RANCID using SVN and ViewVC

Introduction
RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes.

RANCID does this by the very simple process summarized here:
 * login to each device in the router table (router.db),
 * run various commands to get the information that will be saved,
 * cook the output; re-format, remove oscillating or incrementing data,
 * email any differences (sample) from the previous collection to a mail list,
 * and finally commit those changes to the revision control system

Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others.

Gentoo does not have a package maintainer for rancid there is no official rancid ebuild.

Installation
This installation HOWTO uses following software versions:
 * rancid 2.3.6
 * version 1.6.17-r7
 * version 1.1.11

Installing dependencies
Before the main installation process required dependencies should be installed:

Creating a rancid ebuild
Create a local overlay

Name the local overlay

Edit so your package manager knows where to search for ebuilds in your local workstation

Add rancid ebuild to your local overlay

Create the local ebuild for rancid

do a ebuild digest on above created file

change ownership of to portage:portage

Run eix-update

Emerge rancid with use flag enabled.

Initial rancid configuration
Rancid will use the path as its home BASEDIR with ebuild above. The svn tree will lie within this path too. To configure rancid edit the file. In this file RANCID initial variables and paths are set.

The configuration below is the default rancid configuration.

Except 2 important variables which have to be set: To get rancid working with subversion, set the RCSSYS variable to svn, define also LIST_OF_GROUPS which is name for your repository
 * RCSSYS
 * LIST_OF_GROUPS

Mail configuration
Mail configuration is optional and not necessarily needed for Rancid to work.

Rancid will send status emails to mailing lists defined in the file after each run.
 * The "network" Rancid group will need to have groups named "rancid-network" "rancid-admin-network"
 * A Rancid group named "lan" would have groups named "rancid-lan" "rancid-admin-lan"

Edit the file and add following line:

inform MTA there are new aliases

Creating SVN repository
Next steps have to be executed as rancid user which has been created by the ebuild

Create the .cloginrc file for RANCID to log into devices and fetch config

add password                *            RancidUserPassword    EnablePassword add method                  *            telnet ssh
 * 1) syntax: add password       {device}     {telnet-password}     {enable-password}
 * 1) syntax: add method         {device}     {method}

Check the file permissions to so only user:group rancid:rancid have access to it.

Create a svn repository, although the script is named rancid-cvs the created repository will be a svn repository. Don't get confused by this script naming convention.

After successful run the output should like below:

rancid@localhost ~$ rancid-cvs

Committed revision 1. Checked out revision 1. A        configs Adding        configs

Committed revision 2. A        router.db Adding         router.db Transmitting file data. Committed revision 3.

3 directories should have been created, where one should be the previously defined LIST_OF_GROUP, in this case network


 * CVS
 * logs
 * network

Editing router.db
Put devices to the file

cat3550:cisco:up netscreen:netscreen:up

Testing rancid
To test if your edited data put in the file works then try the running the clogin script with an ip address or a hostname

Below a successful login to a cisco device:

rancid@localhost ~ $ clogin 192.168.1.250 192.168.1.250 spawn telnet 192.168.1.250 Trying 192.168.1.250... Connected to 192.168.1.250. Escape character is '^]'.

Unauthorized Access Prohibited.

User Access Verification

Username: rancid Password:

Cat3550>enable Password: Cat3550# Cat3550# ex Connection closed by foreign host. rancid@localhost ~ $

Testing rancid with devices
After a successful test it is time to fetch the configurations from devices configured in file

Execution of rancid-run can take some time until it has finished, while testing it be patient. After a successful run, new log files should have appeared in the logs directory. Execute following command:

Here an sample output how the directory could look like: -rw-r- 1 rancid rancid 114 Sep 23 00:50 network.20100923.005001 -rw-r- 1 rancid rancid 81 Sep 23 11:50 network.20100923.115001 -rw-r- 1 rancid rancid 81 Sep 23 17:35 network.20100923.173504 -rw-r- 1 rancid rancid 560 Sep 23 17:36 network.20100923.173558

Read the output of the logfiles

Here a sample output of a rancid log file, please pay attention to the particular error message at the end of the file:

starting: Thu Sep 23 17:35:58 CEST 2010

A        cat3550 Adding        cat3550 Transmitting file data. Committed revision 4. Added cat3550 A        netscreen Adding        netscreen Transmitting file data. Committed revision 5. Added netscreen

Trying to get all of the configs. All routers sucessfully completed.

Sending. svn: Commit failed (details follow): svn: Directory '/network' is out of date

ending: Thu Sep 23 17:36:24 CEST 2010

It says in the logs directory '/network' is out of date. This bug is found in the rancid-2.3.4 to latest rancid-2.3.6 version. Rancid fails to commit files to the svn tree.
 * Bug is found in the mailing list http://article.gmane.org/gmane.network.rancid/4997
 * Patch for this issue proposed http://article.gmane.org/gmane.network.rancid/4998

Get the patch from rancid mailing list.

Patching rancid 2.3.6
The script control_rancid needs to be patched Change to directory where the control_rancid script is in

Copy the before downloaded patch to

Patch control_rancid file, below the output of successful file patching:

Finally remove the patch from

Login as rancid user

Run rancid

Check rancid logfiles A successful rancid-run could look like below

Creating rancid crontab
Create a crontab for user rancid

50 0,11 * * * /usr/bin/rancid-run 50 23 * * * /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \;

ViewVC installation
Emerge using following USE flags The reason for enabling USE flag is to prevent webapp from installing ViewVC automatically to webserver root directory. ViewVC does not need to be installed in the webserver root to be working properly.

The default configuration is located at. Edit this file to look like below:

Create a new module file for viewvc and add it to the folder Put following content to a file

Edit file and add "-D PYTHON -D VIEWVC" to APACHE2_OPTS"

Change file permissions to and

Change file permissions and change ownership to

Restart apache

Finally viewvc, svn and rancid are working together Test it http://hostname/viewvc