the quiet geek

Rancid with WebSVN on Ubuntu 12.04.4 LTS

I’ve run across a lot of guides out there to setting up Rancid with WebSVN, but none of them quite worked for me just going step-by-step. ┬áThis will be my effort to document the process that I am using to get this going. In this guide, I’m assuming that you already have a functioning apache2 installation. My box was already hosting an Observium instance. The scope of this post will be rancid and WebSVN – I’ll leave it to the reader to configure the email feature.

As recommended on the official Ubuntu board (link #1 in references) I’m starting with:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get upgrade-dist
sudo apt-get autoremove

Next step is to install Rancid and WebSVN

sudo apt-get install rancid websvn

I just said OK and yes through the ‘This is an alpha release’ and ‘make sure that you backup your data’ because I don’t have any Rancid configs on this box that I care about. I said ‘no’ when prompted to configure WebSVN, and will use dpkg-reconfigure websvn after rancid is setup.

Once that completes, it’s time to start configuring Rancid. Because we want to use WebSVN to access our configs, we’ll need to make sure that we tell rancid to use subversion for its revision control system. We also need to create at least 1 group of devices. This can be geographical, vendor, whatever you like. Also, since we switched the RCS to SVN, let’s change the name of the directory to be used for that so it’s a little clearer than the default ‘CVS.’ These are specified in /etc/rancid/rancid.conf:

RCSSYS=svn; export RCSSYS
LIST_OF_GROUPS="test"
# Location of the CVS/SVN repository. Be careful changing this.
CVSROOT=$BASEDIR/SVN; export CVSROOT

With that done, it’s time to create the repo!

su - rancid
~/bin/rancid-cvs

You should see something like:

Committed revision 1.
Checked out revision 1.
At revision 1.
A configs
Adding configs

Committed revision 2.
A router.db
Adding router.db
Transmitting file data .
Committed revision 3.

This will create a directory under /var/lib/rancid for each group that we specified in LIST_OF_GROUPS in /etc/rancid/rancid.conf. Now, we can use the router.db file in /var/lib/rancid/test to tell rancid which routers we want to look at. The format is ::, so you might have something like:

192.168.1.1:cisco:up

The last field simply tells rancid whether it should pull the configs from that device.

Before rancid can actually pull any configs, we still need to specify usernames/passwords. There’s a lot of good info if you hit $man cloginrc, so I won’t go through it all, but to get a basic one going:

#su - rancid

Then open ~/.cloginrc in your favorite text editor. In .cloginrc, we’ll specify a username, password, and connection method for each host. Each value goes on its own line, and each value should be surrounded by curly braces to escape it from parsing.


add user 192.168.1.1 {admin}
add password 192.168.1.1 {password}
add method 192.168.1.1 {ssh}

Since this file contains enable passwords for our devices, clogin won’t let us use it if it’s world writable, so after you create the file, you’ll need to run:

$ chmod 600 ~/.cloginrc

With that done, we can test that rancid can actually log in to our device and pull a config. Still has the rancid user:

~./bin/rancid-run

I’ll repeat the statements that I’ve read in other statements, this could take a while, particularly if you have several devices in your router.db. Now if you look in /var/lib/rancid/test/configs, you should see a text file named for each device in your router.db. Check the contents to make sure that it actually pulled the config. If you run into problems at this point, look in /var/lib/rancid/log to see what went wrong.

Ok, so now we have rancid pulling our configs, it’s time get WebSVN going.

# dpkg-reconfigure websvn

If you do something wrong here, you can always re-run the above command, or you can edit /etc/websvn/svn_deb_conf.inc and reload apache2.

Hit yes through the first box to configure now, then in the next screen, I’m going to only select apache2 because that’s the web server that I’m using. The next screen prompts for the SVN parent directory. We’ll use /var/lib/rancid/SVN here. Next we’ll be asked for the path to our repository. This will be /var/lib/rancid/SVN/. The next screen is a warning that we need to allow our web server user read/write permissions in order to create locks, unless our repo is using the fsfs option, which it will be doing by default. We do, however need to provide the user under which the webserver is running with read permissions, in my case, it’s www-data, so I’ll add that user to the rancid group:

# usermod www-data -G rancid
# /etc/init.d/apache2 reload

And you should now be able to browse to http://yourwebservername/websvn to see your configs.

Obviously, in a production network you’ll want to restrict access to this resource, but I’ll leave that to you/Google.

Email with Rancid: You’ll want to receive mail alerts, so be sure to edit

One of the last things that you’ll want to do, once everything is working the way that you like is to schedule a cron job to scan your network devices periodically and check in any changes to your SVN repository.


crontab -e -u rancid

# run ranid-run script every day at 00:30
30 00 * * * /var/lib/rancid/bin/rancid-run

I’ve completely copy-pasted that command from the last reference below. I’m not proud of doing that, but I want to give credit where it’s due.

Hope this was helpful, thanks for reading!

References:

https://help.ubuntu.com/community/RANCID

http://blog.skufel.net/2011/11/how-to-rancid-installation-on-opensuse-11-4-celadon/

http://www.shrubbery.net/rancid/man/cloginrc.5.html

http://openmaniak.com/rancid_tutorial.php

, ,

Leave a Reply

Your email address will not be published. Required fields are marked *