***Network Management and Monitoring Using RANCID ***
Welcome to the 2nd part of RANCID Configuration!!
Whatever you do, don’t edit or touch the .svn directory by hand!!
Step-17: Check your mail
Now we will exit from the rancid user shell and the root user shell to go back to being the “sysadm” user. Then we’ll use the “mutt” email client to see if rancid has been sending emails to the sysadm user.
$ exit (takes your from rancid to root user)
# exit (take you from root to sysadm user)
… check that you are now the ‘sysadm’ user again;
… if not, log out and in again as sysadm to your virtual host
(When asked to create the Mail directory, say Yes)
If everything goes as planned, you should be able to read the mails sent by Rancid. You can select an email sent by “rancid@pcX.ws.gpontutorials.com” and see what it looks like.
Notice that it is your router description and any differences from the last time it was obtained using the rancid-run command.
Now exit from mutt.
(use ‘q’ return to mail index, and ‘q’ again to quit mutt)
Step-18: Let’s make rancid run automatically every 30 minutes from using cron
cron is a system available in Linux to automate the running of jobs. First we need to become the root user again:
$ sudo bash
Now we will create a new job to run for the rancid user:
# crontab -e -u rancid
It will ask you for your favorite editor. Select whichever editor you have been using in class.
Add this line at the bottom of the file (COPY and PASTE):
*/30 * * * * /usr/lib/rancid/bin/rancid-run
… then save and quit from the file.
That’s it. The command “rancid-run” will execute automatically from now on every 30 minutes all the time (every day, week and month).
Step-19:Now add all the other routers
Note the addresses for the routers rtrX.ws.gpontutorials.com where X goes from 1 to 9
If you have less routers in your class, then only include the actual, available routers.
Become the rancid user and update the router.db file:
# su -s /bin/bash rancid
$ editor /var/lib/rancid/all/router.db
Add the other classroom routers to the file. You should end up with
something like (COPY and PASTE):
(Note that “cisco” means this is Cisco equipment — it tells Rancid that we are expecting to talk to a Cisco device here. You can also talk to Juniper, HP, …). Be sure the entries are aligned to the left of the file.
Step-20:Run rancid again:
This should take a minute or more now, be patient.
Step-21:Check out the logs:
$ cd /var/lib/rancid/logs
$ ls -l
… Pick the latest file and view it
$ less all.YYYYMMDD.HHMMSS
This should be the last file listed in the output from “ls -l”
You should notice a bunch of statements indicating that routers have been added to the Subversion version control repository, and much more.
Step-22:Look at the configs
$ cd /var/lib/rancid/all/configs
$ more *.ws.gpontutorials.com
Press the SPACE bar to continue through each file. Or, you could do:
$ less *.ws.gpontutorials.com
And press the SPACE bar to scroll through each file and then press “:n” to
view the next file. Remember, in both cases you can press “q” to quit at any time. If all went well, you can see the configs of ALL routers
Step-23:Run RANCID again just in case someone changed some configuration on the router
This could take a few moments, so be patient….
Step-24:Play with clogin:
$ /usr/lib/rancid/bin/clogin -c “show clock” rtrX.ws.gpontutorials.com
Where “X” is the number of your group.
What do you notice ?
Even better, we can show the power of using a simple script to make changes to multiple devices quickly:
$ editor /tmp/newuser
… in this file, add the following commands (COPY and PASTE):
username NewUser secret 0 NewPassword
Save the file, exit, and run the following commands from the command line:
$ for r in 1 2 3 4
Your prompt will now change to be “>”. Continue by typing:
> /var/lib/rancid/bin/clogin -x /tmp/newuser rtr$r.ws.gpontutorials.com
Now your prompt will go back to “$” and rancid clogin command will run and execute the commands you just typed above on routers rtr1, rtr2, rtr3 and rtr4. This is simple shell scripting in Linux, but it’s very powerful.
- How would you verify that this has executed correctly ? Hint: “show run | inc”
- Connect to rtr1, rtr2, rtr3 and rtr4. Type “enable” and then type
“show run | inc username” to verify that the NewUser username now exists.
Type exit to leave each router. Naturally you could automate this like we just did above.
Step-25:Add the RANCID SVN (Subversion) repository in to WebSVN
If you are still logged in as user rancid, get back to root. Remember you can
type “id” to check what userid you are.
# apt-get install websvn
* Select <Yes> to the question if you want to configure WebSVN now and press ENTER
* Select <Ok> for the next question about supporting various web servers and press ENTER
* When asked for the “svn parent repositories” change the path to be:
Select <Ok> and press ENTER. Do the same when asked about “svn
repositories” on the next screen. That is, use the path:
and not what is shown by default. Select <Ok> and press ENTER.
* Select <Ok> for the next screen talking about permissions and press ENTER.
Step-26:Fix permissions. The web server must be able to read the SVN (Subversion) folder
# chgrp -R www-data /var/lib/rancid/svn
# chmod g+w -R /var/lib/rancid/svn
Step-27:Browse the rancid files from your Web browser!
Browse the files under the ‘all/configs’ directory.
You can see all your router configuration files here.
WebSVN lets you see easily the changes between versions.
* Browse to http://pcXXX.ws.gpontutorials.com/websvn again, go to all, configs.
* Click on your router file (rtrX.ws.gpontutorials.com) name. You will get a new screen
* Click “Compare with Previous” at the top of the screen.
* You should now see the latest changes highlighted.
Click on “REPOS 1” to back to the main WebSVN page:
* Click on “all/” under “Path”
* Click on “configs/”
* Select two of the routers that are next to each other. I.E. rtr1 and rtr2, rtr3 and rtr4.
* Click on Compare Paths
This will show you the differences between two separate router configurations.
WebSVN is a convenient way to quickly see differences via a GUI between mulitple configuration files. Note, this is a potential security hole so you should limit access to the URL http://host/websvn using passwords (and SSL) or appropriate