partner-pub-0304

FORID:10

ISO-8859-1

Forums | Corrections | About | (c) Peter Harrison

Search

Quick HOWTO : Ch1 : Network Backups With Rancid

From Linux Home Networking Jump to: navigation, search

Share
r Linux Home Networking Topics Intro ducti on to Netw orkin g Linu x Netw orkin g Simp le Netw ork Trou blesh ootin g Trou blesh ootin g Linu x with Syslo g Instal ling Linu x Soft ware The Linu x Boot Proce

Contents
[hide]

1 Introduction 2 Rancid Installation 3 Initial Rancid Configuration 4 Rancid File Locations o 4.1 Table 1-1 : Rancid File Locations o 4.2 The Rancid router.db file 4.2.1 Table 1-2 : Various device types for Rancid o 4.3 The Rancid .clogin.rc file 5 Testing Rancid o 5.1 Testing A Login for a Single Device o 5.2 Testing For All Devices o 5.3 Troubleshooting Using the Rancid Log Files 5.3.1 Successful Execution 5.3.2 Possible Reasons for Failure 6 Getting Rancid Help 7 Conclusion

Introduction
One of the most commonly overlooked aspects of network management is the failure to backup network device configurations. Sadly it is only viewed as being a priority after disaster strikes. Fortunately there is a Linux / Unix open source package called Rancid that can get the job done automatically for most devices that have command prompt method for configuration.

The product can be downloaded from the rancid website and has the added advantage of automatically archiving the older configuration versions in a Concurrent Versions System (CVS). This tutorial will show you how to quickly install and configure it for your network backup needs.

Rancid Installation
Under Fedora Linux, installation is relatively easy, but there are a large number of simple steps to follow. Let's begin: 1. Rancid uses the expect programming language to operate which you will have to install in advance. Use the rpm command with the -q qualifier to determine whether you have expect installed. In this case, it isn't so the yum command is used to do so.
[root@bigboy tmp]# rpm -q expect package expect is not installed [root@bigboy rancid-2.3.2a2]# yum -y install expect Repository updates-released already added, not adding again Repository base already added, not adding again Setting up Install Process ... ... ... [root@bigboy rancid-2.3.2a2]#

2) Create a Linux group named netadm which will eventually have access to the Rancid directory.
[root@bigboy tmp]# groupadd netadm

3) Create a user named rancid that will be used to run the network device backups every night. Here we make rancid a member of the netadm group and make /usr/local/rancid its home directory.
[root@bigboy tmp]# useradd -g netadm -c "Networking Backups" -d /usr/local/rancid rancid

4) Create a directory called /usr/local/rancid/tar and use the wget command to get the latest version of the Rancid tar file from its web site.
[root@bigboy tmp]# mkdir /usr/local/rancid/tar [root@bigboy tmp]# cd /usr/local/rancid/tar [root@bigboy tar]# wget ftp://ftp.shrubbery.net/pub/rancid/rancid2.3.2a2.tar.gz --01:14:26-ftp://ftp.shrubbery.net/pub/rancid/rancid2.3.2a2.tar.gz => `rancid-2.3.2a2.tar.gz' ...

ss Confi gurin g the DHC P Serve r Linu x Users and sudo Wind ows, Linu x and Samb a Shari ng Reso urces with Samb a Samb a Secur ity and Trou blesh ootin g Linu x Wirel ess Netw orkin g Linu x Firew alls Usin g iptabl es Linu x FTP Serve

... ... 100%[==============================>] 280,435

153.28K/s

01:14:58 (152.78 KB/s) - `rancid-2.3.2a2.tar.gz' saved [280,435] [root@bigboy tar

5) Rancid needs to be compiled. Next, you will need to extract the files from the Rancid tar file as a pre-compilation step. In this case the file is named rancid2.3.2a2.tar.gz so the extraction process will place all the preliminary files in a directory named rancid-2.3.2a2.
[root@bigboy tar]# tar -xvzf rancid-2.3.2a2.tar.gz rancid-2.3.2a2/bin/Makefile.am rancid-2.3.2a2/bin/Makefile.in rancid-2.3.2a2/bin/alogin.in ... ... ... rancid-2.3.2a2/man/lg.conf.5.in rancid-2.3.2a2/man/rancid.conf.5.in rancid-2.3.2a2/man/lg_intro.1.in [root@bigboy tar]#

6) Enter the directory.

