Agenda: exercises-rancid-2.txt

Network Management & Monitoring

Using RANCID Part II
====================

Notes:
------
* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root.
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") 
  imply that you are executing commands on remote equipment, or within 
  another program.

Exercises
---------

1. Become the RANCID user

    Make sure you are the root user first. If not, then do:
        
        $ sudo bash
        
    To become the RANCID user do:

        # su -s /bin/bash rancid

2. Note the IP addresses for the routers

        10.10.254.xxx  where xxx goes from 1 to 26

3. Update /var/lib/rancid/.cloginrc

    Change the file to look like this:

        $ editor /var/lib/rancid/.cloginrc

        add user 10.10.254.* sysadmin
        add password 10.10.254.* pass enable_pass

    (This tells RANCID that all hosts called "10.10.254.*" use the
    same password and user -- no need to add every router by hand!
    The first match in the file wins)

4. Update the router.db

        $ editor /var/lib/rancid/all/router.db

    Add some other classroom routers to the file. You should end up with
    something like:

        10.10.254.5:cisco:up 
        10.10.254.6:cisco:up 
        10.10.254.7:cisco:up 
        10.10.254.8:cisco:up 

    (Note that "cisco" means this is Cisco equipment -- it tells Rancid
    that we are expecting to talk to a Cisco device here.  You can also
    talk to Juniper, HP, ...)

5. Run rancid again:

        $ /usr/lib/rancid/bin/rancid-run

    (Should take a few seconds)

6. Check out the logs:

        $ cd /var/lib/rancid/logs
        $ ls -l

    ... Pick the latest file and view it

        $ less all.YYYYMMDD.HHMMSS

7. Look at the configs

        $ cd /var/lib/rancid/all/configs
        $ less 10.10.*

    If all went well, you can see the configs of ALL routers

8. Change the configuration on the router (change the description on
    an interface, for example)

9. Run rancid again

        $ /usr/lib/rancid/bin/rancid-run

10. Play with clogin:

        $  /usr/lib/rancid/bin/clogin -c "show clock" 10.10.254.x

    What do you notice ?

11. Add the RANCID CVS repository in to CVSweb

    If you are still logged in as user rancid, get back to root

        $ exit
        # 

    Install CVSweb:

        # apt-get install cvsweb

12. Edit the file /etc/cvsweb/cvsweb.conf

        # editor /etc/cvsweb/cvsweb.conf

    Below the line

        'local'   => ['Local Repository', '/var/lib/cvs'],

    add

        'rancid'   => ['Rancid Repository', '/var/lib/rancid/CVS'],

    Save and exit

13. Fix a link:

        # cd /var/www
        # ln -s /usr/share/cvsweb .
        
    Open a web browser to the link:

        http://pcXXX/cgi-bin/cvsweb/

    Select the RANCID repository and browse the files under the 'all'
    directory.

------------------------------------------------------------------------

Rancid looking glass
--------------------

Rancid can also provide a web interface for support staff to perform
limited queries on routers, without letting them know the passwords.

To use it, install the `rancid-cgi` package, and point your web browser at
http://pcXXX/cgi-bin/lg/lgform.cgi

You need to copy your routers.db to `/etc/rancid/routers.db` and
your .clogin file to `/var/www/.clogin`, and make them readable only to the
`www-data` user. Beware that if there are other CGIs running on your Apache
server, they will be able to read these passwords.

Configuration file is `/etc/rancid/lg.conf`. Additional info is in
`man lg_intro` and files in the directory `/usr/share/doc/rancid-cgi`,
especially `README.lg`