For those of you who don't know
Rancid:
RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes.
Essentially, this allows to have full coverage over routers, firewalls, network devices configuration and changes. Every network administrator's dream, right? Well, it certainly seems too good to be true..! Let's find out.
I've set it up on a CentOS 5.4 box to tinker with it. Installation is pretty straightforward. Configuration is a bit tricky, but the sample files are well documented. There are a few pitfallse, however.
- "Show VLAN" output has different line-wrapping behaviour on different IOS versions; as diff is line oriented, this leads to unneccesary changes and notifications
- "call-forward all" directives are shown for cisco callmanagers or unified communication managers; if a user forwards his phone, this causes the configuration to change, and notifications to be sent out.
- The notification emails show diff output in plaintext; no colors, no highlighting
- Notificaions are only sent to a single email address; no distribution lists are possible
As rancid is comprised of a set of perl and bash scripts, the above issues shouldn't be too difficult to address, right? Well, there is fork called
rancid-git that provides support for
git as well as various other improvements. Most notably is perhaps support for html-mail. So after tinkering a bit with vanilla rancid, I decided to give rancid-git a go. After all it can be used as a drop-in replacement.
Unfortunately it turned out that most of the advertised patches/enhancments are more trouble than they are worth. First of all rancid-git is based on an outdated version of rancid, which means that certain bugfixes and fixes are missing. I didn't see any ill effects with the devices that I monitored (mostly Cisco and proCurve) but ymmv.
So I fired up rancid-git and immedately got a notification with some profound config changes. It was an HTML mail, but there weren't any colors to be seen. I use
subversion as repository, so the diff command doesn't show colors. Lucliky there is an
easy workaround.
The problem now is, that rancid always sends out notifications, even when there are no changes. So this patch isn't ready for prime-time just yet.
I did like the detailed commit messages of rancid-git, however. So I decided to blend together my own patchset, based on vanilla rancid. Here's what I did:
- Comment out "show vlan", "show vlan-switch" in bin/rancid to get rid of the ever-changing vlan port memberships
- Added "/^ *(call-forward all)/ && next;" to the dog gone cool matches in bin/rancid to filter out unwanted phone forwardings in the notification mails
- Added "/.*coredumpinfo.*/ && next;" to ShowFlash in bin/rancid to get rid of the coredump bug on Cisco ASAs
- Added "svn propset "svn:mime-type" text/x-ios $router" to bin/control_rancid so cisco config files can be properly syntax highlighted in trac
- Added proper commit messages, blatantly copied from rancid-git
- To get syntax highlighting working in trac, install Pygments and this ios lexer; simply put it in the lexers subdirectory and run _mapping.py. If you get an error for a missing attribute, add a line like this "__all__ = ['IOSLexer']" between the imports and the class.
- For trac to recognize the mime-type and the IOS lexer, simply add "text/x-ios:ios" to the mime_map in trac.ini. I've tried to add the mime-type to the IOS lexer itself, but this didn't work.
This way, you can use the trac interface to view diffs and the configs. Instead of notification emails, simply rely on the RSS-feed of trac. Profit!
