/ Tech

Backup Brocade Router config with Rancid

Rancid is a great tool to regularly save configs of network devices in SVN such as routers and switches.

There are many how-tos for installing and configuring this tool
(so I don't have to re-invent the wheel):

With this links it should be possible to get a running Rancid installation which saves the config of a normal Cisco device. Now we want it a bit fancier, so here is a How-to for installing Rancid with Puppet and save the configs of a Brocade Router with a special read-only user.

Puppet

To install and configure Rancid with Puppet, I've created a simple Puppet Module (Github). Here is an example on how it can be used:


    # install and configure rancid
    class { ::rancid:
        groups => [ 'router', 'switches' ],
    }
 
    # create needed mail aliases
    mailalias {
        [ 'rancid-router', 'rancid-switches' ]:
            ensure    => present,
            notify    => Exec['newaliases'],
            recipient => 'yourname@yourdomain.com';
 
        [ 'rancid-admin-router', 'rancid-admin-switches' ]:
            ensure    => present,
            notify    => Exec['newaliases'],
            recipient => 'yourname@yourdomain.com';
    }
 
    # create cron job
    cron {
        'Rancid run':
            command => '/usr/bin/rancid-run',
            user    => 'rancid',
            minute  => '15',
            hour    => [6, 12, 15, 18, 23],
 
        'Rancid cleanup':
            command => '/usr/bin/find /var/log/rancid -type f -mtime +2 -exec rm {} \;',
            user    => 'rancid',
            minute  => '50',
            hour    => '23';
    }

This installs Rancid, configures two Rancid groups (router and switches) and initializes the configured RCS (in this example: SVN). The Cron definition runs Rancid 5 times a day: 6:15, 12:15, 15:15, 18:15 and 23:25.

Brocade Router configuration

We want to have a special user on the Brocade devices, which has read-only rights. It's possible to have several user privilege levels:

  • 0 - Full access (super-user)
  • 4 - Port-configuration access
  • 5 - Read-only access

Here's how to create a read-only user called rancid with the password testtest:

username rancid privilege 5 password testtest
enable read-only-password testtest
privilege exec level 5 skip-page-display

Rancid configuration

Add the following lines to .cloginrc, this is needed to login to the Brocade Router:

add password    router*     {testtest}        {testtest}
add user        router*     rancid
add method      router*     ssh
add cyphertype  router*     aes128-cbc</pre>

To test if it works, you can use bin/flogin router1 as user rancid (su - rancid). This should end up in the enable mode of router1.

The last thing which needs to be done is to add the router to the router.db:

router1:foundry:up

Now you can run Rancid: su - rancid rancid-run router

Rancid tweaks

The Brocade MLXe router always reports it's uptime in the output of show version (Switch Fabric Module 1 Up Time is …).
To remove that line from the diff, Rancid needs a small patch (Credits: heasly from Shrubbery Networks):

Index: bin/francid.in
===================================================================
--- bin/francid.in	(revision 2658)
+++ bin/francid.in	(working copy)
@@ -179,7 +179,7 @@

 	next if (/^(The system |Crash time)/);
 	next if (/^(System|(Active|Standby) Management|LP Slot \d+|Switch Fabric
- Module \d+) uptime is/);
+ Module \d+) (uptime|Up Time) is/);
 	# remove uptime on newer switches
 	s/(STACKID \d+)\s+system uptime is.*$/$1/;</pre>

Conclusion

It's very easy to install and configure Rancid and brings a great view on what's going on in larger networks. If you have any problems, the mailing list of Rancid is just great!