First install rancid via the repositories :
aptitude install rancid
Maybe it will not install the CVS dependency, if it is the case you can still install it later.
Most of files should be located in
. Only the config file is located in
The script files which are going to save your configs are located in the
SAVE ALL THE CONFIGS!
On Brocade devices, I strugeled at the beginning until I found out the problem was the SSH cryptographic method, and then that I needed the “skip-page-display” option set to get full config saved :
enable read-only-password anypassword privilege exec level 5 skip-page-display username rancid privilege 5 password yourpassword
Check that ssh access-list grants you access to the device.
set system login class noc permissions view set system login class noc permissions view-configuration set system login user rancid authentication plain-text-password/encrypted-password set system login user rancid class noc
First, all you need to do is edit the config file in
and search for :
# list of rancid groups LIST_OF_GROUPS="customer-routers customer-switches"
Here you can add group labels that will represent a category of devices.
To generate the files accordingly to the groups, use :
su - rancid bin/rancid-cvs
NOTE: Command should be launched by rancid user.
and edit the
file which has to look like this :
#hostname:os:status switch1.office:cisco:up 192.168.1.20:foundry:up
There can be hostnames or IPs. If hostnames are set, /etc/hosts file has to be informed about.
The second task is creating a file that matchs options and passwords to devices :
touch /var/lib/rancid/.cloginrc vim .cloginrc
For example :
add cyphertype 192.168.65.* aes128-cbc add user * rancid #for the brocade devices including cers and fcxs/icxs add password 192.168.65.* passwd enable-passwd #for the juniper devices add password * passwd add method * ssh
Don’t forget to protect this critical file :
chmod 600 .cloginrc chown rancid:rancid .cloginrc
Test & Troubleshooting
You can test it by using the script corresponding to the device brand /juniper= jlogin, cisco = clogin,etc.) :
If output looks like this, Rancid should be able to access device with correct user/passwd:
bin/clogin 192.168.65.1 192.168.65.1 spawn ssh -c 3des -x -l admin 192.168.65.1 firstname.lastname@example.org's password: SSH@router01>enable Password: SSH@router-01#
Now you can test if the backup works :
Check the output :
tail -n 200 /var/log/rancid/rancidxxxx.log
If it works, log should look like:
Trying to get all of the configs. All routers sucessfully completed.
echo "00 22 * * * rancid nice /var/lib/rancid/bin/rancid-run > /dev/null 2>&1" >> /etc/crontab
You’re done. Now the most important part is to verifiy weekly/monthly if backups are still working. Trust me, the day (Murphy whistle’s me “night”) you need a config file with 100 route-maps and 300 peerings, you don’t want to find out the backups are not working for a month now. 🙂