RANCID

From Wikitech
Jump to navigation Jump to search

RANCID is a tool that can monitor configuration changes on network devices, and mail the diffs periodically. It's installed on netmon1002 from the (rather alpha-quality) Debian/Ubuntu packages.

Rancid configuration is in /etc/rancid/ and /var/lib/rancid/.

You can clone the rancid repo with:

git clone ssh://netmon1002.wikimedia.org:/var/lib/rancid/core/ rancid-configs

Manually testing Rancid access to devices:

sudo -u rancid SSH_AUTH_SOCK=/run/keyholder/proxy.sock ssh rancid@<hostname>

Equipment notes

Juniper

The following configuration works on JUNOS:

system {
    login {
        class rancid {
            permissions [ view view-configuration ];
        }
        user rancid {
            uid 2002;
            class rancid;
            authentication {
                ssh-rsa "ssh-rsa rancid public-key"; ## SECRET-DATA
            }
        }
    }
}

OpenGear

See Platform-specific documentation/Opengear Serial Consoles#Initial Setup

And https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support