1 | Network Management & Monitoring |
---|
2 | |
---|
3 | Using RANCID Part II |
---|
4 | ==================== |
---|
5 | |
---|
6 | Notes: |
---|
7 | ------ |
---|
8 | * Commands preceded with "$" imply that you should execute the command as |
---|
9 | a general user - not as root. |
---|
10 | * Commands preceded with "#" imply that you should be working as root. |
---|
11 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
---|
12 | imply that you are executing commands on remote equipment, or within |
---|
13 | another program. |
---|
14 | |
---|
15 | Exercises |
---|
16 | --------- |
---|
17 | |
---|
18 | 1. Become the RANCID user |
---|
19 | |
---|
20 | Make sure you are the root user first. If not, then do: |
---|
21 | |
---|
22 | $ sudo bash |
---|
23 | |
---|
24 | To become the RANCID user do: |
---|
25 | |
---|
26 | # su -s /bin/bash rancid |
---|
27 | |
---|
28 | 2. Note the IP addresses for the routers |
---|
29 | |
---|
30 | 10.10.x.254 where x goes from 1 to 6 |
---|
31 | |
---|
32 | 3. Update the router.db |
---|
33 | |
---|
34 | $ joe /var/lib/rancid/all/router.db |
---|
35 | |
---|
36 | Add some other classroom routers to the file. You should end up with |
---|
37 | something like: |
---|
38 | |
---|
39 | 10.10.1.254:cisco:up |
---|
40 | 10.10.2.254:cisco:up |
---|
41 | 10.10.3.254:cisco:up |
---|
42 | 10.10.4.254:cisco:up |
---|
43 | 10.10.5.254:cisco:up |
---|
44 | 10.10.6.254:cisco:up |
---|
45 | |
---|
46 | (Note that "cisco" means this is Cisco equipment -- it tells Rancid |
---|
47 | that we are expecting to talk to a Cisco device here. You can also |
---|
48 | talk to Juniper, HP, ...) |
---|
49 | |
---|
50 | 4. Run rancid again: |
---|
51 | |
---|
52 | $ /usr/lib/rancid/bin/rancid-run |
---|
53 | |
---|
54 | (Should take a few seconds) |
---|
55 | |
---|
56 | 5. Check out the logs: |
---|
57 | |
---|
58 | $ cd /var/lib/rancid/logs |
---|
59 | $ ls -l |
---|
60 | |
---|
61 | ... Pick the latest file and view it |
---|
62 | |
---|
63 | $ less all.YYYYMMDD.HHMMSS |
---|
64 | |
---|
65 | 6. Look at the configs |
---|
66 | |
---|
67 | $ cd /var/lib/rancid/all/configs |
---|
68 | $ less 10.10.* |
---|
69 | |
---|
70 | If all went well, you can see the configs of ALL routers |
---|
71 | |
---|
72 | 7. Change the configuration on the router (change the description on |
---|
73 | an interface, for example) |
---|
74 | |
---|
75 | 8. Run rancid again |
---|
76 | |
---|
77 | $ /usr/lib/rancid/bin/rancid-run |
---|
78 | |
---|
79 | 9. Play with clogin: |
---|
80 | |
---|
81 | $ /usr/lib/rancid/bin/clogin -c "show clock" 10.10.x.254 |
---|
82 | |
---|
83 | What do you notice ? |
---|
84 | |
---|
85 | 10. Add the RANCID CVS repository in to CVSweb |
---|
86 | |
---|
87 | If you are still logged in as user rancid, get back to root |
---|
88 | |
---|
89 | $ exit |
---|
90 | # |
---|
91 | |
---|
92 | Install CVSweb: |
---|
93 | |
---|
94 | # apt-get install cvsweb |
---|
95 | |
---|
96 | 11. Edit the file /etc/cvsweb/cvsweb.conf |
---|
97 | |
---|
98 | # joe /etc/cvsweb/cvsweb.conf |
---|
99 | |
---|
100 | Below the line |
---|
101 | |
---|
102 | 'local' => ['Local Repository', '/var/lib/cvs'], |
---|
103 | |
---|
104 | add |
---|
105 | |
---|
106 | 'rancid' => ['Rancid Repository', '/var/lib/rancid/CVS'], |
---|
107 | |
---|
108 | Save and exit |
---|
109 | |
---|
110 | 12. Fix a link: |
---|
111 | |
---|
112 | # cd /var/www |
---|
113 | # ln -s /usr/share/cvsweb . |
---|
114 | |
---|
115 | Open a web browser to the link: |
---|
116 | |
---|
117 | http://pcXXX/cgi-bin/cvsweb/ |
---|
118 | |
---|
119 | Select the RANCID repository and browse the files under the 'all' |
---|
120 | directory. |
---|
121 | |
---|
122 | ------------------------------------------------------------------------ |
---|
123 | |
---|
124 | Rancid looking glass |
---|
125 | -------------------- |
---|
126 | |
---|
127 | Rancid can also provide a web interface for support staff to perform |
---|
128 | limited queries on routers, without letting them know the passwords. |
---|
129 | |
---|
130 | To use it, install the `rancid-cgi` package, and point your web browser at |
---|
131 | http://pcXXX/cgi-bin/lg/lgform.cgi |
---|
132 | |
---|
133 | You need to copy your routers.db to `/etc/rancid/routers.db` and |
---|
134 | your .clogin file to `/var/www/.clogin`, and make them readable only to the |
---|
135 | `www-data` user. Beware that if there are other CGIs running on your Apache |
---|
136 | server, they will be able to read these passwords. |
---|
137 | |
---|
138 | Configuration file is `/etc/rancid/lg.conf`. Additional info is in |
---|
139 | `man lg_intro` and files in the directory `/usr/share/doc/rancid-cgi`, |
---|
140 | especially `README.lg` |
---|