How to install and configure Rancid

Posted on Christian By Christian No Comments on How to install and configure Rancid
Rancid installation

In this article, we shall discuss how to install and configure Rancid. When you embark on the journey to Install and Configure Rancid, you’re stepping into a realm where RANCID takes on the vital role of monitoring a router’s. Or more generally, a device configuration. However, this encompasses software and hardware aspects such as cards, serial numbers, and more. Please see the Differences between Directory Services and Databases, How to uninstall AWS CLI in Windows, and How to add a device to your Microsoft Account.

To ensure an organized history of changes, RANCID employs CVS (Concurrent Version System) or Subversion, thus empowering you with effective management of configuration alterations.

Rancid Installation

Nonetheless, To effectively manage your network configuration, begin by following this easy guide to Install and Configure Rancid. As an optional step, it is recommended to create a new user named “rancid.” This practice enhances security by avoiding the execution of applications with root privileges.

#adduser rancid --home /home/rancid
#sudo apt-get install rancid

Also, see How to remove a Device from your Microsoft Account, and How to Enable and use Sudo in Windows 11.

Configuration Rancid

The process to install and Configure Rancid, a crucial step involves creating a new user and group referred to as “rancid.” The installation creates a new user and group named “rancid” with a home directory of /var/lib/rancid.

However, Now, we must create at least one group in RANCID to logically organize our devices. Groups can be based on any criteria you wish. So if you’ve got one physical location.

You could create “router”, “firewall”, and “switch” groups, or, in larger environments with multiple physical locations, group names such as “Los Angeles”, “San Francisco”, and “New York”

Note: Even though it’s a blank file, it’s good practice to start by making a backup copy of the original rancid.conf file.

sudo cp /etc/rancid/rancid.conf /etc/rancid/rancid.conf.ORIGINAL

Open the file “/etc/rancid/rancid.conf” in your favorite text editor, add a line similar to the following, and save and exit.

LIST_OF_GROUPS="Los_Angeles, San_Francisco, and New_York"

E-Mail Notification

In the process of setting up network device management, it is crucial to seamlessly Install and Configure Rancid. As part of this setup, it becomes necessary to inform RANCID about the intended recipients for email notifications pertaining to specific device groups.

This involves the establishment of email aliases within the configuration files of your Mail Transfer Agent (MTA). Typically, on an Ubuntu system, you’ll find this configuration in the “/etc/aliases” file by default.

For each group that you created, we need to add two aliases to the aliases file named “rancid-<groupname>” and “rancid-admin-<groupname>”. Open up the “/etc/aliases” file in a text editor and add lines similar to the following:

rancid-Los_Angeles: <[email protected]>
rancid-admin-Los_Angeles: <[email protected]>
rancid-San_Francisco: <[email protected]>
rancid-admin-San_Francisco: <[email protected]>
rancid-New_York: <[email protected]>
rancid-admin-New_York: <[email protected]>

After saving your changes and exiting, you’ll need to let your MTA know about the changes. Since Ubuntu use sendmail by default, this can be accomplished by running…
sudo /usr/bin/newaliases

CVS Repository

Your device’s configuration files will be stored in a Concurrent Versions System (CVS). This provides a way to track changes over time as well as provides you with a bit of disaster recovery.

In order to prepare CVS we must create a folder structure based off of the RANCID groups that we created earlier. This command needs to be run as the “rancid” user that was created when the RANCID software was first installed.

sudo su -c /var/lib/rancid/bin/rancid-cvs -s /bin/bash -l rancid

Assuming that runs without any errors, you should see a number of new directories created under “/var/lib/rancid”, named according to the RANCID groups you defined earlier (e.g. “/var/lib/rancid/Los_Angeles”, “/var/lib/rancid/San_Francisco”, “/var/lib/rancid/New_York”, etc). Inside each will be a file named “router.db”:

[username@hostname ~]
$ sudo find /var/lib/rancid -type f -name router.db
./Los_Angeles/router.db
./San_Francisco/router.db
./New_York/router.db

Hosts File

Before going any further, it’s a good idea to ensure that you can ping the devices that you want to download configuration files from by name.

