Rancid - eekbot/public GitHub Wiki
Update yum database
sudo yum makecache ## Install RANCID sudo yum -y install rancid Ran into this error: Downloading packages: warning: /var/cache/yum/x86_64/7/epel/packages/perl-LockFile-Simple-0.208-1.el7.noarch.rpm: Header V3 RSA/SHA256 Signatur e, key ID 352c64e5: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [root@phpipam ~]# sudo yum -y --nogpgcheck install rancid [root@phpipam ~]# groupadd backup You have mail in /var/spool/mail/root [root@phpipam ~]# useradd -g backup -c "Device Backups" -d /home/rancid rancid useradd: user 'rancid' already exists [root@phpipam ~]# usermod -g backup -c "Device Backups" -d /home/rancid rancid useradd: user 'rancid' already exists [root@phpipam rancid]# cp /usr/share/rancid/cloginrc.sample /home/rancid/.cloginrc [root@phpipam rancid]# ls -al total 16 drwx------ 2 rancid backup 79 Apr 4 08:56 . drwxr-xr-x. 4 root root 37 Apr 3 22:01 .. -rw------- 1 rancid backup 18 Apr 3 22:01 .bash_logout -rw------- 1 rancid backup 193 Apr 3 22:01 .bash_profile -rw------- 1 rancid backup 231 Apr 3 22:01 .bashrc -rw-r--r-- 1 root root 3948 Apr 4 08:56 .cloginrc [root@phpipam rancid]# chmod 0640 /home/rancid/.cloginrc You have mail in /var/spool/mail/root [root@phpipam rancid]# chown -R rancid:backup /home/rancid/.cloginrc [root@phpipam rancid]# chown -R rancid:backup /usr/share/rancid/ [root@phpipam rancid]# chmod 775 /usr/share/rancid/ [root@phpipam rancid]# su - rancid [root@phpipam rancid]# yum install --nogpgcheck cvs Loaded plugins: fastestmirror, langpacks [rancid@phpipam ~]$ /bin/rancid-cvs [rancid@phpipam ~]$ ls -al /var/rancid total 16 drwxr-x--- 6 rancid rancid 121 Apr 4 10:24 . drwxr-xr-x. 23 root root 4096 Apr 4 10:24 .. -rw-r--r-- 1 rancid rancid 18 Mar 31 2020 .bash_logout -rw-r--r-- 1 rancid rancid 193 Mar 31 2020 .bash_profile -rw-r--r-- 1 rancid rancid 231 Mar 31 2020 .bashrc drwxrwxr-x 3 rancid backup 21 Apr 4 10:24 CVS drwxr-x--- 3 rancid backup 95 Apr 4 10:13 Firewalls drwxr-x--- 3 rancid backup 95 Apr 4 10:13 Routers drwxr-x--- 3 rancid backup 95 Apr 4 10:13 Switches # APPARENTLY THERE WAS ALREADY AN HOURLY CRON RUNNING FOR RANCID, SO I MODIFIED THAT TO MAKE IT DAILY INSTEAD phxmitpipam02 /etc/cron.d # vi rancid SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/var/rancid # Run config differ hourly 2 4 * * * rancid /usr/libexec/rancid/rancid-run 3 3 * * * rancid /usr/bin/find /var/log/rancid -type f -mtime +30 -exec /usr/bin/rm {} \;
By default, whenever rancid has a failed backup, it's supposed to send an email. So we need need to configure the email address it sends to, which sounds easy, but then there were a bunch of roadblocks along the way.
Before we get started, make sure any firewalls in the path are allowing SMTP (usually tcp-25) and if you're using an SMTP relay, make sure your server is whitelisted. Speaking of smtp relays, you want to make sure your server is pointing to that in the /etc/postfix/main.cf file. There should be a line like this: relayhost = mailRelay.contoso.com If this mail relay has a different domain than the rancid server, then it becomes more involved. More on that later. Next, make sure you're pointing the /etc/rancid/rancid.conf file to the right path for sendmail: SENDMAIL="/usr/sbin/sendmail" Then you want to set up aliases for each group in the /etc/aliases file. Your entries should look like this per group: rancid-group1: [email protected] rancid-admin-group1: [email protected] I believe that should be enough if your rancid server is on the same contoso.com domain. Then you would just restart postfix with "systemctl restart postfix" and you should be good.... I think? Unfortunately for me, my server and relay were on different domains so I had to keep troubleshooting. Chances are, the smtp relay server only accepts mail requests from its own domain. If your server is on domain1.com, but the relay is on domain2.com, then rancid will send the email with a source of [email protected], and the smtp relay won't like that domain and drop it. So the next problem to solve was getting rancid to send with a domain of domain2.com instead of its own domain. For that, I added a line in the /etc/postfix/main.cf file that looked like this: myorigin = domain2.com Once that's there, then rancid sends the email with a source of [email protected], but the aliases are broken because the /etc/aliases file only works for local domains. # You want to add to /etc/postfix/virtual the line (notice, no colon): rancid-mygroup [email protected] [email protected] [email protected] Then create the hash: postmap hash:/etc/postfix/virtual Then add line to /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual # Restart Postfix and test. Emails sent to rancip-mygroup should get sent to [email protected]. SERVERBLAH /root # systemctl restart postfix # TEST AGAINST A DEVICE THAT DOESN'T WORK SERVERBLAH /root # sudo su - rancid Last login: Tue Jul 9 14:36:22 MST 2024 on pts/0 [rancid@SERVERBLAH ~]$ rancid-run -r deviceblah01 [rancid@SERVERBLAH ~]$ exit
Official link for reference: https://opengear.zendesk.com/hc/en-us/articles/216369543-RANCID-Support
Summary of steps in the link:
- Download the zip file in the link, and move the contents of the zip file (oglogin, ograncid, and ssh-serial-console-wrapper) into the same directory as clogin. In my case, it was /usr/libexec/rancid
- Edit the rancid.types.conf file with these two lines: opengear;script;ograncid opengear;login;oglogin
- Add devices with the device type "opengear"