Rancid server setup

All over the web as I’ve studied my CCNP certifications I would hear about a router/switch configuration backup server called RANCID, and so last week I decided to install and test it for myself and see if it lived up to the hype from the web.

I decided to use CentOS 6.2 for the new server and began following the amazing guide by Steve Smith located http://www.shrubbery.net/rancid/SteveSmithFedora15.pdf 

While the guide was made for Fedora, the differences between that and CentOS were negligible and after an hour or two of configuring and small tweaks(group apache instead of www etc.) I had a running RANCID server!

But wait, this couldn’t be the famous RANCID server I heard so much about… it looked straight out of the 90s and had no http security to speak of. Anyone with the url could just get right into the server and start pulling router configs! Not good.

That’s when I found Rob Maaseu’s blog post about beautifying RANCID with websvn: http://www.progob.nl/robmaaseu/?p=179

I followed his short guide and  tweaked it for CentOS and in under 30 minutes had a much more beautiful RANCID webpage greeting me:

now this is the RANCID I thought people were talking about for their config version control! But I still had one issue left… anyone could still just point to the URL and access my router and switch configurations!

Time to implement basic authentication through Apache, I followed the quick guide http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/

And created a user/password for all webpages on my RANCID server, so that only those authorized could access the config files.

Wonderful! A login prompt to be proud of.

Why websvn and basic authentication configuration guides are not displayed on RANCID’s site, and why they are not considered essential to getting a RANCID server up I don’t know… but the combination of the three guides above got me an amazing new server that keeps track of all of my router configs automatically and it was well worth the investment in the initial setup.


Posted

in

by

Tags:

Comments

5 responses to “Rancid server setup”

  1. Eric Sproles Avatar
    Eric Sproles

    Hey Michael, I was reading your article on changing Rancid to WebSVN, I am doing the same in CentOS. Could you explain the differences between his tutorial and in CentOS? I am having issue displaying WebSVN in Centos/Apache2. I either get forbidden error 403 or just the text of the index.php, depending which script I use in websvn.conf.

    Thank you!

    1. Michael Rickert Avatar
      Michael Rickert

      It looks like the original link about moving rancid to svn that I had referenced moved, the new one is here: http://www.breekeenbeen.nl/2010/09/03/switch-rancid-to-svn-and-view-your-svn-db-with-websvn/

      If I remember correctly the difference is you want to give user/group apache:apache rights to the folder instead of the default.

      Also its worth mentioning since originally setting this up rancid has officially been integrated into the Debian/Ubuntu repository, and is much easier to get set up by simply running apt-get install rancid if you’re willing to switch to that distro.

      1. Eric Sproles Avatar
        Eric Sproles

        Great, I was able to figure it out by giving apache:apache ownership and adding the script to httpd/conf.d/websvn.conf

        Awesome that rancid is integrated to Deb/Ubuntu!

  2. Tonmoy Talukder Avatar
    Tonmoy Talukder

    Hi Michael,

    Thanks for the awesome post. I was having problems setting up the RANCID with websvn. Is it possible for you to post a video tutorial on how to set up RANCID with webSVN in Youtube and post the link here?

    Appreciate your feedback in advance.

    Thanks,
    Tonmoy

  3. Tonmoy Talukder Avatar
    Tonmoy Talukder

    Hi Michael,

    Thanks for the awesome post. I was having problems setting up the RANCID with websvn (In CentOS7). Is it possible for you to post a video tutorial on how to set up RANCID with webSVN in Youtube and post the link here?

    Appreciate your feedback in advance.

    Thanks,
    Tonmoy

Leave a Reply

Your email address will not be published. Required fields are marked *