Instalasi Rancid Cisco config Differ

| Posted in Linux Server, Monitoring, Nigeria, Rancid

Sebuah perusahaan memiliki ratusan cisco devices (switch,router) dan memiliki beberapa networks engineer yang bertugas mengadminister semua devices tersebut. Untuk memantau setiap perubahan yang terjadi di antara ratusan cisco tersebut dibutuhkan software. Untuk ini saya mengajukan Rancid sebagai software tools untuk melakukan update setiap perubahan konfigurasi  yang terjadi di ratusan cisco tersebut disamping itu Rancid juga dapat dijadikan backup konfigurasi pada ratusan Cisco di perusahaan ini. Rancid dapat menggantikan fungsi  CiscoWorks yang berbayar.  Fitur reportnya bisa melalui email dan web based. Rancid menggunakan CVS (Concurrent Version System) atau  Subversion untuk memaintain setiap history perubahan pada cisco. Rancid juga dapat digunakan pada produk switch lain seperti Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (IRRd), Alteon switches, HP Procurve switches dan sebagainya.

Berikut cara installasi, setup, dan konfigurasi Rancid 2.3.6 pada mesin sistem operasi Linux distribusi Debian Lenny.

Sistem operasi Linux distribusi Debian Lenny sudah terinstall.
INSTALASI RANCID

rancid:/home/gtoms# apt-get install rancid-core rancid-util cvs cvsweb
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
expect libconvert-binhex-perl libio-pty-perl libio-stringy-perl libipc-run-perl libmime-tools-perl rancid rcs tcl8.5
Suggested packages:
cvsgraph enscript libmime-types-perl expectk diffstat tclreadline
The following NEW packages will be installed:
cvs cvsweb expect libconvert-binhex-perl libio-pty-perl libio-stringy-perl libipc-run-perl libmime-tools-perl rancid rancid-core rancid-util rcs tcl8.5
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,834 kB of archives.
After this operation, 12.8 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ftp.us.debian.org/debian/ squeeze/main cvs amd64 1:1.12.13-12 [1,721 kB]
Get:2 http://ftp.us.debian.org/debian/ squeeze/main rcs amd64 5.7-25 [378 kB]
Get:3 http://ftp.us.debian.org/debian/ squeeze/main libio-pty-perl amd64 1:1.08-1 [42.5 kB]
Get:4 http://ftp.us.debian.org/debian/ squeeze/main libipc-run-perl all 0.89-1 [109 kB]
Get:5 http://ftp.us.debian.org/debian/ squeeze/main libconvert-binhex-perl all 1.119+pristine-3 [30.3 kB]
Get:6 http://ftp.us.debian.org/debian/ squeeze/main libio-stringy-perl all 2.110-4 [99.7 kB]
Get:7 http://ftp.us.debian.org/debian/ squeeze/main libmime-tools-perl all 5.428-1 [238 kB]
Get:8 http://ftp.us.debian.org/debian/ squeeze/main cvsweb all 3:3.0.6-5 [67.2 kB]
Get:9 http://ftp.us.debian.org/debian/ squeeze/main tcl8.5 amd64 8.5.8-2 [1,599 kB]
Get:10 http://ftp.us.debian.org/debian/ squeeze/main expect amd64 5.44.1.15-4 [250 kB]
Get:11 http://ftp.us.debian.org/debian/ squeeze/main rancid amd64 2.3.3-1 [258 kB]
Get:12 http://ftp.us.debian.org/debian/ squeeze/main rancid-core all 2.3.3-1 [20.7 kB]
Get:13 http://ftp.us.debian.org/debian/ squeeze/main rancid-util all 2.3.3-1 [20.7 kB]
Fetched 4,834 kB in 10s (462 kB/s)
Preconfiguring packages …
Selecting previously deselected package cvs.
(Reading database … 34070 files and directories currently installed.)
Unpacking cvs (from …/cvs_1%3a1.12.13-12_amd64.deb) ...
Selecting previously deselected package rcs.
Unpacking rcs (from …/archives/rcs_5.7-25_amd64.deb) ...
Selecting previously deselected package libio-pty-perl.
Unpacking libio-pty-perl (from …/libio-pty-perl_1%3a1.08-1_amd64.deb) ...
Selecting previously deselected package libipc-run-perl.
Unpacking libipc-run-perl (from …/libipc-run-perl_0.89-1_all.deb) ...
Selecting previously deselected package libconvert-binhex-perl.
Unpacking libconvert-binhex-perl (from …/libconvert-binhex-perl_1.119+pristine-3_all.deb) ...
Selecting previously deselected package libio-stringy-perl.
Unpacking libio-stringy-perl (from …/libio-stringy-perl_2.110-4_all.deb) ...
Selecting previously deselected package libmime-tools-perl.
Unpacking libmime-tools-perl (from …/libmime-tools-perl_5.428-1_all.deb) ...
Selecting previously deselected package cvsweb.
Unpacking cvsweb (from …/cvsweb_3%3a3.0.6-5_all.deb) ...
Selecting previously deselected package tcl8.5.
Unpacking tcl8.5 (from …/tcl8.5_8.5.8-2_amd64.deb) ...
Selecting previously deselected package expect.
Unpacking expect (from …/expect_5.44.1.15-4_amd64.deb) ...
Selecting previously deselected package rancid.
Unpacking rancid (from …/rancid_2.3.3-1_amd64.deb) ...
Selecting previously deselected package rancid-core.
Unpacking rancid-core (from …/rancid-core_2.3.3-1_all.deb) ...
Selecting previously deselected package rancid-util.
Unpacking rancid-util (from …/rancid-util_2.3.3-1_all.deb) ...
Processing triggers for install-info …
Processing triggers for man-db …
Setting up cvs (1:1.12.13-12) ...
Ignoring install-info called from maintainer script
The package cvs should be rebuilt with new debhelper to get trigger support
Ignoring install-info called from maintainer script
The package cvs should be rebuilt with new debhelper to get trigger support
Setting up rcs (5.7-25) ...
Setting up libio-pty-perl (1:1.08-1) ...
Setting up libipc-run-perl (0.89-1) ...
Setting up libconvert-binhex-perl (1.119+pristine-3) ...
Setting up libio-stringy-perl (2.110-4) ...
Setting up libmime-tools-perl (5.428-1) ...
Setting up cvsweb (3:3.0.6-5) ...
Setting up tcl8.5 (8.5.8-2) ...
update-alternatives: using /usr/bin/tclsh8.5 to provide /usr/bin/tclsh (tclsh) in auto mode.
Setting up expect (5.44.1.15-4) ...
Setting up rancid (2.3.3-1) ...
adduser: Warning: The home directory `/var/lib/rancid’ does not belong to the user you are currently creating.
Setting up rancid-core (2.3.3-1) ...
Setting up rancid-util (2.3.3-1) ...
rancid:/home/gtoms#
Definisikan semua hostname dan IP Addres Cisco pada /etc/hosts seperti contoh dibawah ini :

