Rancid is a great tool to regularly save configs of network devices in SVN such as routers and switches.
There are many how-tos for installing and configuring this tool
(so I don't have to re-invent the wheel):
With this links it should be possible to get a running Rancid installation which saves the config of a normal Cisco device. Now we want it a bit fancier, so here is a How-to for installing Rancid with Puppet and save the configs of a Brocade Router with a special read-only user.
Puppet
To install and configure Rancid with Puppet, I've created a simple Puppet Module (Github). Here is an example on how it can be used:
# install and configure rancid
class { ::rancid:
groups => [ 'router', 'switches' ],
}
# create needed mail aliases
mailalias {
[ 'rancid-router', 'rancid-switches' ]:
ensure => present,
notify => Exec['newaliases'],
recipient => 'yourname@yourdomain.com';
[ 'rancid-admin-router', 'rancid-admin-switches' ]:
ensure => present,
notify => Exec['newaliases'],
recipient => 'yourname@yourdomain.com';
}
# create cron job
cron {
'Rancid run':
command => '/usr/bin/rancid-run',
user => 'rancid',
minute => '15',
hour => [6, 12, 15, 18, 23],
'Rancid cleanup':
command => '/usr/bin/find /var/log/rancid -type f -mtime +2 -exec rm {} \;',
user => 'rancid',
minute => '50',
hour => '23';
}
This installs Rancid, configures two Rancid groups (router and switches) and initializes the configured RCS (in this example: SVN). The Cron definition runs Rancid 5 times a day: 6:15, 12:15, 15:15, 18:15 and 23:25.
Brocade Router configuration
We want to have a special user on the Brocade devices, which has read-only rights. It's possible to have several user privilege levels:
- 0 - Full access (super-user)
- 4 - Port-configuration access
- 5 - Read-only access
Here's how to create a read-only user called rancid with the password testtest:
username rancid privilege 5 password testtest
enable read-only-password testtest
privilege exec level 5 skip-page-display
Rancid configuration
Add the following lines to .cloginrc, this is needed to login to the Brocade Router:
add password router* {testtest} {testtest}
add user router* rancid
add method router* ssh
add cyphertype router* aes128-cbc</pre>
To test if it works, you can use bin/flogin router1 as user rancid (su - rancid). This should end up in the enable mode of router1.
The last thing which needs to be done is to add the router to the router.db:
router1:foundry:up
Now you can run Rancid: su - rancid rancid-run router
Rancid tweaks
The Brocade MLXe router always reports it's uptime in the output of show version (Switch Fabric Module 1 Up Time is …).
To remove that line from the diff, Rancid needs a small patch (Credits: heasly from Shrubbery Networks):
Index: bin/francid.in
===================================================================
--- bin/francid.in (revision 2658)
+++ bin/francid.in (working copy)
@@ -179,7 +179,7 @@
next if (/^(The system |Crash time)/);
next if (/^(System|(Active|Standby) Management|LP Slot \d+|Switch Fabric
- Module \d+) uptime is/);
+ Module \d+) (uptime|Up Time) is/);
# remove uptime on newer switches
s/(STACKID \d+)\s+system uptime is.*$/$1/;</pre>
Conclusion
It's very easy to install and configure Rancid and brings a great view on what's going on in larger networks. If you have any problems, the mailing list of Rancid is just great!