[root@bigboy tar]# cd rancid-2.3.2a2 [root@bigboy rancid-2.3.2a2]#

7) In this directory there is a README file with instructions on what to do next. You can view it using the less command to see the various configuration options offered. We will proceed in this example by using a very simple scenario.
[root@bigboy rancid-2.3.2a2]# less README

8) Prepare the Rancid package for compiling with the configure command. Here, the --prefix switch is used to set the default directory to match the /usr/local/rancid/ home directory of our rancid user.

[root@bigboy rancid-2.3.2a2]# ./configure -prefix=/usr/local/rancid/ checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk ... ... ... config.status: creating include/config.h config.status: include/config.h is unchanged

r Setup Telne t, TFTP and xinet d Secur e Rem ote Logi ns and File Copy ing Confi gurin g DNS Dyna mic DNS The Apac he Web Serve r Confi gurin g Linu x Mail Serve rs Moni torin g Serve r Perfo rman ce Adva nced MRT G For Linu x The

config.status: executing depfiles commands [root@bigboy rancid-2.3.2a2]#

9) Install the package with the make command.

[root@bigboy rancid-2.3.2a2]# make install Making install in . gmake[1]: Entering directory `/usr/local/rancid/tar/rancid2.3.2a2' gmake[2]: Entering directory `/usr/local/rancid/tar/rancid2.3.2a2' gmake[2]: Nothing to be done for `install-exec-am'. test -z "/usr/local/rancid//share/rancid" || mkdir -p -"/usr/local/rancid//share/rancid" ... ... ... /usr/bin/install -c 'downreport' '/usr/local/rancid//share/rancid/downreport' gmake[2]: Leaving directory `/usr/local/rancid/tar/rancid2.3.2a2/share' gmake[1]: Leaving directory `/usr/local/rancid/tar/rancid2.3.2a2/share' [root@bigboy rancid-2.3.2a2]#

10) There is a sample password file named cloginrc.sample. You'll need to copy it to the /usr/local/rancid/ home directory as the hidden file /usr/local/rancid/.cloginrc.
[root@bigboy rancid-2.3.2a2]# cp cloginrc.sample /usr/local/rancid/.cloginrc [root@bigboy rancid-2.3.2a2]#

11) Finally you will need to set the .cloginrc file permissions to be readable by the rancid user and the new netadm Linux group. You will also have to change the ownership and permissions of the home directory in a similar fashion.
[root@bigboy rancid-2.3.2a2]# chmod 0640 /usr/local/rancid/.cloginrc [root@bigboy rancid-2.3.2a2]# chown -R rancid:netadm /usr/local/rancid/ [root@bigboy rancid-2.3.2a2]# chmod 770 /usr/local/rancid/

Now that the installation is complete, you'll need to do some initial configuration to get Rancid to work. Don't worry, it is fairly straight forward.

Initial Rancid Configuration

NTP Serve r Netw orkBase d Linu x Instal lation Linu x Soft ware RAI D Expa nding Disk Capa city Mana ging Disk Usag e with Quot as Rem ote Disk Acce ss with NFS Confi gurin g NIS Centr alize d Logi ns Usin g LDA P and RAD IUS Contr olling Web

Initial configuration involves setting up Rancid to periodically backup your configurations and email status reports to the necessary users. 1) The rancid.conf file is used to determine where rancid stores its configurations and other general parameters. We'll need to edit it.
[root@bigboy rancid-2.3.2a2]# vi /usr/local/rancid/etc/rancid.conf

In this example, we'll create a Rancid device group called "networking". All files related to this group will be stored in a sub-directory of the same name under the var sub-directory of the Rancid home directory. In other words /usr/local/var/networking.

