KB ID 0001332
Problem
Before on Part One we setup our RANCID and ViewVC server ready to start backing up our devices, now we will look at adding the devices, and automating the backup process.
Solution
To add a Cisco device you need to do TWO things*. Firstly you need to add and entry in the ‘router.db‘ file that lives in the ‘Group’ folder you created back in part one. Secondly you need to add the access details, you do this in the ‘.cloginrc‘ file.
*Note: There’s really three things, but we have already setup the rancid.conf file and created the groups.
I’m going to add my Cisco ASA firewall to the router.db file thats in the Firewalls group.
[box]
nano /usr/local/rancid/var/Firewalls/router.db
[/box]
You enter devices in the following format;
{ip-or-hostname};cisco;up
OR
{ip-or-hostname};cisco;up; LOCATION: {Your test here}
Note: If you have a device that goes down for maintenance, or is retired but you want to retain its config you change the keyword up to down and Rancid wont try and back it up.
REMEMBER: I have Firewalls and a Switches (Groups) created, so I will add in my switch into the Switches router.db file exactly the same as I did above;
For the system to access the remote devices, it needs to know how to gain access, (method}, and a username and password, these are setup in the .cloginrc file. This is the file Rancid uses for Cisco devices if you look in the folder that the file lives in, you will see other login files for other vendors.
[box]
nano /home/rancid/.cloginrc
[/box]
Adding Cisco Device Logins
You will notice (screenshot above, and text below) I’ve used two different methods, the reason I have done this is because the first item (the device on 192.168.100.119) is a Cisco IOS device (it’s actually a CSR1000,) and when I logon as the rancid-user I am ‘automatically’ logged on in enable mode. Cisco ASA Firewalls (like the second entry) only very recently had the ‘auto-enable’ feature added to them (version 9.2(1)) so for older models, you have to login, and then go to enable mode, and then enter a second password. This is why the second entry has two passwords, usually they are the same, but if a specific enable password has been set on the firewall they will NOT be.
[box]
Cisco Router / Switch Example # You can enter some sensible text here to define the device below add user {ip-or-hostname} {username} add password {ip-or-hostname} {password} add method {ip-or-hostname} {ssh or telnet} add autoenable {ip-or-hostname} 1 # Cisco ASA Firewall Example # You can enter some sensible text here to define the device below add user {ip-or-hostname} {username} add password {ip-or-hostname} {password} {enable-password} add method {ip-or-hostname} {ssh or telnet} # [/box]
Now we are pretty much setup, you can test your configuration by running the following command;
[box]
/usr/local/rancid/bin/rancid-run
[/box]
It wont return any output but if you browse to your ViewVC total you ‘should’ now see the configs have been added;
Troubleshooting Rancid
If you do a test run and it appears nothing has happened then you can look at the logs to see what went wrong.
[box]
cd /usr/local/rancid/var/logs/
ls
nano {log-name}
[/box]
Usually it will give you an error that will point you in the right direction, if the file is completely empty, (i.e. a start time and and end time and nothing else). This usually indicates an error in the router.db file.
Scheduling Rancid Backups
This is done with crontab, which means we need to edit it with vi (I don’t like vi either, see the following article for a 2 minute crash course).
Using the VI Editor (For Windows Types)
Crontab Timing Format
This can also get a bit confusing, to simplify things see the table below,
Requirement | Entry/String |
Run once a year | 0 0 1 1 * |
Run once a month | 0 0 1 * * |
Run once a week | 0 0 * * 0 |
Run once a day | 0 0 * * * |
Run once an hour | 0 * * * * |
Note For ‘Human’ time you can specify minutes and hours e.g. 59 23 * * * means run every day at 59 minutes past 11.
So to schedule the Rancid job you first need to logon (or su to) the rancid user. And setup the crontab file using vi.
[box]
su rancid crontab -e
[/box]
If you read my link above you will know how to edit in VI
[box]
# #Rancid Config File # # 0 0 * * * /usr/local/rancid/bin/rancid-run # # 59 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime +30 -exec rm -rf {} \; #
[/box]
You can check the crontab config at anytime with the following command
[box]
crontab -i
[/box]
Related Articles, References, Credits, or External Links
NA