Network Management & Monitoring Using RANCID Part II ==================== Notes: ------ * Commands preceded with "$" imply that you should execute the command as a general user - not as root. * Commands preceded with "#" imply that you should be working as root. * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") imply that you are executing commands on remote equipment, or within another program. Exercises --------- 1. Become the RANCID user Make sure you are the root user first. If not, then do: $ sudo bash To become the RANCID user do: # su -s /bin/bash rancid 2. Note the IP addresses for the routers 10.10.254.xxx where xxx goes from 1 to 26 3. Update /var/lib/rancid/.cloginrc Change the file to look like this: $ editor /var/lib/rancid/.cloginrc add user 10.10.254.* sysadmin add password 10.10.254.* pass enable_pass (This tells RANCID that all hosts called "10.10.254.*" use the same password and user -- no need to add every router by hand! The first match in the file wins) 4. Update the router.db $ editor /var/lib/rancid/all/router.db Add some other classroom routers to the file. You should end up with something like: 10.10.254.5:cisco:up 10.10.254.6:cisco:up 10.10.254.7:cisco:up 10.10.254.8:cisco:up (Note that "cisco" means this is Cisco equipment -- it tells Rancid that we are expecting to talk to a Cisco device here. You can also talk to Juniper, HP, ...) 5. Run rancid again: $ /usr/lib/rancid/bin/rancid-run (Should take a few seconds) 6. Check out the logs: $ cd /var/lib/rancid/logs $ ls -l ... Pick the latest file and view it $ less all.YYYYMMDD.HHMMSS 7. Look at the configs $ cd /var/lib/rancid/all/configs $ less 10.10.* If all went well, you can see the configs of ALL routers 8. Change the configuration on the router (change the description on an interface, for example) 9. Run rancid again $ /usr/lib/rancid/bin/rancid-run 10. Play with clogin: $ /usr/lib/rancid/bin/clogin -c "show clock" 10.10.254.x What do you notice ? 11. Add the RANCID CVS repository in to CVSweb If you are still logged in as user rancid, get back to root $ exit # Install CVSweb: # apt-get install cvsweb 12. Edit the file /etc/cvsweb/cvsweb.conf # editor /etc/cvsweb/cvsweb.conf Below the line 'local' => ['Local Repository', '/var/lib/cvs'], add 'rancid' => ['Rancid Repository', '/var/lib/rancid/CVS'], Save and exit 13. Fix a link: # cd /var/www # ln -s /usr/share/cvsweb . Open a web browser to the link: http://pcXXX/cgi-bin/cvsweb/ Select the RANCID repository and browse the files under the 'all' directory. ------------------------------------------------------------------------ Rancid looking glass -------------------- Rancid can also provide a web interface for support staff to perform limited queries on routers, without letting them know the passwords. To use it, install the `rancid-cgi` package, and point your web browser at http://pcXXX/cgi-bin/lg/lgform.cgi You need to copy your routers.db to `/etc/rancid/routers.db` and your .clogin file to `/var/www/.clogin`, and make them readable only to the `www-data` user. Beware that if there are other CGIs running on your Apache server, they will be able to read these passwords. Configuration file is `/etc/rancid/lg.conf`. Additional info is in `man lg_intro` and files in the directory `/usr/share/doc/rancid-cgi`, especially `README.lg`