install rancid on ubuntu with Cisco ACS 4.x;
#1 Add user:
adduser rancid --home /home/rancid
Manual Install Platform Independent:
1. cd /home/rancid/
2. mkdir temp1, cd temp1
3. download Rancid:
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a9.tar.gz
4. Extract Tar:
tar -zxvf rancid-2.3.2a9.tar.gz
5. Make install
cd rancid-2.3.2a9 | it should be in /home/rancid/temp1/rancid-2.3.2a9
./configure --prefix=/home/rancid
checkinstall or make or make install depends on your platform.
Edit Rancid Config:
nano or vi /home/rancid/etc/rancid.conf
add new line or change the following line and remember it :-)
LIST_OF_GROUPS="MyNetwork"
Add .cloginrc
if the .cloginrc doesn't exist
nano /home/rancid/.cloginrc, save it and close it
Directory Permissions:
chmod 600 .cloginrc
chown -R rancid:rancid .cloginrc
chown -R rancid:rancid /home/rancid
ssh into your server using RANCID account!!!
su -l rancid this command is good only for Ubuntu, give root right to rancid...
Run the Rancid
/home/rancid/bin/rancid-run
Create CVS:
/home/rancid/bin/rancid-cvs
cvs checkout: Updating MyNetwork
Directory /home/rancid/CVS/MyNetwork/configs added to the repository
cvs commit: Examining configs
cvs add: scheduling file `router.db' for addition
cvs add: use `cvs commit' to add this file permanently
/home/rancid/CVS/MyNetwork/router.db,v <-- router.db
initial revision: 1.1
Edit cvsweb.conf
/etc/cvsweb/cvsweb.conf
find the following lines edit or add new, but don't forget to comment it out!!!
@CVSrepositories = (
'local' => ['Local Repository', '/var/lib/cvs'],
'MyNetwork' => ['My Network', '/home/rancid/CVS'],
);
Add user/password to .cloginrc
nano /home/rancid/.cloginrc
example:
############## Regular user perdive base ###############
add user yourdevicename username
add userpassword yourdevicename userpassword
add password yourdevicename userpassword enablepassword
add method yourdevicename {ssh}
############## ACS - Single Signon ###############
add user * {userid}
add password * {rancidpassword} {enablepassword}
add method * {ssh}
Add Router/Switch to DB.
nano /home/rancid/MyNetwork/router.db
Example:
yourdevicename:cisco:up
if your server doesn't query your devices from DNS, add the devices to /etc/hosts file also!
============== to TEST ==============
cd /home/rancid/bin/
./clogin -c 'show clock' yourdevicename
/home/rancid/bin/rancid-run -r yourdevicename
View Logs:
/home/rancid/logs
=====================================================
Run it under root...
Email Configuration:
apt-get install postfix
Modify the as need it...
/etc/postfix/main.cf
removed;
youremail@yourdomain.com, localhost.localdomain, localhost
newaliases
/etc/init.d/postfix restart
=====================================================
Auto Install under Ubuntu 8.x:
sudo apt-get install rancid-core rancid-util build-essential expect
adduser rancid –rancid /var/lib/rancid
su rancid
must run following command under rancid account
su -l rancid
/var/lib/rancid/bin/rancid-cvs
cd /var/lib/rancid
rancid-run
=====================================================
Cisco ACS Configuration;
Login your ACS server and create local account! *** Must be a local account;
Add the device to your ACS server and device yoursharedkey
=====================================================
Switch configuration;
Login the switch and configure it;
Click here to view switch configuration
Cisco tacacs+
* note: yoursharedkey must match to the one you created in ACS
tacacs-server host server1 ip address
tacacs-server host server2 ip address
tacacs-server key yoursharedkey
tacacs-server directed-request
for Radius:
radius-server host yourtacacsserver-primary auth-port 1645 acct-port 1646 key yoursharedkey
radius-server host yourtacacsserver-standby auth-port 1645 acct-port 1646 key yoursharedkey
radius-server source-ports 1645-1646
=====================================================
Directory Permission:
chmod 600 /var/lib/rancid/.cloginrc
chown -R rancid:rancid /var/lib/rancid
chown -R rancid:rancid /etc/cvsweb
=====================================================
Configuration;
1. Add to Hosts directory;
if your rancid device able to resolve devices in your domain, no need to add the following line
example of hosts file:
nano /etc/hosts
######### Ubuntu /etc/hosts ##########
127.0.0.1 localhost
127.0.1.1 u8-rancid
x.x.x.x u8-rancid.yourdomain.com u8-rancid
x.x.x.x u8-rancid.yourdomain.com
or
example; 172.16.30.20 yourswitch-routername.com
2. nano /home/rancid/.cloginrc
example follows;
Option 1:
add user * {your-tacacs+ account name}
add password * {tacacs+ account password} {your enable password}
add method * {ssh}
Option 2:
add user test-device1 username
add userpassword test-device1 userpassword
add password test-device1 userpassword enablepassword
add method test-device1 {ssh}
Option 3:
add autoenable *.mydomain.com 1
add user *.mydomain.com testacc
add password *.mydomain.com password
add method *.mydomain.com {ssh} {telnet}
3. Edit to Router.db
nano /var/lib/rancid/yourdevices/router.db | when you run
example; yourswitch-routername.com:cisco:up
4. Run it;
./bin/rancid-run -r yourswitch-routername.com
5. Test;
/var/lib/rancid/bin/clogin -c'show clock' yourswitch-routername.com
Test ssh from this device to switch;
root@804:~# ssh -l testacc test-c3560-48-sw.mydomain.com
testacc@test-c3560-48-sw.mydomain.com's password:
test-c3560-48-sw.mydomain.com#show clock
22:07:13.168 PST Tue Dec 30 2008
test-c3560-48-sw.mydomain.com#
=====================================
CVSWEBs;
/etc/cvsweb
/usr/share/cvsweb
/usr/lib/cgi-bin/cvsweb
/usr/share/doc/cvsweb
/etc/cvsweb/cvsweb.conf
Basedir=/usr/local/rancid; expert basedir
path=/usr/local/rancid/bin:/usr/local/bin:/usr/lib/usr/bin:/usr/bin
CVSROOT=$basedir/CVS
=====================================
make sure add cron job under rancid account!
crontab -e
# run config differ hourly
1 * * * * /usr/lib/rancid/rancid-run
crontab -l | to view cron jobs