202.100.1.2   1.Africa01-COR01-C6509

41.41.41.41    2.Africa01-COR01-C6509

196.1.2.3    3.US01-UST01-C3550
———-dan seterusnya——————
KONFIGURASI RANCID

rancid:/home/gtoms# nano /var/lib/rancid/bin/rancid
{‘show running-config’                  => ‘WriteTerm’},
change to :
{‘show config’                  => ‘WriteTerm’},

rancid:/home/gtoms# nano /etc/rancid/rancid.conf

TERM=network;export TERM
umask 027
TMPDIR=/tmp; export TMPDIR

BASEDIR=/var/lib/rancid; export BASEDIR
PATH=/usr/lib/rancid/bin:/usr/bin:/usr/sbin:/bin:/usr/local/bin:/usr/bin; export PATH
CVSROOT=$BASEDIR/CVS; export CVSROOT

LOGDIR=$BASEDIR/logs; export LOGDIR
RCSSYS=cvs; export RCSSYS

LIST_OF_GROUPS=”africacisco”

rancid:/home/gtoms# cd /etc/rancid

rancid:/etc/rancid# su -s /bin/bash rancid

Untuk bisa login dan mendapatkan konfigurasi pada Cisco ya ng aktif dibutuhkan user login ke Cisco, User dan password dicreate di semua Cisco, jika Cisconya berjumlah ratusan bisa  pakai Radius untuk memudahkan pembuatan user, jadi tidak dicreate satu persatu pada semua Cisco.  Pada implementasi ini Radiusnya menggunakan Radiator.

