Setup RANCID and ViewVC (Part One)

KB ID 0001331

Problem

There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.)

Then I had to do some more searching to get it to back up my Cisco ASA firewalls and get the whole thing automated, which Ill cover in Part Two.

OS: CentOS 7 x64

Rancid: 3.4.1

ViewVC: 1.1.24

Solution

Once it’s built, let’s update our server;

[box]

yum upgrade
yum update
Answer any questions with 'y' for yes.

[/box]

Lets install all the components we need;

[box]

yum install nano wget ftp telnet mariadb-server mariadb perl tcl expect gcc cvs rcs httpd autoconf php-common php-gd php-pear php-pecl-memcache php-mysql php-xml mod_ssl MySQL-python

[/box]

We only need a simple web server, so set the firewall accordingly (I’m opening http (TCP 80) and https (TCP 443) but we will only configure http in this example);

[box]

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

[/box]

We have already installed Apache (web server), so we need to start it up, then set it to ‘auto-start’ with the server. Then create a group, and a user (rancid), and place that user in the group we created. Finally create a directory for us to ‘unzip’ rancid into.

[box]

systemctl enable httpd.service
systemctl start httpd.service
groupadd netadm
useradd -g netadm -c "Networking Backups" -d /home/rancid rancid
mkdir /home/rancid/tar

[/box]

Move into the directory, we just created then download RANCID, unzip it, then install it.

[box]

cd /home/rancid/tar/
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz
tar -zxvf rancid-3.4.1.tar.gz
cd rancid-3.4.1
./configure --prefix=/usr/local/rancid
make install

[/box]

Copy over the ‘clogin’ file, (more on this later). Then set the ownership and and permissions on the rancid files and directories.

[box]

cp cloginrc.sample /home/rancid/.cloginrc
chmod 0640 /home/rancid/.cloginrc
chown -R rancid:netadm /home/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 775 /usr/local/rancid/

[/box]

Now to set the ‘top level’ groups. Above I’ve got Firewalls and Switches, you might want to create a group for each customer you are backing up, or each site. (the design is up to you), but these are the ‘folder names’ you will see when you first log into the ViewVC web front end. Next you need to edit the main Rancid configuration file;

[box]

nano /usr/local/rancid/etc/rancid.conf

[/box]

Uncomment and add your groups, i.e.
LIST_OF_GROUPS=”Firewalls Switches

Save and Exit the file, (in nano that’s CTRL+X, then Y to save, and finally {Enter}.) Now we need to change to the rancid user we created earlier, (remembering to swap back to ‘root’ afterwards). We do this to create the folder structure for the groups we just created. Most importantly this creates the router.db file(s) which lives in each group/folder. This file specifies what the devices are, and where they are, that you will be backing up.

[box]

su -rancid

Or 'su rancid' if you are logged in as root

/usr/local/rancid/bin/rancid-cvs
su

[/box]

Download and install ViewVC.

[box]

cd /home/rancid/tar/
wget http://viewvc.tigris.org/files/documents/3330/49471/viewvc-1.1.24.tar.gz
tar -zxvf viewvc-1.1.24.tar.gz
cd viewvc-1.1.24
./viewvc-install

[/box]

Open the ViewVC config file;

 

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

Uncomment and change the values, (as shown above).

root_parents = /usr/local/rancid/var/CVS : cvs
rcs_dir = /usr/local/bin
use_rcsparse = 1

Now to enable ViewVC to work with Apache, we need to copy over some CGI, and set some permissions.

[box]

cp /usr/local/viewvc-1.1.24/bin/cgi/*.cgi /var/www/cgi-bin
chmod +x /var/www/cgi-bin/*.cgi
chown apache:apache /var/www/cgi-bin/*.cgi

[/box]

Then in the Apache config file, scroll to the end and add the following text, (don’t forget to save and exit the file).

[box]

nano /etc/httpd/conf/httpd.conf

Paste the following (at the bottom)

# Custom Rancid Config

<VirtualHost>
        DocumentRoot /var/www
        ScriptAlias /cgi-bin/ "/var/www/cgi-bin"
        ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi
        ScriptAlias /query /var/www/cgi-bin/query.cgi
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
</VirtualHost>

[/box]

We already installed MariaDB, (similar to MySQL) earlier, we just need to start it up, then set it to auto start with the server. Out of the box, MariaDB is a little insecure, so there’s a process of hardening it called ‘mysql_secure_installation’.

Note: the first time you run the secure installation it will ask for a password, this is the root password for MariaDB NOT the Linux root password, this will be {blank} so just hit {Enter}, then Yes to set the password, and set the MySQL/MariaDB root password (NEVER LOSE OR FORGET THIS). You will need it in a minute anyway, for all the other questions simply press {Enter} to accept the defaults.

[box]

systemctl enable mariadb
systemctl start mariadb
sudo mysql_secure_installation

[/box]

Now that MariaDB is installed, we need to create a user in SQL that ViewVC will use, to do that we need to log into SQL using the root password you just setup.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVC'@'localhost' IDENTIFIED BY ‘Password123’;
GRANT ALL PRIVILEGES ON *.* TO 'VIEWVC'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Note: sometime it does not like you copying and pasting the first ‘CREATE USER…’ line, (I don’t know why.) If it complains, type it out manually!

