Steps for deploying Rancid:-
I assume you have installed and configured TACACS+ on the server where you are planning to setup rancid.My intention is to have rancid integrated with Tac-Plus but if you want them to use separately its your choice
Here are the list of vendors RANCID supports
add user * rancid
add password *
--------------------------------------------------------------------
1.1.1.1:cisco:up
——————————————————————————————-
c)/etc/cvsweb/cvsweb.conf
@CVSrepositories = (
# ‘local’ => [‘Local Repository’, ‘/var/lib/cvs’],
‘INDIA’ => [‘INDIA’, ‘/var/lib/rancid/CVS’],
# ‘freebsd’ => [‘FreeBSD’, ‘/var/ncvs’],
# ‘openbsd’ => [‘OpenBSD’, ‘/var/ncvs’],
# ‘netbsd’ => [‘NetBSD’, ‘/var/ncvs’],
# ‘ruby’ => [‘Ruby’, ‘/var/anoncvs/ruby’],
);
—————————————————————————————
d) /etc/tacacs/tac_plus.conf which includes rancid user and a group for rancid group
# Rancid – account used for rancid process
user = rancid {
member = rancid
login = des xxxxxxxxxxxx
enable = des xxxxxxxxxxxx
}
group = rancid {
default service = deny
service = exec {
priv-lvl = 6
}
cmd = write {
permit .*
}
cmd = dir {
permit .*
}
cmd = copy {
permit running-config
}
cmd = show {
permit .*
}
cmd = terminal {
permit length
}
cmd=enable {
permit .*
}
cmd=exit {
permit .*
}
cmd = admin {
permit .*
}
cmd = more {
permit .*
}
That’s it.You will check the rancid authentication logs from /var/log/tac-plus/tacacs.log and for rancid system logs /var/lib/rancid/logs
Rancid Fix for Netscaler 9.x version:-
If you are using rancid to backup netscaler devices with 9.x firmware in your network you may see that Rancid is failing and will get timed out.You may see in the logs that show ns ns.conf is not able to run.The reason being rancid is not able to identify netscalers > prompt.
Here is an easy way to fix it.Rancid uses nslogin and nsrancid script to take netscaler backup.Make the following modifications to these 2 files and rancid will work easily.These files are present under /var/lib/rancid/bin
router.db format for netscaler devices is (ip address:netscaler:up)
Here are the differences in nslogin and nsrancid scripts which i took from my rancid server
===================================================================
bejoy@netmon1000:/var/lib/rancid/bin$ diff nslogin.orig nslogin
520c520
< set prompt "#"
—
> set prompt “>”
621,622c621,624
< -re “^.+$prompt” { set junk $expect_out(0,string);
< regsub -all “\[\]\[]” $junk {\\&} prompt; }
—
> #-re “^.+$prompt” { set junk $expect_out(0,string);
> # regsub -all “\[\]\[]” $junk {\\&} prompt; }
> -re “^$prompt” { set junk $expect_out(0,string);
> regsub -all “\[\]\[]” $junk {\\&} prompt; }
bejoy@netmon1000:/var/lib/rancid/bin$ diff nsrancid.orig nsrancid
69c69,70
< $prompt = "netscaler#";
—
> #$prompt = “netscaler#”;
> $prompt = “>”;
177c178
< last if (/^$prompt/);
—
> last if (/^ Done/);
192c193
< if (/exit$/) {
—
> if (/ Done$/) {
bejoy@netmon1000:/var/lib/rancid/bin$
Share me your experience and let me know is there any way i can help you.Enjoy 🙂
Please reach me out @ bejoybkn@yahoo.com/bejoy.bnair@gmail.com
I can help you out with your doubts or questions
hi,
thx for your howto but I changed nslogin and nsrancid like you and I have “Error: TIMEOUT reached” yet
LikeLike
solved
LikeLike
Hi,
I've made the changes, but I still get:
missed cmd(s): show ns ns.conf
End of run not found
…in the rancid log.
I can verify that the rancid user is successfully executing the command on the NetScaler.
LikeLike
having major problems getting my rancid install to issue the correct commands to the netscaler. It appears to be trying to run an enable command, as if it were connecting to a CISCO device.
No matter what I try to do it persists in doing this. once the enable command tries to run and fails it leaves the session locked up.
LikeLike
Thank you so much for posting the script modifications for Netscaler 9.x!!
LikeLike
It worked great. But I have found one extra change in nsrancid but it worked.
Thank you so much.
Here is the diff of my nsrancid
69c69
< $prompt = ">“;
—
> $prompt = “netscaler#”;
177c177
< last if (/^ Done/);
—
> last if (/^$prompt/);
192c192
< if (/ Done$/) {
—
> if (/exit$/) {
206c206
< last if (/^ Done/);
—
> last if (/^$prompt/);
LikeLike