By default Rancid filters out passwords and SNMP community strings. You may want to set the FILTER_PWDS and NOCOMMSTR variables to "NO" to prevent this.
# # Sample rancid.conf # LIST_OF_GROUPS="networking" FILTER_PWDS=NO; export FILTER_PWDS NOCOMMSTR=NO; export NOCOMMSTR

Acce ss with Squid Modi fying the Kern el to Impr ove Perfo rman ce Basic MyS QL Confi gurati on

LHN Linux Forums Latest Threads Conn ect to intern et (Linu xHard ware, Netw orkin g& Secur ity) Dear all, I have a probl em using 'aptit ude', the ssh shell outpu ts an

2) Rancid will send status emails to mailing lists defined in the /etc/aliases file. The "networking" Rancid group will need to have groups named rancid-adminnetworking and rancid-networking. A Rancid group named "alldevices" would have groups named rancid-admin-alldevices and rancid-alldevices. In this example, the emails go to the noc mailing list made up of the addresses noc@my-web-site.org and manager@my-web-site.org.
# # Sample /etc/aliases # # # Rancid email addresses # rancid-admin-networking: rancid-networking: noc:

rancid-networking noc noc@my-web-site.org

3) The email aliases then need to be added sendmail alias database with the newaliases command.
[root@bigboy rancid-2.3.2a2]# newaliases /etc/aliases: 82 aliases, longest 80 bytes, 983 bytes total [root@bigboy rancid-2.3.2a2]#

4) The next couple steps need to be done as the rancid user. Use the su command to become the rancid user.
[root@bigboy rancid-2.3.2a2]# su - rancid

5) The rancid-cvs command needs to be used to create the /usr/local/var/networking directory and its associated database and network device list files.
[rancid@bigboy ~]$ /usr/local/rancid/bin/rancid-cvs No conflicts created by this import cvs checkout: Updating networking cvs checkout: Updating networking/configs cvs add: scheduling file `router.db' for addition cvs add: use 'cvs commit' to add this file permanently RCS file: /usr/local/rancid//var/CVS/networking/router.db,v done Checking in router.db; /usr/local/rancid//var/CVS/networking/router.db,v <-router.db initial revision: 1.1 done [rancid@bigboy ~]$

6) The README file will be useful, so copy it to the home directory before deleting the rancid sub-directory under the tar sub-directory.
[rancid@bigboy ~]$ cp tar/rancid-2.3.2a2/README . [rancid@bigboy ~]$ rm -rf tar/rancid-2.3.2a2 [rancid@bigboy ~]$

7) Now edit the rancid user's crontab table file to schedule regular backups using the /usr/local/rancid/bin/rancid-run file.
[rancid@bigboy ~]$ crontab -e # # Rancid user's crontab file # # Run config differ hourly 1 * * * * /usr/local/rancid/bin/rancid-run # Clean out config differ logs 50 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f mtime +2 -exec rm {} \;

The Rancid network device list and password files will now have to be edited before your configurations can be backed up, but first, let's review the most important file locations.

error tellin g me it cann ot get to the ubunt u web addre ss to down load the... Dom ain Logi n (Linu xGene ral Topic s) i need to make a proje ct on doma in login. what thing s shoul di add to it and how. it woul d be very gener ous if some one helps me out. Debi

Rancid File Locations

Table 1-1 shows a list of important rancid file locations based on the configuration steps we've done so far. The following sections will review the most important ones in more detail.

Table 1-1 : Rancid File Locations

Location /usr/local/rancid /usr/local/rancid/var/logs /usr/local/rancid/bin /usr/local/rancid/var/networking/configs /usr/local/rancid/var/networking/router.db /usr/local/rancid/tar /usr/local/rancid/README /usr/local/rancid/.cloginrc Description Base Rancid directory location Location of the rancid backup log files. You can trace backup failures here. Location of the executables Backup location of all the configurations List of all devices that need to be backed up. Location of the original rancid tar files General help file Password file

The Rancid router.db file

The router.db file is the device list rancid uses to do its backups. It has the format:
dns-name-or-ip-address:device-type:status

Where dns-name-or-ip-address is the hostname or IP address of the device, device-type is the expected type of operating system the device should be running and status (which can be up or down) which determines whether the device should be backed up or not. This example is for a Cisco device with an IP address of 192.168.1.1.