Again, it’s a good idea to make a backup copy of the original file that we’re about to work on. In this case the /etc/hosts file.

sudo cp /etc/hosts /etc/hosts.ORIGINAL

The original /etc/hosts file should look something like this…

127.0.0.1 localhost
127.0.1.1 yourcomputershostname.exampledomain.com yourcomputershostname
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now that you’ve made a backup, edit the /etc/hosts file and just above the commented line so that they’re grouped with the other IPv4 information, add something like the following…

1.1.1.1 router.location1.com router
2.2.2.2 firewall.location2.com firewall
3.3.3.3 switch.location3.com switch

This is VERY important so take the time to ensure that not only can you ping the device by its IP address, you can also ping it by either it’s Fully Qualified Domain Name (FQDN) or simply by its hostname.

Router.db Files

Inside each of these “router.db” files is where we let RANCID know what devices exist in each location. Therefore, A single line in each file is used to identify a single device.

The format of the definitions is of the format “hostname:type:status”, where “hostname” is the fully-qualified domain name or IP address, “type” defines the type of device (e.g. “cisco”, “hp”, “foundry”, etc.) and “status” is either “up” or “down”. However, If “status” is set to “down”, RANCID will simply ignore the device.

Sample entries might look like this:

router.location1.com:cisco:up
firewall.location2.com:hp:down
switch.location3.com:foundry:down

cloginrc

Once you have successfully added your devices to the appropriate “router.db” files, we need to let RANCID know how to access the devices (telnet, SSH, etc.) and what credentials to use to login.

However, This is done via the “.cloginrc” file that exists in the rancid user’s home directory (“/var/lib/rancid/.cloginrc”, by default).

It is a good security practice to never connect to devices via telnet, so this guide will only cover the SSH method of connecting to a device. Additional connection methods receive support. Moreover Configuration of .cloginrc file relies on end device’s user authentication method.

Users may configure locally or devices authenticate against enterprise systems like LDAP or Active Directory. The process can be complex, thus ensure thorough documentation reading.

man cloginrc to see the details of all the available options and keywords available for use. This guide assumes the simplest setup: end devices define local usernames and passwords. Here’s some example information my a .cloginrc file.

  • Firewall
  • add method firewall.location2.com {ssh}
  • add cyphertype firewall.location2.com {des}
  • add user firewall.location2.com {rancid}
  • add password firewall.location2.com {<user_password>} {<enable_password}
  • Testing
  • clogin
  • The basic of tests utilizes the clogin application.
/usr/lib/rancid/bin/clogin -f /var/lib/rancid/.cloginrc firewall.location2.com

The clogin application will use the .clogin configuration file specified by the -f variable and will automatically login to the device named firewall.location2.com.

When it’s all said and done you should end up in enable mode on the firewall device. If there are problems, clogin does an excellent job of providing pointed advice on what is wrong.

rancid-run

With RANCID now configured, it’s time to test it out! Let’s manually invoke “rancid-run” (as the “rancid” user) to see if it all blows up!

[username@hostname ~]
$ sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid

This command may take a while to run, depending on how many devices you have configured. Be patient and, when it finishes, review the logfiles created in “/var/log/rancid”.

Assuming all goes well, you should receive e-mails from RANCID sent to the addresses that you defined in earlier in “/etc/aliases”.

Automating

Once everything is working, it’s time to automate the collection and archiving. The easiest way to do this is to simply create a cronjob under the rancid user that calls “rancid-run” for us on a periodic basis. We have RANCID run weekly, every Wednesday at 11:59AM

[username@hostname ~]
$ sudo su -c "/usr/bin/crontab -e -u rancid"

Modify the contents of the file so that you end up with something like this.

# m h dom mon dow command
59 11 * * Wed /usr/bin/rancid-run

I hope you have found this post useful on how to install and configure Rancid. Please feel free to leave a comment below.

5/5 - (1 vote)
Linux Tags:

Related Posts

More Related Articles

images copy How to disable automatic screen lock in Ubuntu Linux Linux
images copy How to clean packages lying around in Linux Linux
unionfsfeature How to Overlay two files with UnionFs in a Linux System Linux
Screenshot 2022 03 15 at 10.05.53 VMware Workstation states: What are the differences between Suspend, Power Off, and Run in Background Linux
screenshot 2020 04 23 at 00.30.09 How to mount a USB Drive in Linux Linux
cryptsetup How to encrypt a partition with Cryptsetup Linux

Leave a Reply