
175 | |
---|
176 | RouterX(config-if)# |
---|
177 | |
---|
178 | Enter: |
---|
179 | |
---|
180 | RouterX(config-if)# description External interface to classroom |
---|
181 | RouterX(config-if)# end |
---|
182 | |
---|
183 | You should now have this prompt: |
---|
184 | |
---|
185 | RouterX# |
---|
186 | |
---|
187 | To save the config to memory: |
---|
188 | |
---|
189 | write memory |
---|
190 | |
---|
191 | You should see: |
---|
192 | |
---|
193 | Building configuration... |
---|
194 | [OK] |
---|
195 | |
---|
196 | To exit type: |
---|
197 | |
---|
198 | exit |
---|
199 | |
---|
200 | 15. Let's run rancid again: |
---|
201 | |
---|
202 | $ /usr/lib/rancid/bin/rancid-run |
---|
203 | |
---|
204 | Look at the config and logs |
---|
205 | |
---|
206 | $ ls /var/lib/rancid/logs/ |
---|
207 | |
---|
208 | 16. Let's see the differences |
---|
209 | |
---|
210 | $ cd /var/lib/rancid/all/configs |
---|
211 | $ ls -l |
---|
212 | |
---|
213 | You should see all the router config files |
---|
214 | |
---|
215 | $ cvs log 10.10.x.254 |
---|
216 | |
---|
217 | (where xxx is the IP of your router, .1 or .2 or 3.) |
---|
218 | |
---|
219 | Notice the revisions. Let's view the difference between two versions: |
---|
220 | |
---|
221 | $ cvs diff -u -r 1.2 -r 1.3 10.10.x.254 | less |
---|
222 | |
---|
223 | ... can you find your changes ? |
---|
224 | |
---|
225 | 17. Check your mail |
---|
226 | |
---|
227 | Now we will exit from these shells to get back to being the "sysadm" |
---|
228 | user, and run 'mutt' to see the mails which rancid has sent: |
---|
229 | |
---|
230 | $ exit |
---|
231 | # exit |
---|
232 | $ id |
---|
233 | ... check that you are now the 'sysadm' user again; |
---|
234 | ... if not, log out and in again |
---|
235 | $ mutt |
---|
236 | |
---|
237 | (When asked to create the Mail directory, say Yes) |
---|
238 | |
---|
239 | If everything goes as planned, you should be able to read the mails |
---|
240 | sent by Rancid. |
---|
241 | |
---|
242 | (use 'q' return to mail index, and 'q' again to quit mutt) |
---|
243 | |
---|
244 | 18. Finally, let's make rancid run automatically every 30 minutes from cron |
---|
245 | |
---|
246 | # crontab -e -u rancid |
---|
247 | |
---|
248 | Add this line: |
---|
249 | |
---|
250 | */30 * * * * /usr/lib/rancid/bin/rancid-run |
---|
251 | |
---|
252 | ... then save and quit |
---|
253 | |
---|