| 1 | Network Management & Monitoring |
|---|
| 2 | |
|---|
| 3 | Using RANCID Part II |
|---|
| 4 | ==================== |
|---|
| 5 | |
|---|
| 6 | Notes: |
|---|
| 7 | ------ |
|---|
| 8 | * Commands preceded with "$" imply that you should execute the command as |
|---|
| 9 | a general user - not as root. |
|---|
| 10 | * Commands preceded with "#" imply that you should be working as root. |
|---|
| 11 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
|---|
| 12 | imply that you are executing commands on remote equipment, or within |
|---|
| 13 | another program. |
|---|
| 14 | |
|---|
| 15 | Exercises |
|---|
| 16 | --------- |
|---|
| 17 | |
|---|
| 18 | 1. Become the RANCID user |
|---|
| 19 | |
|---|
| 20 | Make sure you are the root user first. If not, then do: |
|---|
| 21 | |
|---|
| 22 | $ sudo bash |
|---|
| 23 | |
|---|
| 24 | To become the RANCID user do: |
|---|
| 25 | |
|---|
| 26 | # su -s /bin/bash rancid |
|---|
| 27 | |
|---|
| 28 | 2. Note the IP addresses for the routers |
|---|
| 29 | |
|---|
| 30 | 10.10.x.254 where x goes from 1 to 6 |
|---|
| 31 | |
|---|
| 32 | 3. Update the router.db |
|---|
| 33 | |
|---|
| 34 | $ joe /var/lib/rancid/all/router.db |
|---|
| 35 | |
|---|
| 36 | Add some other classroom routers to the file. You should end up with |
|---|
| 37 | something like: |
|---|
| 38 | |
|---|
| 39 | 10.10.1.254:cisco:up |
|---|
| 40 | 10.10.2.254:cisco:up |
|---|
| 41 | 10.10.3.254:cisco:up |
|---|
| 42 | 10.10.4.254:cisco:up |
|---|
| 43 | 10.10.5.254:cisco:up |
|---|
| 44 | 10.10.6.254:cisco:up |
|---|
| 45 | |
|---|
| 46 | (Note that "cisco" means this is Cisco equipment -- it tells Rancid |
|---|
| 47 | that we are expecting to talk to a Cisco device here. You can also |
|---|
| 48 | talk to Juniper, HP, ...) |
|---|
| 49 | |
|---|
| 50 | 4. Run rancid again: |
|---|
| 51 | |
|---|
| 52 | $ /usr/lib/rancid/bin/rancid-run |
|---|
| 53 | |
|---|
| 54 | (Should take a few seconds) |
|---|
| 55 | |
|---|
| 56 | 5. Check out the logs: |
|---|
| 57 | |
|---|
| 58 | $ cd /var/lib/rancid/logs |
|---|
| 59 | $ ls -l |
|---|
| 60 | |
|---|
| 61 | ... Pick the latest file and view it |
|---|
| 62 | |
|---|
| 63 | $ less all.YYYYMMDD.HHMMSS |
|---|
| 64 | |
|---|
| 65 | 6. Look at the configs |
|---|
| 66 | |
|---|
| 67 | $ cd /var/lib/rancid/all/configs |
|---|
| 68 | $ less 10.10.* |
|---|
| 69 | |
|---|
| 70 | If all went well, you can see the configs of ALL routers |
|---|
| 71 | |
|---|
| 72 | 7. Change the configuration on the router (change the description on |
|---|
| 73 | an interface, for example) |
|---|
| 74 | |
|---|
| 75 | 8. Run rancid again |
|---|
| 76 | |
|---|
| 77 | $ /usr/lib/rancid/bin/rancid-run |
|---|
| 78 | |
|---|
| 79 | 9. Play with clogin: |
|---|
| 80 | |
|---|
| 81 | $ /usr/lib/rancid/bin/clogin -c "show clock" 10.10.x.254 |
|---|
| 82 | |
|---|
| 83 | What do you notice ? |
|---|
| 84 | |
|---|
| 85 | 10. Add the RANCID CVS repository in to CVSweb |
|---|
| 86 | |
|---|
| 87 | If you are still logged in as user rancid, get back to root |
|---|
| 88 | |
|---|
| 89 | $ exit |
|---|
| 90 | # |
|---|
| 91 | |
|---|
| 92 | Install CVSweb: |
|---|
| 93 | |
|---|
| 94 | # apt-get install cvsweb |
|---|
| 95 | |
|---|
| 96 | 11. Edit the file /etc/cvsweb/cvsweb.conf |
|---|
| 97 | |
|---|
| 98 | # joe /etc/cvsweb/cvsweb.conf |
|---|
| 99 | |
|---|
| 100 | Below the line |
|---|
| 101 | |
|---|
| 102 | 'local' => ['Local Repository', '/var/lib/cvs'], |
|---|
| 103 | |
|---|
| 104 | add |
|---|
| 105 | |
|---|
| 106 | 'rancid' => ['Rancid Repository', '/var/lib/rancid/CVS'], |
|---|
| 107 | |
|---|
| 108 | Save and exit |
|---|
| 109 | |
|---|
| 110 | 12. Fix a link: |
|---|
| 111 | |
|---|
| 112 | # cd /var/www |
|---|
| 113 | # ln -s /usr/share/cvsweb . |
|---|
| 114 | |
|---|
| 115 | Open a web browser to the link: |
|---|
| 116 | |
|---|
| 117 | http://pcXXX/cgi-bin/cvsweb/ |
|---|
| 118 | |
|---|
| 119 | Select the RANCID repository and browse the files under the 'all' |
|---|
| 120 | directory. |
|---|
| 121 | |
|---|
| 122 | ------------------------------------------------------------------------ |
|---|
| 123 | |
|---|
| 124 | Rancid looking glass |
|---|
| 125 | -------------------- |
|---|
| 126 | |
|---|
| 127 | Rancid can also provide a web interface for support staff to perform |
|---|
| 128 | limited queries on routers, without letting them know the passwords. |
|---|
| 129 | |
|---|
| 130 | To use it, install the `rancid-cgi` package, and point your web browser at |
|---|
| 131 | http://pcXXX/cgi-bin/lg/lgform.cgi |
|---|
| 132 | |
|---|
| 133 | You need to copy your routers.db to `/etc/rancid/routers.db` and |
|---|
| 134 | your .clogin file to `/var/www/.clogin`, and make them readable only to the |
|---|
| 135 | `www-data` user. Beware that if there are other CGIs running on your Apache |
|---|
| 136 | server, they will be able to read these passwords. |
|---|
| 137 | |
|---|
| 138 | Configuration file is `/etc/rancid/lg.conf`. Additional info is in |
|---|
| 139 | `man lg_intro` and files in the directory `/usr/share/doc/rancid-cgi`, |
|---|
| 140 | especially `README.lg` |
|---|