How to Install and Configure RANCID v2.3.8 on CentOS 6.x with CVSWeb

RANCID (Really Awesome New Cisco confIg Differ) is a software created by Shubbery Networks Inc. that monitors network device configs for changes and saves all information in a CVS or Subversion system for backups.
RANCID can be found at
http://www.shrubbery.net/rancid/
The reason why we use v2.3.8 is because some device types are not compatible with rancid v3.0+.

From the Rancid 3.0 Release Notes

Not all of the device types have been converted to libraries yet, just
the prominent ones or those prominent to us: Cisco, Juniper, Compass,
Arbor, MRV.  We also still have suggestions from users about this new
process to consider and/or implement.

Install Pre-requisites

• Download  specific version of RANCID from shrubbery.net – ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz
• expect >= 5.40, gcc, make, cvs, wget

1. Install and Configure

• Download rancid-2.3.8.tar.gz to your home folder wget ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.8.tar.gz ~
• Extract rancid-2.3.8.tar.gz with tar xvf ~/rancid-2.3.8.tar.gz 
• A folder called rancid-2.3.8 will be created in your home folder containing rancid
• We will be installing rancid in the /opt folder
• Go into rancid-2.3.8 folder
• Preconfigure rancid with ./configure –prefix=/opt/rancid/
• Compile rancid with make install
• Copy sample cloginrc to rancid cp cloginrc.sample /opt/rancid/.cloginrc
• Modify permissions on .cloginrc chmod 0640 /opt/rancid/.cloginrc
• Change ownership chown -R rancid:netadm /opt/rancid/
• Modify rancid folder permissions chmod 770 /opt/rancid/

2. Add rancid user and netadm group

• Create group netadm with groupadd netadm
• Create user with useradd -g netadm -c “Networking Backups” -d /opt/rancid rancid

3. Configure rancid group and email

• edit /opt/rancid/etc/rancid.conf, uncomment and edit the following
  • LIST_OF_GROUPS=”networking“
• edit /etc/aliases and add/edit the following
  • rancid-admin-networking: rancid-networking
    rancid-networking: noc
    noc: your@email.com
• Run newaliases to commit the modified aliases file

4. Turn on CVS Versioning

• Switch over to the rancid user for this step with su – rancid 
• Execute /opt/rancid/bin/rancid-cvs to initiate cvs repository

[rancid@rancid-server ~]$ /opt/rancid/bin/rancid-cvs
No conflicts created by this import
cvs checkout: Updating networking
Directory /opt/rancid/var/CVS/networking/configs added to the repository
cvs commit: Examining configs
cvs add: scheduling file `router.db’ for addition
cvs add: use ‘cvs commit’ to add this file permanently
RCS file: /opt/rancid/var/CVS/networking/router.db,v
done
Checking in router.db;
/opt/rancid/var/CVS/networking/router.db,v <– router.db
initial revision: 1.1
done

5. Create Crontab job to poll devices hourly and prune logs daily

• Run crontab -e under rancid user
• Add the following to the crontab

0 3 * * * /opt/rancid/bin/rancid-run # daily rancid run
0 1 * * * find /opt/rancid/var/logs -type f -mtime +30 -exec rm {} \; # Prune logs > 30 days at 1am daily

 6. Add a network device to Rancid

• Modify vi /opt/rancid/var/networking and enter in network device and type

#host:type:status
# make sure you use : instead of ;
192.168.0.100:arista:up
192.168.0.101:force10:up

Device types can be found at http://www.shrubbery.net/rancid/man/router.db.5.html

• Modify /opt/rancid/.cloginrc and add the following for the device entry above

#Make method SSH only for 192.168.0.100 device
#Remove or comment out ALL other entries in default .cloginrc or it may fail
add method 192.168.0.100 ssh
add user 192.168.0.100 USERNAME
add password 192.168.0.100 PASSWORD ENABLEPASSWORD

•  Test login by running /opt/rancid/bin/clogin 192.168.0.100

7. Install CVSWeb and Dependencies

• Do all commands under root
• Install CVSWeb and Dependencies by running yum install perl-IPC-Run perl-URI rcs httpd -y
• Download cvsweb by running wget http://people.freebsd.org/~scop/cvsweb/cvsweb-3.0.6.tar.gz ~
• Extract cvsweb by running tar xvf ~/cvsweb-3.0.6.tar.gz
• Make cvsweb folder and css folder mkdir -p /usr/local/etc/cvsweb /var/www/html/css/
• Copy cvsweb files to needed locations and set permissions

cp -a ~/cvsweb-3.0.6/cvsweb.conf /usr/local/etc/cvsweb/
cp -a ~/cvsweb-3.0.6/cvsweb.cgi /var/www/cgi-bin/
cp -a ~/cvsweb-3.0.6/css/cvsweb.css /var/www/html/css/cvsweb.css
chmod 755 /var/www/cgi-bin/cvsweb.cgi

• Modify cvsweb.conf in /usr/local/etc/cvsweb

[…] @CVSrepositories =
( ‘local’ => [‘Local Repository’, ‘/opt/rancid/var/CVS’], );
[…]

• Restart apache service httpd restart
• Add apache user to netadm group useradd -G netadm rancid
• Add rancid user to netadm group useradd -G netadm rancid

Make sure you open up port 80 on iptables if iptables is on
Visit your webpage by going to: http://your-server-ip/cgi-bin/cvsweb.cgi/

(http://www.richardyau.com/?p=11)