Rancid

Voraussetzungen

• login mit ssh und key auf den switch
• braucht ein “enable” command ohne passwort, um in den enable mode zu gelangen

install Rancid

pkg_add rancid

Update Config

vim /etc/rancid/rancid.conf

RCSSYS=git; export RCSSYS
LIST_OF_GROUPS="switches"; export LIST_OF_GROUPS

Switch User

su - _rancid 

.cloginrc

cat << 'EOF' >> .cloginrc
add user        * backupuser
add password    * passwort enablepasswort
add method      * ssh
EOF
chmod 600 .cloginrc

Build Env & Directories

rancid-cvs

Router.db

switch1;cisco;up
switch2;cisco;up
switch3;cisco;up
switch4;cisco;up
switch5;cisco;up

Update clogin File

needed ???

/usr/local/bin/clogin

    # Figure out passwords
    if { $do_passwd || $do_enapasswd } {
      set pswd [find password $router]
      if { [llength $pswd] == 0 } {
  send_user -- "\nError: no password for $router in $password_file.\n"
  continue
      }
      if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {  -> switch 2 to 1 und gut ist :)
  send_user -- "\nError: no enable password for $router in $password_file.\n"
  continue
      }
      set passwd [join [lindex $pswd 0] ""]
      set enapasswd [join [lindex $pswd 1] ""]
    } else {
  set passwd $userpasswd
  set enapasswd $enapasswd
    }

Add Crontab

# Backup Twice a Day
~ 6,18 * * * /usr/local/bin/rancid-run

# clean out config differ logs
50 23 * * * /usr/bin/find /var/rancid/logs -type f -mtime +2 -exec rm {} \;

sha256: 622eb96a6f276b179c3681169fddd094a57ff0c74380c49476cac382a98418cc