rancid@rancid:/etc/rancid$ nano /var/lib/rancid/.cloginrc

add autoenable * 1
add method * telnet
add user * rancid
add password * blablabla

rancid@rancid:/etc/rancid$ chmod 640 /var/lib/rancid/.cloginrc

rancid@rancid:/etc/rancid$ /usr/lib/rancid/bin/rancid-cvs

No conflicts created by this import

cvs checkout: Updating africacisco
Directory /var/lib/rancid/CVS/netcomcisco/configs added to the repository
cvs commit: Examining configs
cvs add: scheduling file `router.db’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africacisco/router.db,v  <—  router.db
initial revision: 1.1
rancid@rancid:/etc/rancid$

rancid@rancid:/etc/rancid$ nano /var/lib/rancid/netcomcisco/router.db

1.Africa01-COR01-C6509:cisco:up
2.Africa01-EDG01-C3550:cisco:up
3.Africa01-DMZ01-C3500:cisco:up
4.Africa01-ACS01-C3550:cisco:up
5.Africa03-ACS01-3750ME:cisco:up
6.Africa01-ACS01-C3550:cisco:up
7.Africa01-ACS01-C3550:cisco:up
8.Africa01-ACS01-C3550:cisco:up
9.Africa01-ACS01-C3550:cisco:up
10.AfricaL01-ACS01-C3560:cisco:up
11.Africa01-ACS02-C3550:cisco:up
12.Africa02-ACS01-C3750ME:cisco:up
13.Africa01-ACS02-C3550:cisco:up
14.Africa01-ACS02-C3550:cisco:up
15.Africa03-ACS02-C3550:cisco:up
16.Africa03-ACS03-C3550:cisco:up
17.Africa_CR_L2W2950:cisco:up
18.Africa01-ENG01-C3524:cisco:up
19.Africa7A-ENG02-C3524:cisco:up
20.Africa7B-ENG03-C3524:cisco:up
21.Africa02-ACS01-C3550:cisco:up
22.Africa01-ACS02-C3550:cisco:up
23.Africa01-EDG02-C3750G:cisco:up
24.US01-TUN01-C3550:cisco:up
25.US01-TUN02-C3550:cisco:up
26.AfricaDC01-C3640:cisco:up
27.US01-UST02-C3550:cisco:up
28.LAG7140_P:cisco:up
29.US01-EDG01-C7204:cisco:up
30.US01-COR01-C6509:cisco:up
31.US01-UST01-C3550:cisco:up
32.AfricaLAG2511:cisco:up
33.UK01-SVR01-ConS:cisco:up
34.UK01-COR01-C7613:cisco:up
35.Africa01-COR01-C7613:cisco:up
36.UK01-EDG01-C3750:cisco:up
37.UK01-COR01-C7206:cisco:up
38.Africa01-ACS01-C7301:cisco:up
39.Africa01-ACS01-C3750ME:cisco:up
40.Africa01-ACR01-C7206VXR:cisco:up
——-dan seterusnya——————
rancid@rancid:/etc/rancid$ /usr/bin/rancid-run
———sample ps axf—————————
1426 ?        Ss     0:00  _ sshd: gtoms [priv]
1429 ?        S      0:00  |   _ sshd: gtoms@pts/0
1430 pts/0    Ss     0:00  |       _ -bash
1445 pts/0    S      0:00  |           _ sudo su
1446 pts/0    S      0:00  |               _ su
1447 pts/0    S      0:00  |                   _ bash
1931 pts/0    S      0:00  |                       _ su -s /bin/bash rancid
1932 pts/0    S      0:00  |                           _ bash
1933 pts/0    S+     0:00  |                               _ /bin/sh /usr/lib/rancid/bin/rancid-run
1935 pts/0    S+     0:00  |                                   _ /bin/sh /usr/lib/rancid/bin/rancid-run
1938 pts/0    S+     0:00  |                                       /bin/sh /usr/lib/rancid/bin/controlrancid africacisco
3781 pts/0    S+     0:00  |                                           /usr/bin/perl /usr/lib/rancid/bin/rancidpar q -n 5 -c rancidfe {} /var/lib/rancid/africacisco/routers.up.missed
3968 pts/0    S+     0:00  |                                               _ sh c (rancidfe 32.africa2511:cisco)
3969 pts/0    S+     0:00  |                                                   _ /usr/bin/perl /usr/lib/rancid/bin/rancid 32.africa2511
3970 pts/0    S+     0:00  |                                                       _ sh -c clogin -t 90 -c “admin show version;show version;show redundancy secondary;show idprom backplane;show install acti
3971 pts/0    Sl+    0:00  |                                                           _ /usr/bin/expect—/usr/lib/rancid/bin/clogin -t 90 -c admin show version;show version;show redundancy secondary;sho
3973 pts/2    Ss+    0:00  |                                                               _ telnet 32.africa2511

