Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Really Awesome New Cisco confIg Differ with git extensions and support for colorized emails!
Shell C

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
man
util
CHANGES
COPYING
FAQ
Makefile.am
Makefile.in
README
Todo
acinclude.m4
aclocal.m4
cloginrc.sample
configure
configure.in
install-sh
missing
mkinstalldirs

README

Rancid is a "Really Awesome New Cisco confIg Differ" developed to
maintain CVS controlled copies of router configs.

The following is the packing list for Rancid.  .in is stripped from
the files below by configure with substitutions completed:

README		This file.
CHANGES		List of changes to Rancid.
Todo		partial Todo list of what needs to be done.
env.in		Environment settings needed.
do-diffs.in	Script designed to be run from cron calling control_rancid.
control_rancid.in
		Builds router list, calls rancid on each router and
		handles cvs routines.
rancid-fe.in	chooses between rancid/[efjr]rancid/cat5rancid.
rancid.in	Runs commands on cisco routers and processes the output.
erancid.in	Runs commands on ADC EZ-T3 muxes and processes the output.
francid.in	Runs commands on foundry switches and processes the output.
jrancid.in	Runs commands on juniper routers and processes the output.
rrancid.in	Runs commands on redback routers and processes the output.
xancid.in	Runs commands on extreme switches and processes the output.
cat5rancid.in	Runs commands on cisco cat5 switches and processes the output.
clogin.in	Expect script that logs into routers either interactively,
		runs a set of commands, or runs another expect script.
elogin.in	Expect script that logs into ADC EZ-T3 muxes either
		interactively, runs a set of commands, or runs another expect
		script.
flogin.in	Expect script that logs into foundry switches.  Once foundry
		cleans up their bloody UI, clogin should do the job.
jlogin.in	Expect script that logs into juniper routers similarly to
		clogin.  It is not terribly robust, but mainly used for it's
		-c and -s options.
.cloginrc	TCL commands to set passwords, usernames etc. used by clogin
		and jlogin.
par.in		Parallel processing of commands - any commands.
rename.in	Perl script to rename files.
create_cvs.in	Creates all of the CVS and config directories.
man/		man pages
util/		utilities / contribs
util/lg		looking glass

The following are included as part of the installation tools:

Makefile.in	processed by configure to produce Makefiles
configure	GNU autoconf script
install-sh	shell script to simulate BSD style install
mkinstalldirs	shell script to make installation directories

rancid will also need to have the following packages:
cvs		code revision system available from prep.ai.mit.edu:/pub/gnu
gnudiff		gnudiff provides the uni-diff (-u) option.  if you do not have
		gnudiff, configure will use 'diff -c' or 'diff -C'.
perl5		perl version 5 or greater available from www.cpan.org
expect		http://expect.nist.gov/  we highly suggest that you stick to
		expect 5.24.1 (or so).  this seems to work best.  note that
		you have to have the accompanying tcl &/ tk.
tcl		required by expect.

Bill Fenner has a cgi script for interacting with CVS repositories via
a web interface.  This provides a great way to view rancid diffs and
full configs, especially for those unfamiliar with cvs.  The package is
not included, but can be found here:

	http://www.freebsd.org/~fenner/cvsweb/cvsweb-1.0.tar.gz


Quick Installation Guide (an example):

1) ./configure [--prefix=<basedir>]
   By default, All rancid crud will be installed under /usr/local/rancid.
   This can be overridden with the --prefix option.  E.g.:

	./configure --prefix=/home/rancid

   see ./configure --help for other configure options.

   The user who will run rancid must have write permission in this
   directory.

2) make install

3) Modify <basedir>/bin/env.  The variable LIST_OF_GROUPS is a
   space delimited list of router "groups".  E.g.:
	LIST_OF_GROUPS="backbone aggregation switches"

4) Put .cloginrc in the home directory of the user who will run rancid.
   .cloginrc must be not be readable/writable/executable by "others",
   i.e.: .cloginrc must be mode 0600 or 0640.

5) Modify .cloginrc.

   Test to make sure that you can log into every router.

   Note: the juniper user you use *must* log into a cli shell (which
   is the default on a juniper).

   See the file cloginrc.sample, located in <basedir>, for examples and
   good starting point.  Also take a look at the cloginrc manual page,
   'man -M <basedir>/man cloginrc'.

