RANCID – Cisco config backups

Adding new Devices into Rancid

 

 

Add the new device to the router.db file in the format shown below

nano /var/rancid/ims-devices/router.db

 

192.168.1.1:cisco:up

 

Add the user details into

nano /var/rancid/.cloginrc

 

Test

su rancid

bin/clogin 192.168.1.1

Then for a successful test the script should run and login to the device and into the main configuration prompt like enable. You should be able to run commands ect.. If it logins in but you cannot run commands that means it’s not working.

Note: This happens with the HP switches when using clogin, instead use hlogin

 

More information Below =

 

 

The Rancid router.db file

The router.db file is the device list rancid uses to do its backups. It has the format:

dns-name-or-ip-address:device-type:status

Where dns-name-or-ip-address is the hostname or IP address of the device, device-type is the expected type of operating system the device should be running and status (which can be up or down) which determines whether the device should be backed up or not. This example is for a Cisco device with an IP address of 192.168.1.1.

192.168.1.1:cisco:up

Note: According to the Rancid help pages, “a ‘#’ at the beginning of a line is considered as a comment and the entire line is ignored. If a device is deleted from the router.db file, then Rancid will clean up by removing the device’s configuration file /usr/local/rancid/var/networking/configs directory. The CVS information for the device will be moved to CVS Attic directory (using cvs delete).”

Various device types for Rancid

Device Description
alteon An Alteon WebOS switches.
baynet A Bay Networks router.
cat5 A Cisco catalyst series 5000 and 4000 switches (i.e.: running the catalyst OS, not IOS).
cisco A Cisco router, PIX, or switch such as the 3500XL or 6000 running IOS (or IOS-like) OS.
css A Cisco content services switch.
enterasys An enterasys NAS. This is currently an alias for the riverstone device type.
erx A Juniper E-series edge router.
Extreme An Extreme switch.
ezt3 An ADC-Kentrox EZ-T3 mux.
force10 A Force10 router.
foundry A Foundry router, switch, or router-switch. This includes HP Procurve switches that are OEMs of Foundry products, such as the HP9304M.
hitachi A Hitachi routers.
hp A HP Procurve switch such as the 2524 or 4108 procurve switches. Also see the foundry type.
mrtd A host running the (merit) MRTd daemon.
netscalar A Netscalar load balancer.
netscreen A Netscreen firewall.
redback A Redback router, NAS, etc.
tnt A lucent TNT.
zebra Zebra routing software.
riverstone A Riverstone NAS or Cabletron (starting with version ~9.0.3) router.
juniper A Juniper router.

The Rancid .clogin.rc file

The .clogin.rc file lists all the passwords rancid will use. The one that comes with the Rancid installation kit has a lot of examples in it and is fairly self-explanatory. Unfortunately some of the examples are not commented out, so you will have to do so yourself. Here is a sample snippet using some commonly encountered scenarios.

#

# Sample .clogin.rc file

#

 

####################################################################

#

# Device 192.168.1.16 has a unique username and password, but

# doesn’t logins do not get the enable prompt.

#

# If the device prompts for a username, Rancid will use the Linux

# “rancid” username and the first password in the list. If only a

# login password is requested, rancid uses the first password in the

# list. The second password is the “enable” password.

#

####################################################################

 

add password 192.168.1.16 {telnet-password} {enable-password}

 

####################################################################

#

# Devices with DNS names ending in my-web-site.org in the router.db

# file or beginning with 172.16. have a different set of passwords.

#

# If the device prompts for a username, Rancid will use the Linux

# “rancid” username and the first password in the list. If only a

# login password is requested, rancid uses the first password in the

# list. The second password is the “enable” password.

#

####################################################################

 

add password *.my-web-site.org {telnet-password} {enable-password}

add password 172.16.* {telnet-password} {enable-password}

 

####################################################################

#

# Everything else uses these passwords. Rancid will attempt to use

# telnet then SSH for logins

#

####################################################################

 

add password * {telnet-password} {enable-password}

add method * telnet ssh

Testing Rancid

Rancid has a number of scripts that can be run as part of a testing program and the logs they create are fairly detailed. Here are some examples. As a general rule, it is usually easiest to do testing as the rancid user.

Testing A Login for a Single Device

The clogin script in the bin directory can be used to read the .cloginrc file as part of an interactive test. In this example, we successfully log in to our 192.168.1.1 Cisco device and get an interactive enable prompt.

[rancid@bigboy ~]$ bin/clogin 192.168.1.1

192.168.1.1

spawn telnet 192.168.1.1

Trying 192.168.1.1…

Connected to (192.168.1.1).

Escape character is ‘^]’.

 

User Access Verification

 

Password:

Type help or ‘?’ for a list of available commands.

pixfirewall> enable

Password: ********

pixfirewall#

pixfirewall# exit

 

Logoff

 

Connection closed by foreign host.

[rancid@bigboy ~]$

You can still test if you are not logged in as the rancid Linux user, but are a member of the netadm group (or root). Simply use the clogin command as user rancid and using the /usr/local/rancid/.cloginrc password file as in the example below.

[root@bigboy tmp]$ /usr/local/rancid/bin/clogin \

-f /usr/local/rancid/.cloginrc -u netadm 192.168.1.1

Testing For All Devices

The rancid-run script in the bin directory can be used to read the .cloginrc file as part of a complete test.

[rancid@bigboy ~]$ bin/rancid-run

[rancid@bigboy ~]$

 

 

Taken from

 

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *