Certified Linux Administrator Backups


One of the most commonly overlooked aspects of network management is the failure to backup network device configurations. Sadly it is only viewed as being a priority after disaster strikes. Fortunately there is a Linux / Unix open source package called Rancid that can get the job done automatically for most devices that have command prompt method for configuration.

The product can be downloaded from the rancid website and has the added advantage of automatically archiving the older configuration versions in a Concurrent Versions System (CVS). This tutorial will show you how to quickly install and configure it for your network backup needs.

Rancid Installation

Under Fedora Linux, installation is relatively easy, but there are a large number of simple steps to follow. Let's begin:

1. Rancid uses the expect programming language to operate which you will have to install in advance. Use the rpm command with the -q qualifier to determine whether you have expect installed. In this case, it isn't so the yum command is used to do so.

[root@bigboy tmp]# rpm -q expect
package expect is not installed
[root@bigboy rancid-2.3.2a2]# yum -y install expect
Repository updates-released already added, not adding again
Repository base already added, not adding again
Setting up Install Process
[root@bigboy rancid-2.3.2a2]#

2) Create a Linux group named netadm which will eventually have access to the Rancid directory.

[root@bigboy tmp]# groupadd netadm

3) Create a user named rancid that will be used to run the network device backups every night. Here we make rancid a member of the netadm group and make /usr/local/rancid its home directory.

[root@bigboy tmp]# useradd -g netadm -c "Networking Backups" -d /usr/local/rancid rancid

4) Create a directory called /usr/local/rancid/tar and use the wget command to get the latest version of the Rancid tar file from its web site.

[root@bigboy tmp]# mkdir /usr/local/rancid/tar
[root@bigboy tmp]# cd /usr/local/rancid/tar
[root@bigboy tar]# wget ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a2.tar.gz
--01:14:26--   ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a2.tar.gz
                     => `rancid-2.3.2a2.tar.gz'
100%[==============================>] 280,435           153.28K/s
01:14:58 (152.78 KB/s) - `rancid-2.3.2a2.tar.gz' saved [280,435]
[root@bigboy tar

5) Rancid needs to be compiled. Next, you will need to extract the files from the Rancid tar file as a pre-compilation step. In this case the file is named rancid-2.3.2a2.tar.gz so the extraction process will place all the preliminary files in a directory named rancid-2.3.2a2.

[root@bigboy tar]# tar -xvzf rancid-2.3.2a2.tar.gz
[root@bigboy tar]#

6) Enter the directory.

[root@bigboy tar]# cd rancid-2.3.2a2
[root@bigboy rancid-2.3.2a2]#

7) In this directory there is a README file with instructions on what to do next. You can view it using the less command to see the various configuration options offered. We will proceed in this example by using a very simple scenario.

[root@bigboy rancid-2.3.2a2]# less README

8) Prepare the Rancid package for compiling with the configure command. Here, the --prefix switch is used to set the default directory to match the /usr/local/rancid/ home directory of our rancid user.


[root@bigboy rancid-2.3.2a2]# ./configure --prefix=/usr/local/rancid/
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
config.status: creating include/config.h
config.status: include/config.h is unchanged
config.status: executing depfiles commands
[root@bigboy rancid-2.3.2a2]#

9) Install the package with the make command.

[root@bigboy rancid-2.3.2a2]# make install
Making install in .
gmake[1]: Entering directory `/usr/local/rancid/tar/rancid-2.3.2a2'
gmake[2]: Entering directory `/usr/local/rancid/tar/rancid-2.3.2a2'
gmake[2]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/rancid//share/rancid" || mkdir -p -- "/usr/local/rancid//share/rancid"
/usr/bin/install -c 'downreport' '/usr/local/rancid//share/rancid/downreport'
gmake[2]: Leaving directory `/usr/local/rancid/tar/rancid-2.3.2a2/share'
gmake[1]: Leaving directory `/usr/local/rancid/tar/rancid-2.3.2a2/share'
[root@bigboy rancid-2.3.2a2]#

10) There is a sample password file named cloginrc.sample. You'll need to copy it to the /usr/local/rancid/ home directory as the hidden file /usr/local/rancid/.cloginrc.

[root@bigboy rancid-2.3.2a2]# cp cloginrc.sample /usr/local/rancid/.cloginrc
[root@bigboy rancid-2.3.2a2]#

11) Finally you will need to set the .cloginrc file permissions to be readable by the rancid user and the new netadm Linux group. You will also have to change the ownership and permissions of the home directory in a similar fashion.

[root@bigboy rancid-2.3.2a2]# chmod 0640 /usr/local/rancid/.cloginrc
[root@bigboy rancid-2.3.2a2]# chown -R rancid:netadm /usr/local/rancid/
[root@bigboy rancid-2.3.2a2]# chmod 770 /usr/local/rancid/

Now that the installation is complete, you'll need to do some initial configuration to get Rancid to work. Don't worry, it is fairly straight forward.


Initial Rancid Configuration

Initial configuration involves setting up Rancid to periodically backup your configurations and email status reports to the necessary users.

1) The rancid.conf file is used to determine where rancid stores its configurations and other general parameters. We'll need to edit it.

[root@bigboy rancid-2.3.2a2]# vi /usr/local/rancid/etc/rancid.conf

In this example, we'll create a Rancid device group called "networking". All files related to this group will be stored in a sub-directory of the same name under the var sub-directory of the Rancid home directory. In other words /usr/local/var/networking.

By default Rancid filters out passwords and SNMP community strings. You may want to set the FILTER_PWDS and NOCOMMSTR variables to "NO" to prevent this.

# Sample rancid.conf

2) Rancid will send status emails to mailing lists defined in the /etc/aliases file. The "networking" Rancid group will need to have groups named rancid-admin-networking and rancid-networking. A Rancid group named "alldevices" would have groups named rancid-admin-alldevices and rancid-alldevices.

In this example, the emails go to the noc mailing list made up of the addresses [email protected] and [email protected].

# Sample /etc/aliases

# Rancid email addresses
rancid-admin-networking:                 rancid-networking
rancid-networking:                       noc
noc:                                     [email protected]

3) The email aliases then need to be added sendmail alias database with the newaliases command.

[root@bigboy rancid-2.3.2a2]# newaliases
/etc/aliases: 82 aliases, longest 80 bytes, 983 bytes total
[root@bigboy rancid-2.3.2a2]#

4) The next couple steps need to be done as the rancid user. Use the su command to become the rancid user.

[root@bigboy rancid-2.3.2a2]# su - rancid

5) The rancid-cvs command needs to be used to create the /usr/local/var/networking directory and its associated database and network device list files.

[rancid@bigboy ~]$ /usr/local/rancid/bin/rancid-cvs
No conflicts created by this import
cvs checkout: Updating networking
cvs checkout: Updating networking/configs
cvs add: scheduling file `router.db' for addition
cvs add: use 'cvs commit' to add this file permanently
RCS file: /usr/local/rancid//var/CVS/networking/router.db,v
Checking in router.db;
/usr/local/rancid//var/CVS/networking/router.db,v   <--   router.db
initial revision: 1.1
[rancid@bigboy ~]$

6) The README file will be useful, so copy it to the home directory before deleting the rancid sub-directory under the tar sub-directory.

[rancid@bigboy ~]$ cp tar/rancid-2.3.2a2/README .
[rancid@bigboy ~]$ rm -rf tar/rancid-2.3.2a2
[rancid@bigboy ~]$

7) Now edit the rancid user's crontab table file to schedule regular backups using the /usr/local/rancid/bin/rancid-run file.

[rancid@bigboy ~]$ crontab -e

# Rancid user's crontab file

# Run config differ hourly
1 * * * * /usr/local/rancid/bin/rancid-run

# Clean out config differ logs
50 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime +2 -exec rm {} \;

The Rancid network device list and password files will now have to be edited before your configurations can be backed up, but first, let's review the most important file locations.

 For Support