an Sque eze on Powe rPC MAC ! (Ubu ntu / Debi an) I have succe ssful instal led Debi an 6 on a Powe rPC MAC , work s great, confi gured nic with a hard ip. Setup FTP site work s great. Im havin ga issue. .. confi g send mail (Linu xSoft ware, Appli catio

192.168.1.1:cisco:up

Note: According to the Rancid help pages, "a '#' at the beginning of a line is considered as a comment and the entire line is ignored. If a device is deleted from the router.db file, then Rancid will clean up by removing the device's configuration file /usr/local/rancid/var/networking/configs directory. The CVS information for the device will be moved to CVS Attic directory (using cvs delete)." Table 1-2 shows some important device-types for the router.db file.

Table 1-2 : Various device types for Rancid

Device alteon baynet cat5 cisco css enterasys erx Extreme ezt3 force10 foundry hitachi hp Description An Alteon WebOS switches. A Bay Networks router. A Cisco catalyst series 5000 and 4000 switches (i.e.: running the catalyst OS, not IOS). A Cisco router, PIX, or switch such as the 3500XL or 6000 running IOS (or IOS-like) OS. A Cisco content services switch. An enterasys NAS. This is currently an alias for the riverstone device type. A Juniper E-series edge router. An Extreme switch. An ADC-Kentrox EZ-T3 mux. A Force10 router. A Foundry router, switch, or router-switch. This includes HP Procurve switches that are OEMs of Foundry products, such as the HP9304M. A Hitachi routers. A HP Procurve switch such as the 2524 or 4108 procurve switches.

ns & Progr ammi ng) I want the send mail to be confi gued in sucha way that it must send mail as belo w. Code : -------W3C ALC ULA TOR [test @w3 calcu lator. com]. .. Findi ng out when IP addre ss chan ges but netw ork remai ns the same (Linu xHard ware, Netw orkin

Also see the foundry type. mrtd netscalar netscreen redback tnt zebra riverstone juniper A host running the (merit) MRTd daemon. A Netscalar load balancer. A Netscreen firewall. A Redback router, NAS, etc. A lucent TNT. Zebra routing software. A Riverstone NAS or Cabletron (starting with version ~9.0.3) router. A Juniper router.

The Rancid .clogin.rc file

The .clogin.rc file lists all the passwords rancid will use. The one that comes with the Rancid installation kit has a lot of examples in it and is fairly self-explanatory. Unfortunately some of the examples are not commented out, so you will have to do so yourself. Here is a sample snippet using some commonly encountered scenarios.
# # Sample .clogin.rc file # ################################################################## ## # # Device 192.168.1.16 has a unique username and password, but # doesn't logins do not get the enable prompt. # # If the device prompts for a username, Rancid will use the Linux # "rancid" username and the first password in the list. If only a # login password is requested, rancid uses the first password in the # list. The second password is the "enable" password. # ################################################################## ## add password 192.168.1.16 {telnet-password} {enable

g& Secur ity) Hello !I am using Ubun tu 10.04 and when I am conn ected to my prefe rred auto matic netw ork, my comp uter is assig ned a new IP addre ss every so often. .. Singl e Dom ain Multi ple locati on (Linu xGene ral Topic s) Hi all, I am a Linu x Syste

password} ################################################################## ## # # Devices with DNS names ending in my-web-site.org in the router.db # file or beginning with 172.16. have a different set of passwords. # # If the device prompts for a username, Rancid will use the Linux # "rancid" username and the first password in the list. If only a # login password is requested, rancid uses the first password in the # list. The second password is the "enable" password. # ################################################################## ## add password *.my-web-site.org password} add password 172.16.* password} {telnet-password} {telnet-password} {enable{enable-

################################################################## ## # # Everything else uses these passwords. Rancid will attempt to use # telnet then SSH for logins # ################################################################## ## add password add method * * {telnet-password} telnet ssh {enable-password}

Testing Rancid
Rancid has a number of scripts that can be run as part of a testing program and the logs they create are fairly detailed. Here are some examples. As a general rule, it is usually easiest to do testing as the rancid user.

