Wednesday, January 2, 2013

Using Rancid to backup your configs (Part 3)

If you've followed parts 1 and 2 of this guide, you should have a working Rancid installation with a web interface for CVS.  Now we'll configure email notifications and device polling based on configuration changes made those devices.  I use postfix to send mail notifications, and Simple Event Correlator to trigger Rancid when config changes are made. 
Let’s configure postfix first.  In my environment, this was pretty simple.  We are using Cisco IronPort appliances as mail gateways.  I configured my Rancid box as host allowed to send through the IronPort.  Once that was done, I just needed to configure postfix to use the IronPort as a relay.  You should be able to use other mail systems (e.g. Exchange)  in the same way.
To do that, edit the file /etc/postfix/main.cf.
  • nano /etc/postfix/main.cf
Change the lines that start with relayhost.
  • relayhost = mydomain.oom
  • relayhost = FQDN or ip address of your gateway
Start postfix and test your config.
  • service postfix start
  • telnet localhost 25
  • ehlo mail
  • mail from: rancid@mydomain.com
  • rcpt to: brian.gill@mydomain.com
  • data
  • Subject: Testing postfix
  • Just testing postfix.
  • .
  • quit
There will be feedback to each of those commands, it should look something like this:
[root@rancid]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 rancid.mydomain.com ESMTP Postfix
ehlo mail
250-rancid.mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: rancid@mydomain.com
250 2.1.0 Ok
rcpt to: brian.gill@mydomain.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: Testing postfix
Just testing postfix.
.
250 2.0.0 Ok: queued as 8EF87C0F28
quit221 2.0.0 Bye
Connection closed by foreign host.

If your gateway is configured correctly, you should get a message in your inbox.  If not, the postfix logs at /var/log/ may provide clues to the problem, as well as the logs on your mail system.
Now we can configure triggers based on configuration changes on your devices.  I am monitoring our Cisco routers, so I’ll walkthrough configuring the routers and SEC for Cisco.
We need to install Simple Event Correlator. 
  • yum install sec
We need to configure SEC to look for the configuration change syslog messages.
  • nano /etc/sec/cisco_config_change.sec
We need to define the message to look for as well as the action to take when a syslog comes in showing a configuration change was made.  The following looks for Cisco syslogs indicating a configuration change was made.  Once the change is detected, the action is triggered.  In this case, Rancid is run to check the configs.
type=Single
ptype=substr
pattern=%SYS-5-CONFIG_I:
desc=device configuration
action=shellcmd /bin/su - rancid -c /usr/local/rancid/bin/rancid-run

With the action above, Rancid will run every time a config change is made.  Alternately, SEC can be configured to only trigger the event every x seconds.  Simply change type=SingleWithSuppress and add the line window=x where x is the number of seconds between triggers.  For example, if you used 360, the action would only be fired if 360 seconds (5 minutes) had passed since the last trigger.
The firewall has to be modified to allow the syslog daemon to listen for the messages.

  • nano /etc/sysconfig/iptables
  • -A INPUT  -m state --state NEW –m udp –p udp –-dport 514 –j ACCEPT
  • service iptables restart
Lastly, we need to configure the device to send syslog messages to Rancid.
  • Router(config)# logging on
  • Router(config)# logging ip-address-of-rancid
That’s all there is to it.  You should now have a working Rancid installation with a SSL web interface that polls your devices on a regular basis as well as when changes are made.  Next on my list is configuring the server to require a log in on the web interface based on our Active Directory.  I’ve been able to get Apache to require the log in and successfully authenticate against AD, but ViewVC doesn’t like the authenticated sessions.  Once I have time to figure it out, I’ll post about it.

6 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Have you tried to rework this to use subversion instead of CVS? just wondering

    ReplyDelete
  3. Hi, I was looking for information for configuration of sending one email a day, I read your configuration file but do not understand how effected this configuration ?, is you say you create the file but as you instruct to Rancid to run this file and not the one predefined for sending email.
    Greetings and thank you

    ReplyDelete
  4. mention the model number of your computer so that the expert can suggest you suitable steps for troubleshooting the existing issue.Techwitty

    ReplyDelete
  5. Technology management professionals must develop a variety of skills. In addition to understanding information technology. http://www.docshifter.com

    ReplyDelete
  6. While searching for informative weblogs or websites, whether they offer tech news or gaming news, it is important to search for ones that have specific characteristics. Alphabay

    ReplyDelete

Tell me what you think!