AlexNogard: IT HowTo

Linux & Opensource : Monitoring : Centreon, Nagios, Owncloud ..

By

Automated backup of your switches (hp,cisco,juniper..) configuration with rancid

Rancid & WebSVN

Backups more often we forget to do are the network backup, and when a problem arises, we are very annoyed to find our exact configuration.

Fortunately, there is a tool named Rancid (Really Awesome New Cisco config Differ) that will allow us to make automated backups once tool is in place.
Rancid supports a lot equipment like Cisco Catalyst, Juniper Edge Router,HP switches,Hitachis routers and many others (which are detailed below).

In addition to managing backups, Rancid backup configurations in our CVS / SVN.

In this article we will see how to install rancid in SVN mod, and then we set up the web interface for clarity.
This installation of Rancid is performed under Centos 6.2 64bit.

Now to install Rancid:

 

Installation

We need to install the prerequisites:

# yum -y install expect cvs python httpd mysql mysql-server gcc make autoconf gccc++ kernel-devel mod_python mysql-python

# yum -y install php-common php-gd php-mcrypt php-pear php-pecl-memcache phpmhash php-mysql php-xml

Then creates the user & group to use our Rancid:

# groupadd netadm
# useradd -g netadm -c “Networking Backups” -d /usr/local/rancid rancid

Then we create a temporary directory to hold Rancid and installs:

# mkdir /root/rancid
# cd /root/rancid
# wget ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz
# tar -xvzf rancid-2.3.8.tar.gz
# cd rancid-2.3.8
# ./configure –prefix=/usr/local/rancid/
# make install
# cp cloginrc.sample /usr/local/rancid/.cloginrc

Then assigns the right permissions :

chmod 0640 /usr/local/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 770 /usr/local/rancid/

Now we move on to the configuration of our Rancid, do the following:

# vi /usr/local/rancid/etc/rancid.conf

// Add the following line:

LIST_OF_GROUPS=”networking

This “list” is the group that will back up your switches configuration, so you can organize them as you want.

Rancid send reports by email, so add the following to /etc/aliases:

# vi /etc/aliases

// Add the following lines to the bottom :
#
# Rancid email addresses
#
rancid-admin-networking:                 rancid-networking
rancid-networking:                           networkin
noc:                                                networkin@my-web-site.org

// save & quite and do :

# newaliases

Now, we modify rancid to work in SVN mod:

# cd /usr/local/rancid
# vi etc/rancid.conf

// Replace CVS by SVN :

RCSSYS=svn; export RCSSYS

CVSROOT=$BASEDIR/SVN; export CSVROOT

Now we create our directories:

# su – rancid
$ ./bin/rancid-cvs

Configuration

Then we will add the switches / routers in our groups, for me it will be in “networking”

$ vi var/CVS/networking/router.db

// I add my router :

192.168.1.1:cisco:up

// Save & quit and do :

# svn update

Here is the list that Rancid manages hardware:

DeviceDescription
alteonAn Alteon WebOS switches.
baynetA Bay Networks router.
cat5A Cisco catalyst series 5000 and 4000 switches (i.e.: running the catalyst OS, not IOS).
ciscoA Cisco router, PIX, or switch such as the 3500XL or 6000 running IOS (or IOS-like) OS.
cssA Cisco content services switch.
enterasysAn enterasys NAS. This is currently an alias for the riverstone device type.
erxA Juniper E-series edge router.
ExtremeAn Extreme switch.
ezt3An ADC-Kentrox EZ-T3 mux.
force10A Force10 router.
foundryA Foundry router, switch, or router-switch. This includes HP Procurve switches that are OEMs of Foundry products, such as the HP9304M.
hitachiA Hitachi routers.
hpA HP Procurve switch such as the 2524 or 4108 procurve switches. Also see the foundry type.
mrtdA host running the (merit) MRTd daemon.
netscalarA Netscalar load balancer.
netscreenA Netscreen firewall.
redbackA Redback router, NAS, etc.
tntA lucent TNT.
zebraZebra routing software.
riverstoneA Riverstone NAS or Cabletron (starting with version ~9.0.3) router.
juniperA Juniper router.

Now that we have added our routers / switches, we must enter their passwords, usernames and access mode for this we will edit .Clogin.rc:

# vi .clogin.rc

// Add :

add password 192.168.1.1 password
add method 192.168.1.1 telnet
add autoenable 192.168.1.1 1

f you have multiple routers / switches with the same password, you can replace the IP with “*”.

Your Rancid is now configured, you can see if Rancid working fine with the following command :

# su – rancid
$ bin/rancid-run

Once completed, check your logs:

# tail -50 var/logs/networking.*************.**********

You should get something like:

starting: Tue Aug 21 02:01:01
Trying to get all of the configs.
All routers successfully completed.
cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs
ending: Tue Aug 21 02:01:06

For Rancid make backups weekly, simply add a Cron:

00 4 * * 0 /usr/local/rancid/bin/rancid-run #backup hebdomadaire (à 4H tous les dimanches)

Now the web interface configuration :

# cd /root
# wget http://websvn.tigris.org/files/documents/1380/49057/websvn-2.3.3.zip
# tar xvf websvn-2.3.1.tar.gz
# mkdir /usr/local/websvn
# cp –R ~/websvn-2.3.1/* /usr/local/websvn/
# chown apache:apache /usr/local/websvn

Then added our host in httpd config:

# vi /etc/httpd/conf.d/websvn.conf

// Ajouter les lignes suivantes

Alias /websvn /usr/local/websvn

<Directory /var/www/cvs>
Allow from all
</Directory>

Then we create the config file:

# cp /usr/local/websvn/include/distconfig.php /usr/local/websvn/include/config.php
# vi /usr/local/websvn/include/config.php

// Nous ajoutons cette ligne :

$config->addRepository(‘Switches’, ‘file:///usr/local/rancid/var/CVS/’);

Then add the apache user to the group netadm:

usermod -a -G netadm apache

You can go to the web interface: http://ipadresse/websvn.

Here is the result :

WebSVN - Rancid Networking

Voila, you can now automate your routers / switches backups with Rancid and view it all in a simple and efficient interface with WebSVN!

If you have any questions or comments, the comments are there for that 😉

Feel free to share this article with share buttons !

4 Responses to Automated backup of your switches (hp,cisco,juniper..) configuration with rancid

  1. Time to check out rConfig. RANCID is a great tool. But now there’s a better free network management tool.

    • Mike says:

      Stephen, you have just saved me tons of time with suggesting rConfig. The install guide and frontend is very easy to learn. Cudos!!

  2. Bogswagen says:

    Hi,

    Please, can you help me to set up this at Centos 6.5 64 bit.
    I really want to use this in our network.

    Bogswagen

  3. Gbenga says:

    RANCID seems quite difficult to adapt to other devices, I believe some people like me are running devices that are not listed in RANCID device type…

    I think the authors should look in the direction of tools like Nagios that are quite easy to adapt to monitor virtually any equipment…

    Am still searching how to adapt RANCID to my environment.

    Any ideas?

Leave a Reply

Your email address will not be published. Required fields are marked *