Testing A Login for a Single Device

The clogin script in the bin directory can be used to read the .cloginrc file as part of an interactive test. In this example, we successfully log in to our 192.168.1.1 Cisco device and get an interactive enable prompt.
[rancid@bigboy ~]$ bin/clogin 192.168.1.1

m Admi nistra tor, I have been tryin g to confi gure Singl e Dom ain Multi ple locati on in Postfi x mail serve r (RHE L... hello (Red hat / Fedor a) hello How to confi gure DNS with BIN D (Linu xHard ware, Netw orkin g& Secur ity) Hi, I am new a Linu x newb ie,

192.168.1.1 spawn telnet 192.168.1.1 Trying 192.168.1.1... Connected to (192.168.1.1). Escape character is '^]'. User Access Verification Password: Type help or '?' for a list of available commands. pixfirewall> enable Password: ******** pixfirewall# pixfirewall# exit Logoff Connection closed by foreign host. [rancid@bigboy ~]$

You can still test if you are not logged in as the rancid Linux user, but are a member of the netadm group (or root). Simply use the clogin command as user rancid and using the /usr/local/rancid/.cloginrc password file as in the example below.
[root@bigboy tmp]$ /usr/local/rancid/bin/clogin \ -f /usr/local/rancid/.cloginrc -u netadm 192.168.1.1

Testing For All Devices

The rancid-run script in the bin directory can be used to read the .cloginrc file as part of a complete test.
[rancid@bigboy ~]$ bin/rancid-run [rancid@bigboy ~]$

Troubleshooting Using the Rancid Log Files

The var/logs/ directory contains all the rancid logs sorted by date as we can see here.
[rancid@bigboy ~]$ ls var/logs/ networking.20050721.020048 networking.20050721.020101 [rancid@bigboy ~]$

but I am tryin g the best to make sure I know thing s i'm still lacki ng now. I am in charg e of instal lation of my... Abou t Spac e alloc ation (Linu xGene ral Topic s) Hi all, (Dun no whet her this is the right place to post this quest ion).. I was readi ng about space (bloc

Successful Execution
When successful, the Rancid log file has a "All routers successfully completed" message near the end.
[rancid@bigboy ~]$ less var/logs/networking.20050721.020101 starting: Thu Jul 21 02:01:01 PDT 2005 Trying to get all of the configs. All routers successfully completed. cvs cvs cvs cvs diff: Diffing . diff: Diffing configs commit: Examining . commit: Examining configs

ending: Thu Jul 21 02:01:06 PDT 2005 [rancid@bigboy ~]$

If the rancid-run script was used, you should now see a copy of your configuration in the var/networking/configs/ directory as seen here.
[rancid@bigboy ~]$ ls var/networking/configs/ 192.168.1.1 CVS [rancid@bigboy ~]$

Possible Reasons for Failure

From time to time, Rancid will fail, usually for configuration file or connectivity reasons. In these cases the log file entries will look like this with an "End of run not found" message at the end:
192.168.1.1: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir ... ... ... version,show redundancy secondary,show running-config,show c7200,dir /all slot1: 192.168.1.1: End of run not found

This could be due to any one of the following causes: 1. 2. 3. 4. The IP address or DNS name used in the router.db file is incorrect. The device type entry in the router.db file is incorrect. For Cisco devices, the login device prompt doesn't end in a ">". The device is inaccessible from the server running Rancid.

k) alloc ation to a file.It says.. . seper ate colu mn (Linu xSoft ware, Appli catio ns & Progr ammi ng) I have line as svar syste ms 1458 23 india I have to seper ate this line and store each colun m in a... DNS and NAT. .. sorry. (Linu xHard ware, Netw orkin g&

5. The password information in the .clogin.rc file is incorrect. 6. A device accessible by only SSH was replaced and the SSH keys on the device were not regenerated. A tell tale sign is that SSH sessions will get "connection refused" messages like this one:
[rancid@bigboy ~]$ ssh 192.168.1.1 ssh: connect to host 192.168.1.1 port 22: Connection refused [rancid@bigboy ~]$

1. The rancid-run command was previously run from the command line and was aborted using <CTRL-C>. This causes a lock file to be left behind. A new instance of Rancid will not run unless this file is deleted. In our case the file name is:
/tmp/.networking.run.lock

