KB ID 0001331
Problem
There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.)
Then I had to do some more searching to get it to back up my Cisco ASA firewalls and get the whole thing automated, which Ill cover in Part Two.
OS: CentOS 7 x64
Rancid: 3.4.1
ViewVC: 1.1.24
Solution
Once it’s built, let’s update our server;
[box]
yum upgrade yum update Answer any questions with 'y' for yes.
[/box]
Lets install all the components we need;
[box]
yum install nano wget ftp telnet mariadb-server mariadb perl tcl expect gcc cvs rcs httpd autoconf php-common php-gd php-pear php-pecl-memcache php-mysql php-xml mod_ssl MySQL-python
[/box]
We only need a simple web server, so set the firewall accordingly (I’m opening http (TCP 80) and https (TCP 443) but we will only configure http in this example);
[box]
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
[/box]
We have already installed Apache (web server), so we need to start it up, then set it to ‘auto-start’ with the server. Then create a group, and a user (rancid), and place that user in the group we created. Finally create a directory for us to ‘unzip’ rancid into.
[box]
systemctl enable httpd.service systemctl start httpd.service groupadd netadm useradd -g netadm -c "Networking Backups" -d /home/rancid rancid mkdir /home/rancid/tar
[/box]
Move into the directory, we just created then download RANCID, unzip it, then install it.
[box]
cd /home/rancid/tar/ wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz tar -zxvf rancid-3.4.1.tar.gz cd rancid-3.4.1 ./configure --prefix=/usr/local/rancid make install
[/box]
Copy over the ‘clogin’ file, (more on this later). Then set the ownership and and permissions on the rancid files and directories.
[box]
cp cloginrc.sample /home/rancid/.cloginrc chmod 0640 /home/rancid/.cloginrc chown -R rancid:netadm /home/rancid/.cloginrc chown -R rancid:netadm /usr/local/rancid/ chmod 775 /usr/local/rancid/
[/box]
Now to set the ‘top level’ groups. Above I’ve got Firewalls and Switches, you might want to create a group for each customer you are backing up, or each site. (the design is up to you), but these are the ‘folder names’ you will see when you first log into the ViewVC web front end. Next you need to edit the main Rancid configuration file;
[box]
nano /usr/local/rancid/etc/rancid.conf
[/box]
Uncomment and add your groups, i.e.
LIST_OF_GROUPS=”Firewalls Switches“
Save and Exit the file, (in nano that’s CTRL+X, then Y to save, and finally {Enter}.) Now we need to change to the rancid user we created earlier, (remembering to swap back to ‘root’ afterwards). We do this to create the folder structure for the groups we just created. Most importantly this creates the router.db file(s) which lives in each group/folder. This file specifies what the devices are, and where they are, that you will be backing up.
[box]
su -rancid Or 'su rancid' if you are logged in as root /usr/local/rancid/bin/rancid-cvs su
[/box]
Download and install ViewVC.
[box]
cd /home/rancid/tar/ wget http://viewvc.tigris.org/files/documents/3330/49471/viewvc-1.1.24.tar.gz tar -zxvf viewvc-1.1.24.tar.gz cd viewvc-1.1.24 ./viewvc-install
[/box]
Open the ViewVC config file;
[box]
nano /usr/local/viewvc-1.1.24/viewvc.conf
[/box]
Uncomment and change the values, (as shown above).
root_parents = /usr/local/rancid/var/CVS : cvs
rcs_dir = /usr/local/bin
use_rcsparse = 1
Now to enable ViewVC to work with Apache, we need to copy over some CGI, and set some permissions.
[box]
cp /usr/local/viewvc-1.1.24/bin/cgi/*.cgi /var/www/cgi-bin chmod +x /var/www/cgi-bin/*.cgi chown apache:apache /var/www/cgi-bin/*.cgi
[/box]
Then in the Apache config file, scroll to the end and add the following text, (don’t forget to save and exit the file).
[box]
nano /etc/httpd/conf/httpd.conf Paste the following (at the bottom) # Custom Rancid Config <VirtualHost> DocumentRoot /var/www ScriptAlias /cgi-bin/ "/var/www/cgi-bin" ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi ScriptAlias /query /var/www/cgi-bin/query.cgi <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </VirtualHost>
[/box]
We already installed MariaDB, (similar to MySQL) earlier, we just need to start it up, then set it to auto start with the server. Out of the box, MariaDB is a little insecure, so there’s a process of hardening it called ‘mysql_secure_installation’.
Note: the first time you run the secure installation it will ask for a password, this is the root password for MariaDB NOT the Linux root password, this will be {blank} so just hit {Enter}, then Yes to set the password, and set the MySQL/MariaDB root password (NEVER LOSE OR FORGET THIS). You will need it in a minute anyway, for all the other questions simply press {Enter} to accept the defaults.
[box]
systemctl enable mariadb systemctl start mariadb sudo mysql_secure_installation
[/box]
Now that MariaDB is installed, we need to create a user in SQL that ViewVC will use, to do that we need to log into SQL using the root password you just setup.
[box]
mysql -u root -p Enter your SQL root password CREATE USER 'VIEWVC'@'localhost' IDENTIFIED BY ‘Password123’; GRANT ALL PRIVILEGES ON *.* TO 'VIEWVC'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES; quit
[/box]
Note: sometime it does not like you copying and pasting the first ‘CREATE USER…’ line, (I don’t know why.) If it complains, type it out manually!
Now that is set up we can get ViewVC to create its database.
[box]
cd /usr/local/viewvc-1.1.24/bin ./make-database
[/box]
Use the following settings when prompted;
MySQL Hostname (leave blank for default):{Enter}
MySQL Port (leave blank for default):{Enter}
MySQL User: VIEWVC
MySQL Password: Password123
ViewVC Database Name [default: ViewVC]:{Enter}
Then, (the same as you did earlier,) create another user in MariaDB, that will be a ‘read-only’ user.
[box]
mysql -u root -p Enter your SQL root password CREATE USER 'VIEWVCRO'@'localhost' IDENTIFIED BY ‘Password456’; GRANT SELECT ON ViewVC.* TO 'VIEWVCRO'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES; quit
[/box]
Edit the ViewVC configuration so that it uses all the parameters you have setup;
[box]
nano /usr/local/viewvc-1.1.24/viewvc.conf
[/box]
Scroll down to the [csvdb] section, then uncomment and change the values shown (above,) so that look like.
enabled = 1
host = localhost
port = 3306
database_name = ViewVC
user = VIEWVC
passwd = Password123
readonly_user = VIEWVCRO
readonly_passwd = Password456
Then get ViewVC to ‘rebuild’ the database .
[box]
/usr/local/viewvc-1.1.24/bin/cvsdbadmin rebuild /usr/local/rancid/var/CVS/CVSROOT/
[/box]
Reboot the server, and if you browse to http://{ip-or-hostname}/viewvc you should see something like this;
In Part Two we will add some Cisco Devices (Switches and ASA Firewalls) and schedule the backups.
Related Articles, References, Credits, or External Links
NA