,----------------------------------------------.
| AfNOG 2009 - Cairo SI-E - RANCID Exercise |
`----------------------------------------------'


My cisco router's address is: ... 196.200.220.    ............ (R.R.R.R)

The username to log into the router is: ...................... (USERNAME)

The password to log into the router is: ...................... (PASSWORD)

The enable password for the router is: ....................... (ENABLE)


1. CHECK RANCID IS INSTALLED

  pkg_info | grep rancid

If you don't see something like the following:

  rancid-2.3.1_3      Really Awesome New Cisco confIg Differ

then you need to install rancid. On FreeBSD the easiest way is to
install from ports. As root:

  # cd /usr/ports/net-mgmt/rancid
  # make install clean


2. DO SOME POST-INSTALL WORK

We are going to run rancid as a separate FreeBSD user. Create a new user,
as root, like this:

  # pw groupadd rancid
  # pw useradd rancid -d /usr/local/var/rancid -g rancid

Now make rancid's home directory owned by rancid (the port will have
left it owned by root) and make it readable by everybody:

  # chown -R rancid:rancid /usr/local/var/rancid
  # chmod -R ugo+rX /usr/local/var/rancid

                   *** NOTICE THE CAPITAL X IN THE LAST LINE! ***
                   *** A small x will have side-effects. You  ***
                   *** want a CAPITAL X!                      ***


3. EDIT RANCID'S CONFIGURATION FILE

Copy the example configuration file so that you can edit it. As root:

  # cd /usr/local/etc/rancid
  # cp rancid.conf.sample rancid.conf

Edit the file /usr/local/etc/rancid/rancid.conf as root. Find the line
which starts with "umask 027", and change it to read

  umask 022

Find the line that starts with "#LIST_OF_GROUPS=" and insert a new line
at around the same part of the file which reads

  LIST_OF_GROUPS="afnog2009"

Leave the rest of the file alone. Save the file.


4. ADD MAIL ALIASES

Rancid likes to send mail to people. To make sure it sends mail to
the right place, we need to edit the aliases file. As root, edit the
file /etc/mail/aliases and add the following lines at the bottom:

  rancid-afnog2009: <e-mail address>
  rancid-admin-afnog2009: <e-mail address>

Put a real e-mail address instead of "<e-mail address>". If you don't
have an e-mail address, or don't have a way of reading mail whilst in
the class, you can just use "root".

Once you have finished editing the aliases file, run the following
command as root:

  # newaliases


5. CREATE RANCID'S CVS REPOSITORY

As root, become the rancid user, using su:

  # su - rancid

Now that you are the rancid user, create the CVS repository by
running the following command:

  $ rancid-cvs


6. GIVE RANCID LOGIN INFORMATION FOR YOUR ROUTER

Still as the rancid user, create a file called ".cloginrc" in
rancid's home directory (/usr/local/var/rancid). Add the following
lines:

  add user R.R.R.R USERNAME
  add password R.R.R.R PASWORD ENABLE
  add method R.R.R.R {ssh} {telnet}

Use the addresses, usernames and passwords you wrote at the top of
this exercise sheet to replace R.R.R.R, USERNAME, PASSWORD and
ENABLE.

Since the .clogin file contains passwords, we don't want everybody
to see it. Type the following:

  $ chmod 400 .cloginrc

You can test whether your .cloginrc is correct by using the clogin
command to log into your router:

  $ /usr/local/libexec/rancid/clogin R.R.R.R

This should log into your router and leave you with enable. If it
doesn't, something is wrong. Find out what the problem is, and fix
it!


7. ADD YOUR ROUTER TO THE "afnog2009" GROUP

Still as the rancid user, edit the file "afnog2009/router.db" and
add the following line:

  R.R.R.R:cisco:up:         <------ replace R.R.R.R with the address


8. TEST RANCID

Still as the rancid user, run the following command:

  $ rancid-run

This may take a minute to finish. You will find logs describing what
happened in the "logs" directory. Make sure everything in there looks
good.

Once rancid-run has finished, you should find a configuration file in
afnog2009/configs/ -- look for it, and see what it is in the file. If
the file is empty, there is a problem.


9. TELL RANCID TO COLLECT INFORMATION EVERY HOUR

Still as the rancid user, add two crontab entries, as recommended in
the rancid documentation. Type the following command:

  $ crontab -e

Enter the following lines in the editor, then exit with save:

  # run config differ hourly
  1 * * * * /usr/local/bin/rancid-run
  # clean out config differ logs
  50 23 * * * /usr/bin/find /usr/local/var/rancid/logs -type f -mtime +2 -exec rm {} \;

RANCID should now try to contact your router every hour.