6) Modify /etc/aliases
   Rancid sends the diffs and other administrative emails to rancid-<GROUP>
   and problems to rancid-admin-<GROUP>, where <GROUP> is the "GROUP" of
   routers.  This way you can separate your backbone routers from your
   access routers or separate based upon network etc...  Different router
   uses forced different people being interested in router "groups" -
   thus this setup.  Make sure email to rancid-<GROUP> works.  /etc/aliases
   can be maintainable by Majordomo stuff, but make sure the user that
   runs rancid can post to the list.

   The Precedence header set to bulk or junk *hopefully* avoids replies from
   auto-responders and vacation type mail filters.

   The --enable-mail-plus option to configure will set each of the "rancid-"
   addresses mentioned above to "rancid+".  See sendmail's operation manual
   for more information on handling of '+'.

7) Run create_cvs.
   This creates all of the necessary directories and config files for
   each of the groups in LIST_OF_GROUPS and imports them into CVS.  This
   will also be run each time a new group is added.  Also see
   'man -M <basedir>/man create_cvs'.

8) For each "group", modify the router.db file in the group directory.
   The file is of the form "router:mfg:state" where "router" is
   the name (we use FQDN) of the router, mfg is the manufacturer
   from the set of (cisco|ezt3|extreme|foundry|juniper|redback|cat5), and
   "state" is either up or down.  Each router listed as "up" will have the
   configuration grabbed.  Note: manufacturer cat5 is intended only for
   catalyst switches running catalyst (not IOS) code.

   eg <basedir>/<group>/router.db:
	cisco-router.domain.com:cisco:up
	adc-mux.domain.com:ezt3:up
	foundry-switch-router.domain.com:foundry:up
	juniper-router.domain.com:juniper:up
	redback-dsl-router.domain.com:redback:down
	extreme-switch.domain.com:extreme:down

9) For first-time users or new installations, run bin/do-diffs (with no
   arguments) and check the resulting log file(s) (in logs/*) for errors.
   Repeat until there are no errors.

10) Put do-diffs in cron to be called however often you want it to
   run for each group (do-diffs [<GROUP>]).  If you run it less
   often than once/hour, check the setting of OLDTIME in bin/env.
   E.g.:
	# run config differ hourly
	1 * * * * <BASEDIR>/bin/do-diffs
	# clean out config differ logs
	50 23 * * * /usr/bin/find <BASEDIR>/logs -mtime +2 -exec rm {} \;

11) Note: If you are using any of these programs (other than
    do-diffs) out of cron, make sure that you set your $PATH
    correctly so that they work.  E.g.: if you are using clogin,
    it can call id, telnet, ssh, and/or rsh.

    configure already makes sure that $PATH is set correctly in
    bin/env for do-diffs, so you could use the $PATH from there. eg:

	50 23 * * * . /usr/local/rancid/bin/env; clogin -c 'sh vers' router

12) Send any bugs, suggestions or updates to rancid@shrubbery.net.
    See the web page at http://www.shrubbery.net/rancid.  We have
    created the standard mailing lists for those interested;
    rancid-announce@shrubbery.net and rancid-discuss@shrubbery.net.
    Subscribe by sending an email whose body contains "subscribe
    rancid-<announce or discuss>" to majordomo@shrubbery.net.


Problem with clogin/telnet hanging within rancid or scripts?

If you have experienced rancid (or more precisely, telnet) hanging on a
solaris 2.6 box; check to be sure you have the following two patches
installed (see showrev -p).  There may be more recent versions of these
patches and they are likely included with 2.7 and 2.8: 

Patch-ID# 105529-08
Keywords: security tcp rlogin TCP ACK FIN packet listen
Synopsis: SunOS 5.6: /kernel/drv/tcp patch

Patch-ID# 105786-11
Keywords: security ip tcp_priv_stream routing ip_enable_group_ifs ndd
Synopsis: SunOS 5.6: /kernel/drv/ip patch

another possibile contributor is expect/tcl.  we've noticed that expect
5.24.1 (possibly 5.28.*) and whatever tcl happens to compile with it, 
eems to not exhibit this problem, while 5.32.* appears to on linux and
solaris but not on netbsd 1.5.

-Hank
Something went wrong with that request. Please try again.