Getting Rancid Help

Configuration help can be found in the /usr/local/rancid/README file, but this is often insufficient. Better assistance can be obtained as seen in the following sections. You can use the man -M /usr/local/rancid/man <filename> to get help on the use of any file in the rancid directory tree. In this example there is help on the router.db file.
[rancid@bigboy ~]$ man -M /usr/local/rancid/man router.db

Secur ity) I am sure this has been answ ered befor e... I just excee ded my 3hour limit on headbangi ng. I am looki ng for a sense of direct ion, as I am sure I...

Conclusion
Backing up of network configuration files is an essential network engineering maintenance activity. Rancid, is a very popular, reliable and effective application that should capably handle most of your needs. Retrieved from "http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_: _Network_Backups_With_Rancid" ========================================================== ========================================================== ====

Contents
[hide]

1 This is for the those on the bleeding edge 2 Getting OpenNMS with RANCID Support 3 What is Rancid 4 What is RANCID RWS ? o 4.1 Download RANCID RWS 5 Install and configure RANCID o 5.1 Set the trap destination in rancid-trap o 5.2 Set the OpenNMS notification command in rancid.conf 6 Set Up the RWS Server o 6.1 Make the CGI Files Available to the Web Server o 6.2 Configure httpd.conf o 6.3 Configure rancid.rws.rc RWS Configuration File 7 Set up ViewVC 8 Configure OpenNMS to communicate with RWS 9 Getting Help 10 Caution

This is for the those on the bleeding edge

RANCID RWS integration is in OpenNMS 1.7.1 and higher, which as of this writing is still a development preview version of OpenNMS 1.8. You must be comfortable running alpha software and potentially building from source.

Getting OpenNMS with RANCID Support

OpenNMS 1.7.1 has support for the RANCID integration, although development is still finishing off, so you may want to build from source following the instructions here.

What is Rancid
rancid (Really Awesome New Cisco confIg Differ) is a tool for monitoring network devices (i.e. routers, switches, etc.) to track software and hardware configuration changes and to maintain a complete history of them by the means of a revision's control system (i.e. CVS or Subversion) repository. It is distributed by Shrubbery Networks, Inc As most "good-old-school" unix-based tools, rancid's configuration is performed by editing a set of configuration files on the hosting system; rancid's execution is

started from the system's command line or automatically scheduled via the unix cron daemon; the information repositories generated by rancid can be accessed by any CVS or Subversion browsing tool.

What is RANCID RWS ?

In order to perform a consistent integration into a general network management system (NMS), a proper application program interface (API) to rancid's configuration and information repository, was developed. It was designed according to a resource-oriented client-server model following a Representational State Transfer (REST) style of software architecture based on the Hyper Text Transfer Protocol version 1.1, that is -as commonly defined- a resource-oriented RESTful web service API.

Download RANCID RWS

The latest RWS RANCID release is available at the OpenNMS download site. Alternatively, you can build from source by running mvn package in the source tree checked out from the RANCID API repository by cloning git://opennms.git.sourceforge.net/gitroot/opennms/rancid-api. This will create release and source tarballs in the target/ directory.

Install and configure RANCID

Install RANCID from: http://www.shrubbery.net/rancid Note that currently RANCID needs a small patch to work with the RWS integration. It is included in the contrib/ directory of the RANCID RWS release distribution. The 0.98 version of the patch (latest as of 21 Oct 2010) does not apply to the latest version of RANCID (2.3.4). Here is an updated version of the patch for use until the official distribution can be updated:
Patch against RANCID 2.3.4 Rancid-2.3.4_plus_OpenNMS.patch.txt

Set the trap destination in rancid-trap

Edit the file RANCID_HOME/bin/rancid-trap and set the rcvr variable to the IP address or hostname of your OpenNMS server. For instance, if your OpenNMS server is at 10.11.12.13:
# process command-line arguments

rcvr="10.11.12.13"

