Agenda: exercises-rancid.txt

Network Management & Monitoring

Using RANCID
============

Notes:
------
* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root.
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") 
  imply that you are executing commands on remote equipment, or within 
  another program.

Exercises
---------

1. Connect to your PC using ssh

2. Become root, verify that postfix (mail system) is installed and running.

        $ sudo bash
        # service postfix status
        ... result should be "postfix is running"

    Also check that the 'mutt' mail client is installed:

        # apt-get install mutt

3. Add an alias for the rancid user in /etc/aliases file

        # editor /etc/aliases
        
        rancid-all:     sysadm
        rancid-admin-all:   sysadm

    Save the file, then run:

        # newaliases

4. Install Rancid itself

        # apt-get install rancid telnet

5. Edit /etc/rancid/rancid.conf

        # editor /etc/rancid/rancid.conf

    Find the line with the parameter LIST_OF_GROUPS, and add a similar 
    line with:

        LIST_OF_GROUPS="all"

    (with no '#' at the front of line)

6. Change to the rancid user

    From a root prompt, switch identity to become the 'rancid' user:
        
        # su -s /bin/bash rancid
        
    Check that you ARE the rancid user:

        $ id

    You should see something similar (numbers may be different):

        uid=114(rancid) gid=124(rancid) groups=124(rancid)

7. Create /var/lib/rancid/.cloginrc

        $ editor /var/lib/rancid/.cloginrc

        add user 10.10.254.xxx cisco
        add password 10.10.254.xxx cisco cisco

    (Replace 10.10.254.xxx with your router's IP address. The first
    'cisco' is the username, the second and third 'cisco' are the
    password and enable password used to login to your router)

    Now protect this file so that it cannot be read by other users:

        $ chmod 600 /var/lib/rancid/.cloginrc

8. Initialize the CVS repository for rancid:

        $ /usr/lib/rancid/bin/rancid-cvs

    You should see something similar to this:

        No conflicts created by this import

        cvs checkout: Updating all
        Directory /var/lib/rancid/CVS/all/configs added to the repository
        cvs commit: Examining configs
        cvs add: scheduling file `router.db' for addition
        cvs add: use `cvs commit' to add this file permanently
        /var/lib/rancid/CVS/all/router.db,v  <--  router.db
        initial revision: 1.1

9. Test login to the router

        $  /usr/lib/rancid/bin/clogin 10.10.254.xxx

    If all goes well, rancid will proceed to automatically log you
    into the router.  You should see this on your screen:

        User Access Verification

        Username: cisco
        Password: 

        router16>enable
        Password: 
        Router16#

    ... all this without having to type a username or password!

    Type 'exit' to logout

10. Create the router.db

        $ editor /var/lib/rancid/all/router.db

    Add this line:

        10.10.254.xxx:cisco:up

    (remember to replace xxx as appropriate)

11. Let's run rancid!

        $ /usr/lib/rancid/bin/rancid-run

    (Should take a few seconds)

12. Check out the logs:

        $ cd /var/lib/rancid/logs
        $ ls -l

    ... View the contents of the file(s):

        $ less all.*

13. Look at the configs

        $ cd /var/lib/rancid/all/configs
        $ less 10.10.254.xxx

    If all went well, you can see the config of the router.

14. Let's change an interface Description on the router

        $ /usr/lib/rancid/bin/clogin 10.10.254.xxx

    At the "RouterX#" prompt, enter the command:

        conf term

    You should see:

        Enter configuration commands, one per line.  End with CNTL/Z.
        RouterX(config)#

    Enter:

        interface Fa0/0

    You should get this prompt:

        RouterX(config-if)#

    Enter:

        RouterX(config-if)# description External interface to classroom
        RouterX(config-if)# end

    You should now have this prompt:

        RouterX#

    To save the config to memory:

        write memory

    You should see:

        Building configuration...
        [OK]

    To exit type:

        exit

15. Let's run rancid again:

        $ /usr/lib/rancid/bin/rancid-run

    Look at the config and logs

        $ ls /var/lib/rancid/logs/

16. Let's see the differences

        $ cd /var/lib/rancid/all/configs
        $ ls -l

    You should see all the router config files

        $ cvs log 10.10.254.xxx

    (where xxx is the IP of your router, .129 or .161)

    Notice the revisions.  Let's view the difference between two versions:

        $ cvs diff -u -r 1.2 -r 1.3 10.10.254.xxx | less

    ... can you find your changes ?

17. Check your mail

    Now we will exit from these shells to get back to being the "sysadm"
    user, and run 'mutt' to see the mails which rancid has sent:

        $ exit
        # exit
        $ id
        ... check that you are now the 'sysadm' user again;
        ... if not, log out and in again
        $ mutt

    (When asked to create the Mail directory, say Yes)

    If everything goes as planned, you should be able to read the mails
    sent by Rancid.

    (use 'q' return to mail index, and 'q' again to quit mutt)

18. Finally, let's make rancid run automatically every 30 minutes from cron

        # crontab -e -u rancid

    Add this line:

        */30  *  *  *  *  /usr/lib/rancid/bin/rancid-run

    ... then save and quit