Go rewrite of RANCID (Really Awesome New Cisco confIg Differ) — a drop-in replacement that collects network device configurations, stores diffs in git, and emails changes.
RANCID is written in Perl, Tcl/Expect, and C. It works, but the stack is brittle and hard to extend. Gorancid replaces the orchestration layer in Go while keeping full compatibility with existing configs, credentials, and device type definitions.
Gorancid reads the same configuration files as upstream RANCID:
| File | Purpose |
|---|---|
rancid.conf |
Base directory, groups, mail settings, filter options |
router.db |
Device inventory (hostname:type:status) |
.cloginrc |
Login credentials (user, password, enable, method — see below) |
rancid.types.base / rancid.types.conf |
Device type registry (scripts, modules, commands) |
CLI binaries match the original flag interface and exit codes, so existing cron jobs and wrapper scripts work without changes.
For collection (rancid, control-rancid) and native clogin, gorancid opens the first supported entry in declaration order:
sshorssh:PORT— Go SSH client (default whenmethodis omitted).telnetortelnet:PORT— Go Telnet client with username/password prompt handling (best-effort; not all vendor banners are covered).
If neither appears (for example only rsh), collection fails with a clear error. Interactive clogin can still fall back to legacy Perl/Tcl login scripts when the device type has no native DeviceOpts profile or negotiation fails.
| Binary | Replaces | Purpose |
|---|---|---|
clogin |
clogin / plogin |
Interactive device login using .cloginrc, with device-type lookup from router.db |
rancid |
rancid |
Per-device collector using Go parsers for all known device types |
rancid-cvs |
rancid-cvs |
Initialize git repos and group directory structure |
control-rancid |
control_rancid |
Per-group collection orchestrator |
rancid-run |
rancid-run |
Cron entry point — iterates groups, calls control-rancid |
rancid-ui |
(new) | Read-only local web UI — fleet table, config browser, last per-device git diff |
v0.4.4 — Phase 4 complete. All collection runs entirely in-process over SSH or Telnet with no Expect or Tcl/Perl dependency remaining. Devices without a native transport method fail with a clear error. rancid-ui provides a local fleet/config/diff browser.
go build ./...Individual binaries:
go build -o rancid-cvs ./cmd/rancid-cvs/
go build -o control-rancid ./cmd/control-rancid/
go build -o rancid-run ./cmd/rancid-run/
go build -o clogin ./cmd/clogin/
go build -o rancid ./cmd/rancid/
go build -o rancid-ui ./cmd/rancid-ui/Run the UI (defaults to loopback 127.0.0.1:8080):
./rancid-ui -C /path/to/rancid.confCross-compile for Linux:
GOOS=linux GOARCH=amd64 go build -o rancid-cvs ./cmd/rancid-cvs/go test ./...- Build the binaries (or download from CI artifacts)
- Copy to
/usr/local/rancid/bin/alongside the existing Perl scripts - Point cron at the Go
rancid-runbinary instead of the original - Existing
rancid.conf,router.db,.cloginrc, andrancid.types.*files are read as-is
pkg/
├── config/ # rancid.conf, router.db, .cloginrc parsers
├── devicetype/ # rancid.types.{base,conf} registry with alias resolution
├── git/ # Git subprocess wrapper (Init, Add, Commit, Diff)
├── par/ # Parallel worker pool bounded by PAR_COUNT
├── collect/ # GoCollector / CollectDevice (SSH or Telnet + Go parsers)
└── notify/ # Email diff notifications via sendmail
All logic lives in pkg/. CLI binaries in cmd/ are thin wrappers that call library functions.
- SSH host keys are not verified. Gorancid uses
InsecureIgnoreHostKey()to match upstream RANCID behavior, which does not check host keys. If you require host-key verification, run gorancid from a host that already has the device keys in~/.ssh/known_hostsand use a wrapper that enforcesStrictHostKeyChecking. - Telnet is cleartext. Credentials and configuration data travel unencrypted over the wire when using the
telnetmethod. Usesshwherever possible. rancid-uihas no authentication. The read-only web UI binds to loopback (127.0.0.1:8080) by default. Do not expose it to untrusted networks without a reverse proxy that adds authentication.
Contributions are welcome — see CONTRIBUTING.md.
MIT — see LICENSE.