Really Awesome Network Config Differ Tricks we use to forget

Install Rancid

First install rancid via the repositories :

aptitude install rancid

Maybe it will not install the CVS dependency, if it is the case you can still install it later.

Most of files should be located in

/var/lib/rancid/

. Only the config file is located in

/etc/rancid/

The script files which are going to save your configs are located in the

../bin/

directory.

SAVE ALL THE CONFIGS!

Configure Router

Brocade

On Brocade devices, I strugeled at the beginning until I found out the problem was the SSH cryptographic method, and then that I needed the “skip-page-display” option set to get full config saved :

enable read-only-password anypassword
privilege exec level 5 skip-page-display
username rancid privilege 5 password yourpassword

Check that ssh access-list grants you access to the device.

JunOS

set system login class noc permissions view
set system login class noc permissions view-configuration
set system login user rancid authentication plain-text-password/encrypted-password
set system login user rancid class noc

Configure Server

First, all you need to do is edit the config file in

/etc/rancid/

and search for :

# list of rancid groups
LIST_OF_GROUPS="customer-routers customer-switches"

Here you can add group labels that will represent a category of devices.

To generate the files accordingly to the groups, use :

su - rancid
bin/rancid-cvs

NOTE: Command should be launched by rancid user.

Go to

/var/lib/rancid/customer-routers

and edit the

router.db

file which has to look like this :

#hostname:os:status
switch1.office:cisco:up
192.168.1.20:foundry:up

There can be hostnames or IPs. If hostnames are set, /etc/hosts file has to be informed about.

The second task is creating a file that matchs options and passwords to devices :

touch /var/lib/rancid/.cloginrc
vim .cloginrc

For example :

add cyphertype  192.168.65.*     aes128-cbc
add user        *       rancid
#for the brocade devices including cers and fcxs/icxs
add password 192.168.65.* passwd enable-passwd
#for the juniper devices
add password    *       passwd
add method     *    ssh

Don’t forget to protect this critical file :

chmod 600 .cloginrc
chown rancid:rancid .cloginrc

Test & Troubleshooting

You can test it by using the script corresponding to the device brand /juniper= jlogin, cisco = clogin,etc.) :

bin/clogin 192.168.65.1

If output looks like this, Rancid should be able to access device with correct user/passwd:

bin/clogin 192.168.65.1
192.168.65.1
spawn ssh -c 3des -x -l admin 192.168.65.1
admin@172.20.1.1's password:
SSH@router01>enable
Password:
SSH@router-01#

Now you can test if the backup works :

bin/rancid-run

Check the output :

tail -n 200 /var/log/rancid/rancidxxxx.log

If it works, log should look like:

Trying to get all of the configs.
All routers sucessfully completed.

Set Cronjob

For a backup every day at 10 PM :
echo "00 22 * * * rancid nice /var/lib/rancid/bin/rancid-run > /dev/null 2>&1" >> /etc/crontab

You’re done. Now the most important part is to verifiy weekly/monthly if backups are still working. Trust me, the day (Murphy whistle’s me “night”) you need a config file with 100 route-maps and 300 peerings, you don’t want to find out the backups are not working for a month now. 🙂

Image

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s