Now that is set up we can get ViewVC to create its database.

[box]

cd /usr/local/viewvc-1.1.24/bin
./make-database

[/box]

Use the following settings when prompted;

MySQL Hostname (leave blank for default):{Enter}

MySQL Port (leave blank for default):{Enter}

MySQL User: VIEWVC

MySQL Password: Password123

ViewVC Database Name [default: ViewVC]:{Enter}

Then, (the same as you did earlier,) create another user in MariaDB, that will be a ‘read-only’ user.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVCRO'@'localhost' IDENTIFIED BY ‘Password456’;
GRANT SELECT ON ViewVC.* TO 'VIEWVCRO'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Edit the ViewVC configuration so that it uses all the parameters you have setup;

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

 

Un

Scroll down to the [csvdb] section, then uncomment and change the values shown (above,) so that look like.

enabled = 1
host = localhost
port = 3306
database_name = ViewVC
user = VIEWVC
passwd = Password123
readonly_user = VIEWVCRO
readonly_passwd = Password456

Then get ViewVC to ‘rebuild’ the database .

[box]

/usr/local/viewvc-1.1.24/bin/cvsdbadmin rebuild /usr/local/rancid/var/CVS/CVSROOT/

[/box]

Reboot the server, and if you browse to http://{ip-or-hostname}/viewvc you should see something like this;

 

In Part Two we will add some Cisco Devices (Switches and ASA Firewalls) and schedule the backups.

Related Articles, References, Credits, or External Links

NA

DrayTek Vigor – Reset To Factory Settings

KB ID 0000573

Problem

If you cannot get access to your router, or you have bought, found or been given one, and you cannot access it. The simplest thing to do it to reset to to factory settings. Once the Router has been reset its settings will be as follows;

DrayTek Default Username and Passwords

Model
Username
Password
Vigor Rev. ALL admin admin
Vigor 2600 admin {blank}
Vigor 2800 {blank} {blank}
Vigor 2900+ admin admin
Vigor 3300 draytek 1234

Note: The Router will set itself up with a static IP address http://192.168.1.1) and will act as a DHCP server (Make sure your network card it set to get its address automatically.

 

Solution

Warning: Make sure you have all your Routers settings, before you start, especially your ADSL username and password (ring your ISP and confirm) before resetting the Router as all these settings will be WIPED!

Factory Reset DrayTek Vigor: Option 1 (If you do not know the password)

Note: Model shown is a DrayTek Vigor 2800

1. with the router powered on in normal operation the power light should be blinking (slowly)

2. Use a pen, to depress the factory reset button on the rear of the device.

3. The power light will blink rapidly.

4. Release the factory reset button.

Factory Reset DrayTek Vigor: Option 2 (If you know the password)

If you can log in but just want to wipe the settings, and revert to factory defaults.

1. Connect to the web management console and navigate to, System Maintenance > Reboot system > Tick “Using factory default configuration”.

Factory Reset DrayTek Vigor: Option 3 (If you know the password)

If you can log in but just want to wipe the settings, and revert to factory defaults.

1. Familiarise yourself with the DrayTek Vigor firmware upgrade procedure. But use the firmware that ends in .RST NOT the firmware that ends in .ALL. (Note: The .all firmware just updates the firmware but keeps the settings).

 

Related Articles, References, Credits, or External Links

Draytek Router – Firmware Update

Draytek Vigor Router Port Forwarding

 

Windows – Remove Saved / Cached Network Passwords

KB ID 0000556

Problem

Windows 7 / 2008 R2 like previous versions of Windows, caches your user names and passwords entered for network shares, drives etc. That’s fine until there’s an incorrect password or username in the cache, and you want to remove it.

With Windows XP you could do this by running “control userpasswords2” and deleting the offending entry. With Windows 7 we have Credential Manager to do this for us.

Solution

1. Launch Credential Manager, either type “Credential” in the search/run box, and select it or,

If you have “Run” on your start menu you can, Start > Run > control keymgr.dll {enter} or,

You can also launch Credential Manager from, Start > cmd {Enter} > And execute a control keymgr.dll command.

2. Once open, you can locate the offending saved username and password and remove it.

3. The next time you attempt to connect to the required resource, you should be prompted to re-enter your credentials.

Alternative Method to Remove Cached / Network Passwords

You can also run the following command then remove the offending entry;

[box]
rundll32.exe keymgr.dll, KRShowKeyMgr[/box]

 

Related Articles, References, Credits, or External Links

NA

Dreamweaver CS6 – Backup and Restore Site Settings

KB ID 0000672 

Problem

If you are like me and struggle to remember settings, passwords etc. Then being able to back up all your website settings in Dreamweaver so you can restore them back again, (after a rebuild on a new PC) can save you some heartache.

Solution

1. On the SOURCE machine, Launch Dreamweaver > Site > Manage Sites > Select the site in question > Select the ‘Export Site’ Icon.

2. Choose whether to export the site login details and passwords > OK.

3. Select where you want to save the settings.

4. From the Same Menu on the TARGET Machine > Import Site.

5. Browse to the .ste file you saved earlier > Open.

Related Articles, References, Credits, or External Links

NA