Set the OpenNMS notification command in rancid.conf

Add the following to your RANCID_HOME/etc/rancid.conf file to tell RANCID where to find the command to send traps to OpenNMS. For instance, if RANCID_HOME is /opt/rancid:
OPENNMS_NOTIFY_CMD=/opt/rancid/bin/rancid-trap export OPENNMS_NOTIFY_CMD

Be careful, for the moment (1.7.2) you need to have several configuration items set. The minimal rancid.conf file is :
add user cisco.example.com dummy_user add method cisco.example.com telnet add password cisco.example.com password enablepassword

Set Up the RWS Server

The RWS Server implements a CGI Application as the middleware between OpenNMS and RANCID. In my setup I implemented RWS as a Virtual Server on Apache. This was implemeted on RedHat 4 Enterprise.

Make the CGI Files Available to the Web Server

First, put the CGI file(s) somewhere your web server can get to them:
cd /var/www mkdir rws-server cp -R /path/to/rws/cgi-bin rws-server/rws-cgi chown rancid:root rws-server chmod -R 755 rws-server mkdir rws-server/html chown rancid:rancid rws-server/*

Configure httpd.conf
Then, configure your httpd.conf so that Apache runs as the RANCID user. This step is necessary because Apache's mod_suexec "cleans" the environment of scripts that run under it, rendering that strategy incompatible with the use of mod_setenv's SetEnv directive to configure the RWS services.

NameVirtualHost *:80 User rancid Group rancid <VirtualHost *:80> DocumentRoot /var/www/rws-server/html ServerName rws.mycompany.org ErrorLog logs/rws-error_log TransferLog logs/rws-access_log ScriptAlias /rws "/var/www/rws-server/rws-cgi/rws-cgi.tcl" AddHandler cgi-script .tcl SetEnv RWS_LOGFILE /var/log/httpd/rws-cgi.log SetEnv RWS_LOGLEVEL debug <Directory /var/www/rws-server/rws-cgi> AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/rws-server/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost>

Configure rancid.rws.rc RWS Configuration File

Finally, configure the rws-server configuration file in /var/www/rwsserver/rws-cgi/rancid.rws.rc. The following are the settings we used in rancid.rws.rc:
set pathRancidHome set fileRancidConf "/usr/local/rancid/etc/rancid.conf" set pathBackup set pathTemp set commandCVS set urlViewVC "/home/rancid" "/home/rancid/tmp" "/tmp" "/usr/bin/cvs" "/viewvc"

Set up ViewVC

Download latest stable viewVC from the site. Install it using the provided install script in your /var/www path.
chown -R rancid:rancid /var/www/viewvc

Edit the viewvc config file to set the CVSROOT path.

Add it to your Apache configuration by adding this ScriptAlias under the /rws alias :
ScriptAlias /viewvc "/var/www/viewvc/bin/cgi/viewvc.cgi"

You should be able to browse your CVS at :

http://rws.mycompany.org/viewvc

Configure OpenNMS to communicate with RWS

cd $OPENNMS_HOME/etc

Edit opennms.properties and change to following line from:

#opennms.rancidIntegrationEnabled = false

...to:
opennms.rancidIntegrationEnabled = true

We used a virtual host instead of localhost, so we edited rws-configuration.xml and change the following line:
<base-url server_url="http://localhost"/>

...to:
<base-url server_url="http://rws.mycompany.org"/>

Once these steps are done, the node details page for every node in the OpenNMS web UI will contain a View Node Rancid Inventory Info link in the General box. This link takes you to a page where you can see a summary of the node's device configurations and (if maintained in RANCID) its stored software images. From the configurations summary you can also drill into a page that embeds the ViewVC interface, which lets you browse the historical device configurations for the node. Note that the success of this integration depends on the OpenNMS node label of a given node being identical (including upper / lower case) to the name by which RANCID knows that device. If these two names are even slightly mismatched, no configurations or software images will be visible from the OpenNMS web UI.

Getting Help
If you continue to have issues, Rocco Rionero wrote a fantastic README. Take a

look through that for details. If you still have problems, please try the discussion lists.

Caution
Please backup your RANCID configuration. The RWS server will update the .cloginrc file as changes are made inside OpenNMS.
Retrieved from "http://www.opennms.org/wiki/RANCID_RWS"