Tuesday, July 9, 2013

rancid and relays using usercmd patch

As I've blogged before, rancid is a really awesome new cisco config differ.
I monitor about 100 devices, and all was well so far.
Now I've come across a device that I can't reach directly from my rancid host. It's not possible to create a direct network connection, or to use ssh tunnels or netcat to forward those ports using a relay host.
Instead I found a much simpler and more elegant solution. Albeit this involves patching rancid.

After playing with ProxyCommands and netcat I came across this patch on the rancid-discuss list from 2006.
The principle seems simple, elegant but still straight forward. Extending the clogin script to define a new method that can use custom commands to establish the connection.
This is accomplished by adding two new commands.
add method testrouter {usercmd}
add usercmd testrouter {ssh} {-t} {termserver01} {cu -l /dev/tty01 -s 9600}
add usercmd_chat testrouter {Connected.} {\r}
In my case I wanted to ssh to the relay host, and then telnet to my device from there. This is how I set that up:
add method my-alias usercmd
add usercmd my-alias {ssh} {-t} {rancid@my-relay-host} {telnet my-device}
add user my-alias rancid

add password my-alias rancid
Two caveats to this situation:
  • The username on my-relay-host must match the username used on the device my-alias.
  • This requires password less authentication to my-relay-host. I've used ssh standard key exchange.


Florian said...

any chance you can deocument how you patch rancid ?
I get the following error message :

"Error: unknown connection method: usercmd"

at the line :

add method fwsm001-ctxpublic.corp.local {usercmd}

Thanks for your help !

fizze said...

I've linked to the patch. If you are not familiar with patching, it's probably easier to modify the file manually in this case.
Remember to take a backup first!

The changes are at the bottom of this post, the first number after the "@@" signs is the line.