Update yum database

sudo yum makecache

## Install RANCID

sudo yum -y install rancid

Ran into this error:
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/perl-LockFile-Simple-0.208-1.el7.noarch.rpm: Header V3 RSA/SHA256 Signatur            e, key ID 352c64e5: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[root@phpipam ~]# sudo yum -y --nogpgcheck install rancid

[root@phpipam ~]# groupadd backup
You have mail in /var/spool/mail/root
[root@phpipam ~]# useradd -g backup -c "Device Backups" -d /home/rancid rancid
useradd: user 'rancid' already exists

[root@phpipam ~]# usermod -g backup -c "Device Backups" -d /home/rancid rancid
useradd: user 'rancid' already exists

[root@phpipam rancid]# cp /usr/share/rancid/cloginrc.sample /home/rancid/.cloginrc
[root@phpipam rancid]# ls -al
total 16
drwx------  2 rancid backup   79 Apr  4 08:56 .
drwxr-xr-x. 4 root   root     37 Apr  3 22:01 ..
-rw-------  1 rancid backup   18 Apr  3 22:01 .bash_logout
-rw-------  1 rancid backup  193 Apr  3 22:01 .bash_profile
-rw-------  1 rancid backup  231 Apr  3 22:01 .bashrc
-rw-r--r--  1 root   root   3948 Apr  4 08:56 .cloginrc
[root@phpipam rancid]# chmod 0640 /home/rancid/.cloginrc
You have mail in /var/spool/mail/root
[root@phpipam rancid]# chown -R rancid:backup /home/rancid/.cloginrc
[root@phpipam rancid]# chown -R rancid:backup /usr/share/rancid/
[root@phpipam rancid]# chmod 775 /usr/share/rancid/
[root@phpipam rancid]# su - rancid

[root@phpipam rancid]# yum install --nogpgcheck cvs
Loaded plugins: fastestmirror, langpacks

[rancid@phpipam ~]$ /bin/rancid-cvs
[rancid@phpipam ~]$ ls -al /var/rancid
total 16
drwxr-x---   6 rancid rancid  121 Apr  4 10:24 .
drwxr-xr-x. 23 root   root   4096 Apr  4 10:24 ..
-rw-r--r--   1 rancid rancid   18 Mar 31  2020 .bash_logout
-rw-r--r--   1 rancid rancid  193 Mar 31  2020 .bash_profile
-rw-r--r--   1 rancid rancid  231 Mar 31  2020 .bashrc
drwxrwxr-x   3 rancid backup   21 Apr  4 10:24 CVS
drwxr-x---   3 rancid backup   95 Apr  4 10:13 Firewalls
drwxr-x---   3 rancid backup   95 Apr  4 10:13 Routers
drwxr-x---   3 rancid backup   95 Apr  4 10:13 Switches


# APPARENTLY THERE WAS ALREADY AN HOURLY CRON RUNNING FOR RANCID, SO I MODIFIED THAT TO MAKE IT DAILY INSTEAD
phxmitpipam02 /etc/cron.d # vi rancid
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/var/rancid
# Run config differ hourly
2 4 * * * rancid /usr/libexec/rancid/rancid-run
3 3 * * * rancid /usr/bin/find /var/log/rancid -type f -mtime +30 -exec /usr/bin/rm {} \;

By default, whenever rancid has a failed backup, it's supposed to send an email. So we need need to configure the email address it sends to, which sounds easy, but then there were a bunch of roadblocks along the way.

Before we get started, make sure any firewalls in the path are allowing SMTP (usually tcp-25) and if you're using an SMTP relay, make sure your server is whitelisted.

Speaking of smtp relays, you want to make sure your server is pointing to that in the /etc/postfix/main.cf file.  There should be a line like this:

relayhost = mailRelay.contoso.com

If this mail relay has a different domain than the rancid server, then it becomes more involved.  More on that later.

Next, make sure you're pointing the /etc/rancid/rancid.conf file to the right path for sendmail:
SENDMAIL="/usr/sbin/sendmail"

Then you want to set up aliases for each group in the /etc/aliases file.  Your entries should look like this per group:

rancid-group1:       [email protected]
rancid-admin-group1: [email protected]

I believe that should be enough if your rancid server is on the same contoso.com domain.  Then you would just restart postfix with "systemctl restart postfix" and you should be good.... I think?  Unfortunately for me, my server and relay were on different domains so I had to keep troubleshooting.

Chances are, the smtp relay server only accepts mail requests from its own domain.  If your server is on domain1.com, but the relay is on domain2.com, then rancid will send the email with a source of [email protected], and the smtp relay won't like that domain and drop it.  So the next problem to solve was getting rancid to send with a domain of domain2.com instead of its own domain.

For that, I added a line in the /etc/postfix/main.cf file that looked like this:

myorigin = domain2.com

Once that's there, then rancid sends the email with a source of [email protected], but the aliases are broken because the /etc/aliases file only works for local domains.

# You want to add to /etc/postfix/virtual the line (notice, no colon):

rancid-mygroup              [email protected]
[email protected]  [email protected]  

Then create the hash:

postmap hash:/etc/postfix/virtual

Then add line to /etc/postfix/main.cf:

virtual_alias_maps = hash:/etc/postfix/virtual

# Restart Postfix and test. Emails sent to rancip-mygroup should get sent to [email protected].

SERVERBLAH /root # systemctl restart postfix


# TEST AGAINST A DEVICE THAT DOESN'T WORK
SERVERBLAH /root # sudo su - rancid
Last login: Tue Jul  9 14:36:22 MST 2024 on pts/0

[rancid@SERVERBLAH ~]$ rancid-run -r deviceblah01
[rancid@SERVERBLAH ~]$ exit

Official link for reference: https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support

Summary of steps in the link:

1. Download the zip file in the link, and move the contents of the zip file (oglogin, ograncid, and ssh-serial-console-wrapper) into the same directory as clogin. In my case, it was /usr/libexec/rancid
2. Edit the rancid.types.conf file with these two lines: opengear;script;ograncid opengear;login;oglogin
3. Add devices with the device type "opengear"