1. Become root, and install the Subversion Version Control System:
In addition to Subversion we will specify to install telnet and the mutt email client. Both these package may already be installed from prior exercises. If so, don't worry - the apt-get command will not reinstall them.
$ sudo -s# apt-get install subversion telnet mutt
2. Install Rancid itself
# apt-get install rancid
It will prompt with a warning - Select and press ENTER to continue.It will give you another warning about making a backup copy of your rancid data. We have no data, so select and press ENTER to continue.
3. Add an alias for the rancid user in /etc/aliases file
RANCID by default sends emails to the users rancid-groupname and rancid-admin-groupname. We want them to be sent to the sysadm user instead and use the alias function for this.
# editor /etc/aliases
rancid-routers: sysadm
rancid-admin-routers: sysadm
Save the file, then run:
# newaliases
4. Edit /etc/rancid/rancid.conf
# editor /etc/rancid/rancid.conf
Find this line in rancid.conf:
#LIST_OF_GROUPS="sl joebobisp"
And, underneath it add the following line:
LIST_OF_GROUPS="routers"
(with no '#' at the front of line, and aligned to the left)
We want to use Subversion for our Version Control System, and not CVS, so find the line with the parameter RCSSYS:
RCSSYS=cvs; export RCSSYS
And, change it to:
RCSSYS=svn; export RCSSYS
and the line with CVSROOT:
CVSROOT=$BASEDIR/CVS; export CVSROOT
And, change it to:
CVSROOT=$BASEDIR/svn; export CVSROOT
Note the lowercase "svn". Now exit and save the file.
5. Change to the rancid user
Pay very close attention to what userid you are using during the rest of these exercises. If you are not sure simply type "id" on the command line at any time.
From a root prompt ("#"), switch identity to become the 'rancid' user:
# su -s /bin/bash rancid
Check that you ARE the rancid user:
$ id
You should see something similar (numbers may be different):
uid=104(rancid) gid=109(rancid) groups=109(rancid)
6. Create /var/lib/rancid/.cloginrc
$ editor /var/lib/rancid/.cloginrc
Add the following two lines to the file:
add user *.ws.abc.lk cisco
add password *.ws.abc.lk abc+ws abc+ws
(The first 'cisco' is the username, the first and second 'abc+ws' are the password and enable password used to login to your router. The star in the name means that it will try to use this username and password for all routers whose names end .ws.abc.org)
(Note: it is also allowed to use IP addresses, and one could also write:
add user 10.10.* cisco
add password 10.10.* abc+ws abc+ws
add user rtr*.ws.abc.lk cisco
add password rtr*.ws.abc.lk abc+ws abc+ws
Exit and save the file.
7. Now protect this file so that it cannot be read by other users:
$ chmod 600 /var/lib/rancid/.cloginrc
8. Test login to the router of your group
Login to your router with clogin. You might have to type yes to the first warning, but should not need to enter a password, this should be automatic.
$ /var/lib/rancid/bin/clogin rtrX.ws.abc.lk
(replace X with your group number. So, group 1 is rtr1.ws.abc.lk)
You should get something like:
spawn ssh -c 3des -x -l cisco rtrX.ws.abc.lk
The authenticity of host 'rtrX.ws.abc.lk(10.10.X.254)' can't be established.
RSA key fingerprint is 73:f3:f0:e8:78:ab:49:1c:d9:5d:49:01:a4:e1:2a:83.
Are you sure you want to continue connecting (yes/no)?
Host rtrX.ws.abc.lk added to the list of known hosts.
yes
Warning: Permanently added 'rtrX.ws.abc.lk' (RSA) to the list of known hosts.
Password:
rtrX>enable
Password:
rtrX#
Exit the from the router login:
rtrX#exit
9. Initialize the SVN repository for rancid:
Make sure you are the rancid user before doing this:
$ id
If you do not see something like
uid=108(rancid) gid=113(rancid) groups=113(rancid)
then DO NOT CONTINUE until you have become the rancid user. See exercise 6 for details.
Now initialize the Version Control repository (it will use Subversion):
$ /usr/lib/rancid/bin/rancid-cvs
You should see something similar to this:
Committed revision 1.
Checked out revision 1.
At revision 1.
A configs
Adding configs
Committed revision 2.
A router.db
Adding router.db
Transmitting file data .
Committed revision 3.
10. Do this ONLY if you have problems
If this does not work, then either you are missing the subversion package, or something was not properly configured during the previous steps. You should verify that subversion is installed and then before running the rancid-cvs command again do the following:
$ exit # apt-get install subversion
# su -s /bin/bash rancid
$ cd /var/lib/rancid
$ rm -rf routers
$ rm -rf svn
Now try running the rancid-cvs command again:
$ /usr/lib/rancid/bin/rancid-cvs
11. Create the router.db file
$ editor /var/lib/rancid/routers/router.db
Add this line (NO spaces at the beginning please):
rtrX.ws.abc.lk:cisco:up(remember to replace X as appropriate)
Exit and save the file.