rancid:/etc/rancid# cd /var/log/rancid/

rancid:/var/log/rancid# ls -al
total 56
drwxr-xr-x  2 rancid rancid  4096 Jul  3 17:21 .
drwxr-xr-x 13 root   root    4096 Jul  3 16:56 ..
rwr——-  1 rancid rancid 45215 Jul  3 17:31 africacisco.20110703.172129

rancid@rancid:/etc/rancid$ /usr/lib/rancid/bin/rancid-run

You have new mail in /var/mail/rancid

rancid@rancid:/etc/rancid$ exit

LOG :

rancid:/var/log/rancid# cat africacisco.20110703.172129
starting: Sun Jul 3 17:21:29 WAT 2011

cvs add: scheduling file `10.africa01-acs01-c3560’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africacisco/configs/10.africa01-acs01-c3560,v  <—  10.africa01-acs01-c3560
initial revision: 1.1
Added 10.africa01-acs01-c3560
cvs add: scheduling file `11.africa01-acs02-c3550’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africacisco/configs/11.africa01-acs02-c3550,v  <—  11.africa01-acs02-c3550
initial revision: 1.1
Added 11.africa01-acs02-c3550
cvs add: scheduling file `12.africa02-acs01-c3750me’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africamcisco/configs/12.africa02-acs01-c3750me,v  <—  12.africa02-acs01-c3750me
initial revision: 1.1
Added 12.africa02-acs01-c3750me
cvs add: scheduling file `13.africa01-acs02-c3550’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africacisco/configs/13.africa01-acs02-c3550,v  <—  13.africa01-acs02-c3550
initial revision: 1.1
Added 13.africa01-acs02-c3550
cvs add: scheduling file `14.africa01-acs02-c3550’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africacisco/configs/14.africa01-acs02-c3550,v  <—  14.africa01-acs02-c3550
initial revision: 1.1
Added 14.africa01-acs02-c3550
cvs add: scheduling file `15.africa03-acs02-c3550’ for addition
cvs add: use `cvs commit’ to add this file permanently
/var/lib/rancid/CVS/africacisco/configs/15.lafrica03-acs02-c3550,v  <—  15.africa03-acs02-c3550
initial revision: 1.1
Added 15.africa03-acs02-c3550

rancid:/var/log/rancid# cat /var/log/rancid/africacisco.20110803.100001
starting: Wed Aug 3 10:00:01 WAT 2011

Trying to get all of the configs.
All routers sucessfully completed.

cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs

ending: Wed Aug 3 10:01:51 WAT 2011

rancid:/var/log/rancid#

 

KONFIGURASI REPORTING via WEB & EMAIL
rancid:/etc/rancid# nano /etc/cvsweb/cvsweb.conf
@CVSrepositories = (
‘local’   => [‘Local Repository’, ‘/var/cvs’],
‘africacisco’ => [‘africacisco backup’,  ‘/var/lib/rancid/CVS’],

#       ‘openbsd’ => [‘OpenBSD’,          ‘/var/ncvs’],

#       ‘netbsd’  => [‘NetBSD’,           ‘/var/ncvs’],

#       ‘ruby’    => [‘Ruby’,             ‘/var/anoncvs/ruby’],
);

rancid:/etc/rancid# ln -s /usr/share/cvsweb /var/www/cvsweb

Testing browse  : http://ipatauhostname/cgi-bin/cvsweb/africacisco/configs/?cvsroot=africacisco

Jangan lupa Setup htpasswd untuk user authentication.
Konfigurasi email reporting, bisa diatur setiap berapa jam mengupdate.

 

rancid:/etc/rancid# sudo crontab -u rancid -e

0 */2 * * * /usr/bin/rancid-run

rancid:/etc/rancid# nano /etc/aliases

rancid-africacisco: net-admin@africang.com
rancid:/etc/rancid# newaliases

rancid:/etc/rancid# apt-get install postfix
rancid:/etc/rancid# nano /etc/postfix/main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

readme_directory = no

myhostname = rancid.africang.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = rancid.africang.com, localhost.africang.com, localhost
relayhost = mail.corps.africang.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

rancid:/etc/rancid# /etc/init.d/postfix restart

sample capture reporting via email :

Selesai.

Contact : henry@gultom.or.id

Comments (1)

bang untuk daftar router yang di file nano /var/lib/rancid/netcomcisco/router.db itu sudah otomatis ada yaa . .kok sya coba ndak ada keluar bang . . saya simulasikan routernya menggunakan GNS3 . . .mohon pencerahannya bang thanks :)

Write a comment