//home | tags | archives | about | grosu.nl | eulinux.org | RSS Feed

Running network device backups with RANCID on FreeBSD

floyd - Tue 11 September 2007 - network, hardware, rancid

A useful utility for backing-up network devices configuration i have recently stumbled upon is RANCID, (Really Awesome New Cisco confIg Differ) which allows for backup automation. It also allows for keeping a history of changes done to devices' configuration, using either CVS or SVN, also all changes can be automatically submitted to a mailing list.

Here's how I have installed/configured on a FreeBSD box: 

[root@box]# portinstall rancid
[root@box]# nano /usr/local/etc/rancid/rancid.conf

Example config:

TERM=network;export TERM
umask 027
TMPDIR=/tmp; export TMPDIR
BASEDIR=/backup/network; export BASEDIR
PATH=/usr/local/libexec/rancid/:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin; export PATH
CVSROOT=$BASEDIR/CVS; export CVSROOT
LOGDIR=$BASEDIR/logs; export LOGDIR
OLDTIME=4; export OLDTIME
LIST_OF_GROUPS="mydevices"

[root@box]# mkdir -p /backups/network
[root@box]# chown rancid:rancid /backups/network
[root@box]# su - rancid
[rancid@box]$ /usr/local/bin/rancid-cvs
[rancid@box]$ nano /backup/network/mydevices/router.db
#router:type:state:comment
switch01.mydomain.com:cisco:up
switch02.mydomain.com:cisco:up
switch03.mydomain.com:cisco:up
switch04.mydomain.com:hp:down:out of service
--------------
[rancid@box]$ nano /home/rancid/.cloginrc
add method * telnet ssh
add noenable switch05.mydomain.com
add password switch01.mydomain.com kFO3i2bJ60 w3oybRioS2
add password switch02.mydomain.com kFO3i2bJ60 w3oybRioS2
add password switch03.mydomain.com kFO3i2bJ60 w3oybRioS2
add password switch04.mydomain.com kFO3i2bJ60 w3oybRioS2
add password switch05.mydomain.com kFO3i2bJ60 w3oybRioS2
add user *.mydomain.com alien
add user switch05.mydomain.com admin

[root@box]#  chmod 600 /home/rancid/.cloginrc

How to check before scheduling & running backups: 

[rancid@box]$ /usr/local/libexec/rancid/clogin switch01.mydomain.com
switch01.mydomain.com
spawn telnet switch01.mydomain.com
Trying 192.168.10.53...
Connected to switch01.mydomain.com.
Escape character is '^]'.

User Access Verification

Username: Kerberos:     No default realm defined for Kerberos!
alien
Password:

switch01>enable
Password:
switch01#

This is it, rancid has logged in to switch01.mydomain.com and left you at the switch's console.

To start backups manually run: 

[rancid@box]\$ /usr/local/bin/rancid-run

Also, add this to rancid's cron: 

[rancid@box]$ crontab -e
#run backups
1 */3 * * * /usr/local/bin/rancid-run
#clean up old logs
50 23 * * * /usr/bin/find /backup/network/mydevices/logs -type f -mtime +14 -exec rm {} \;

You can find your network devices' backups in /backup/network/mydevices/configs

powered by python, made with vim on OpenBSD