12. Let's run rancid!
$ /usr/lib/rancid/bin/rancid-run
This will take a few moments so be patient.
Run it again, since the first time it might not commit correctly:
$ /usr/lib/rancid/bin/rancid-run
13. Check the rancid log files:
$ cd /var/lib/rancid/logs
$ ls -l
View the contents of the file(s):
$ less routers.*
NOTE! Using "less" - to see the next file press ":n". To see the Previous file press ":p". To exit from less press "q".
14. Look at the configs
$ cd /var/lib/rancid/routers/configs
$ less rtrX.ws.abc.lk
Where you should replace "X" with your group number.If all went well, you can see the config of the router.
15. Let's make rancid run automatically every 30 minutes from using cron
cron is a system available in Linux to automate the running of jobs. First we need to become the root user again:
$ sudo -s
Now we will create a new job to run for the rancid user:
# crontab -e -u rancid
It will ask you for your favorite editor. Select whichever editor you have been using in class.
Add this line at the bottom of the file (COPY and PASTE):
*/30 * * * * /usr/lib/rancid/bin/rancid-run
then save and quit from the file.
That's it. The command "rancid-run" will execute automatically from now on every 30 minutes all the time (every day, week and month).
16. Now add all the other routers
Note the hostnames for the routers
rtrX.ws.abc.lk where X goes from 1 to 9
If you have less routers in your class, then only include the actual, available routers.
Become the rancid user and update the router.db file:
# su -s /bin/bash rancid
$ editor /var/lib/rancid/routers/router.db
Add the other classroom routers to the file. You should end up with something like (COPY and PASTE):
rtr1.ws.abc.lk:cisco:up
rtr2.ws.abc.lk:cisco:up
rtr3.ws.abc.lk:cisco:up
rtr4.ws.abc.lk:cisco:up
rtr5.ws.abc.lk:cisco:up
rtr6.ws.abc.lk:cisco:up
rtr7.ws.abc.lk:cisco:up
rtr8.ws.abc.lk:cisco:up
rtr9.ws.abc.lk:cisco:up
(Note that "cisco" means this is Cisco equipment -- it tells Rancid that we are expecting to talk to a Cisco device here. You can also talk to Juniper, HP, ...).
Be sure the entries are aligned to the left of the file.
17. Run rancid again:
$ /usr/lib/rancid/bin/rancid-run
This should take a minute or more now, be patient.
18. Check out the logs:
$ cd /var/lib/rancid/logs
$ ls -l
Pick the latest file and view it
$ less routers.YYYYMMDD.HHMMSS
This should be the last file listed in the output from "ls -l"
You should notice a bunch of statements indicating that routers have been added to the Subversion version control repository, and much more.
19. Look at the configs
$ cd /var/lib/rancid/routers/configs
$ more *.ws.abc.lk
Press the SPACE bar to continue through each file. Or, you could do:
$ less *.ws.abc.lk
And press the SPACE bar to scroll through each file and then press ":n" to view the next file. Remember, in both cases you can press "q" to quit at any time.
If all went well, you can see the configs of ALL routers
20. Run RANCID again just in case someone changed some configuration on the router
$ /usr/lib/rancid/bin/rancid-run
This could take a few moments, so be patient....
21. Add the RANCID SVN (Subversion) repository in to WebSVN
If you are still logged in as user rancid, get back to root. Remember you can type "id" to check what userid you are.
$ exit
Install WebSVN:
# apt-get install websvn
During the installation, follow the following instructions.
Select to the question if you want to configure WebSVN now and press ENTER
Select for the next question about supporting various web servers and press ENTER
When asked for the "svn parent repositories" change the path to be:
/var/lib/rancid/svn
Select and press ENTER. Do the same when asked about "svn repositories" on the next screen. That is, use the path:
/var/lib/rancid/svn
and not what is shown by default. Select and press ENTER.
Select for the next screen talking about permissions and press ENTER.
Note: if you are installing under Ubuntu 14.04, you may get an error about the conf.d directory not being present. If so, workaround the problem like this:
# ln -s /etc/websvn/apache.conf /etc/apache2/conf-available/websvn.conf
# a2enconf websvn.conf
# service apache2 reload
22. Fix permissions. The web server must be able to read the SVN (Subversion) folder
# chgrp -R www-data /var/lib/rancid/svn
# chmod g+w -R /var/lib/rancid/svn
23. Browse the rancid files from your Web browser!
http://pcX.ws.abc.lk/websvn
Browse the files under the 'routers/configs' directory. You can see all your router configuration files here.
24. Review revisions
WebSVN lets you see easily the changes between versions.
Browse to http://pcX.ws.abc.lk/websvn again, go to routers/ then configs/Click on your router file (rtrX.ws.abc.lk) name. You will get a new screenClick "Compare with Previous" at the top of the screen.You should now see the latest changes highlighted.
