Академический Документы
Профессиональный Документы
Культура Документы
A couple of years ago, my employer, a large state university, was looking for an open
source replacement for CiscoWorks to assist us in backing up our network
configurations. We found RANCID (Really Awesome New Cisco config Differ), tried
it, and have used it ever since.
RANCID, which its developers say is released under a BSD-like license, will check
your network device configurations and back them up if changes have been made. It
keeps a history of changes using either Concurrent Version System (CVS)
or Subversion. RANCID is written in Perl and Expect. It supports Cisco routers,
switches, and firewalls, Juniper routers, Foundry switches, Redback network-attached
storage, Alteon and Hewlett-Packard ProCurve switches, and other devices. RANCID
is a useful tool not only for backing up device configs, but also for troubleshooting
network problems, because it lets you determine what changes were made since the
last revision.
Before installing, you should scan the README file that is included with the
package. It contains a quick installation guide that will help in configuring RANCID.
After installing, add an unprivileged user that RANCID can run its scripts as --
"rancid," for instance. You also need to give that user privileges to run scripts in the
directory that RANCID was installed in, with a command like chown -R
rancid.rancid /usr/local/rancid.
Next, you need to modify the LIST_OF_GROUPS variable in the rancid.conf file,
which defines the groups that you will classify your devices into. For example, your
LIST_OF_GROUPS variable might be defined as LIST_OF_GROUPS="core
border resnet engineering wireless firewalls library".
Doing this makes things easier when you're adding devices, as you can place a device
in a group that corresponds to its function or location.
The next step is to put a copy of the .cloginrc file in the home directory of the user
that RANCID will run as. This file tells RANCID how to log in to the devices that are
to be backed up. The syntax is pretty straightforward and there are examples in the
cloginrc.sample file in the /usr/local/rancid/share/rancid/ directory.
After setting up your .cloginrc file, make sure that you change the permissions on the
file so that is not readable or writable by other users, with a command like chmod
600 .cloginrc.
If you would like to be emailed a report about the configuration differences when a
change has been made to a device config, or notification of error messages, modify
your /etc/aliases file. RANCID will send reports to rancid-group@domain_name and
errors to rancid-admin-group@domain_name, where group is the group you defined
in the rancid.conf file.
A useful package to run alongside RANCID is CVSweb. CVSweb is a CGI script that
allows you to view your CVS repository using a Web browser. Our switch technicians
use CVSweb to copy and paste device configs directly from a browser into a text
editor, so they don't have to worry about knowing any CVS commands. You can also
browse each file's revisions and even see and highlight the differences between each
revision.