Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RANCID>
  3. Users
Using RANCID for *NIX
jlewis at packetnexus
Oct 9, 2001, 1:57 AM
Post #1 of 7 (2899 views)
Permalink
This has come up before and I wanted to check again to see if anyone was
using RANCID with *NIX. I am interested in putting files like /etc/hosts,
/etc/fstab, etc into CVS with RANCID. It already has a nice format and
seems like it would be easy to hack the current scripts to do what I need.

Is anyone else already doing this? I haven't found any other tools that
would do what I want. I am not looking for a backup as much as I am looking
for the diffs and an email with the changes.

On a side note, I have noticed a behaviour change since implementing RANCID.
The entire NOC team gets an email when a config change is made. The result
is everyone is cautious about making changes on the fly, and any changes
that are made are quickly explained by the changer. Before, changes would
be made and if it broke something.....silence. So, at the very least we
have fewer **problems** that magically appear.

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.
Using RANCID for *NIX [ In reply to ]
heas at shrubbery
Oct 9, 2001, 8:31 AM
Post #2 of 7 (2874 views)
Permalink
Tue, Oct 09, 2001 at 05:57:27AM -0400, Jason Lewis:
> This has come up before and I wanted to check again to see if anyone was
> using RANCID with *NIX. I am interested in putting files like /etc/hosts,
> /etc/fstab, etc into CVS with RANCID. It already has a nice format and
> seems like it would be easy to hack the current scripts to do what I need.
>
> Is anyone else already doing this? I haven't found any other tools that
> would do what I want. I am not looking for a backup as much as I am looking
> for the diffs and an email with the changes.

i have started, but have some other pressing issues that should pass soon.
welcome any comments on what folks would like to see in such an addition.

> On a side note, I have noticed a behaviour change since implementing RANCID.
> The entire NOC team gets an email when a config change is made. The result
> is everyone is cautious about making changes on the fly, and any changes
> that are made are quickly explained by the changer. Before, changes would
> be made and if it broke something.....silence. So, at the very least we
> have fewer **problems** that magically appear.
>
> Jason Lewis
> http://www.packetnexus.com
> It's not secure "Because they told me it was secure".
> The people at the other end of the link know less
> about security than you do. And that's scary.
>
>
>
>
Using RANCID for *NIX [ In reply to ]
afort at staff
Oct 9, 2001, 12:03 PM
Post #3 of 7 (2870 views)
Permalink
Jason lewis wrote,

>On a side note, I have noticed a behaviour change since
>implementing RANCID.
>The entire NOC team gets an email when a config change is
>made. The result
>is everyone is cautious about making changes on the fly, and
>any changes
>that are made are quickly explained by the changer. Before,
>changes would
>be made and if it broke something.....silence. So, at the
>very least we
>have fewer **problems** that magically appear.

heh. no more magical configuration "cleanups" :)
Using RANCID for *NIX [ In reply to ]
jlewis at packetnexus
Oct 10, 2001, 3:53 AM
Post #4 of 7 (2853 views)
Permalink
Anything scripted you want to share?

I was also thinking it would be easy to have a text file that contained all
the files that the user wanted to diff. Then I could modify the base list
to add scripts etc that I have written. Some issues that might come up.
Root can only connect from the console on my servers, maybe an account on
each box for RANCID?

A few of the files I am looking to monitor
crontabs

/etc/hosts
/etc/passwd
/etc/resolv.conf
/etc/mnttab
/etc/aliases
/etc/group
/etc/ftpusers
/etc/default/*



<snip>
i have started, but have some other pressing issues that should pass soon.
welcome any comments on what folks would like to see in such an addition.
Using RANCID for *NIX [ In reply to ]
davidw at certaintysolutions
Oct 10, 2001, 6:53 AM
Post #5 of 7 (2866 views)
Permalink
On Wed, Oct 10, 2001 at 07:53:01AM -0400, Jason Lewis wrote:
> I was also thinking it would be easy to have a text file that contained all
> the files that the user wanted to diff. Then I could modify the base list
> to add scripts etc that I have written. Some issues that might come up.
> Root can only connect from the console on my servers, maybe an account on
> each box for RANCID?

That would fit the current model. I don't think I'd use it if it required
root access. A special user is just fine, but otherwise..forget it!

I'll add that a file containing a list of files would be helpful.
Otherwise, rancid will have to know an awful lot about all the various
unixes. I do a lot of solaris, so things like /etc/vfstab would be
nice to keep an eye on, although other systems call it something else.
Some folks use sudo, others don't. Should /etc/sudoers be included?
Maybe. The list goes on and on ad naseum.

With a unix version of rancid, you'd almost need a directory per host,
rather than a single config file per host. It's just so much more
complicated.

I'm looking forward to it, but it's a hell of a challenge. Good luck
to everyone who's coding on this project!

-David
Using RANCID for *NIX [ In reply to ]
heas at shrubbery
Oct 10, 2001, 10:23 AM
Post #6 of 7 (2867 views)
Permalink
Wed, Oct 10, 2001 at 07:53:01AM -0400, Jason Lewis:
> Anything scripted you want to share?
>
> I was also thinking it would be easy to have a text file that contained all
> the files that the user wanted to diff. Then I could modify the base list
> to add scripts etc that I have written. Some issues that might come up.
> Root can only connect from the console on my servers, maybe an account on
> each box for RANCID?
>
> A few of the files I am looking to monitor
> crontabs
>
> /etc/hosts
> /etc/passwd
> /etc/resolv.conf
> /etc/mnttab
> /etc/aliases
> /etc/group
> /etc/ftpusers
> /etc/default/*

what i had in mind was a device type "unix" and an additional field

file foo/router.db:
foo.unix.net:unix:up:netbsd

specifying the type (or uname -s, but the former seem more flexible)
referring to a per-type configuration file within which file pathnames
and/or commands could be listed along with filtering functions

file netbsd:
file::/etc/hosts
cmd:FilterIfconfig:/sbin/ifconfig -a

to keep the file heirarchy and ordering of diff entries sane, unix hosts
could be represented as directories

foo/configs/somerouter.unix.net
foo/configs/foo.unix.net/etc.hosts
foo/configs/foo.unix.net/sbin.ifconfig

as for the user, it doesnt (shouldnt) matter to rancid what user you use,
as long as it can read/run the file/command. its just a .cloginrc entry.

> <snip>
> i have started, but have some other pressing issues that should pass soon.
> welcome any comments on what folks would like to see in such an addition.
>
Using RANCID for *NIX [ In reply to ]
asp at partan
Oct 10, 2001, 3:50 PM
Post #7 of 7 (2876 views)
Permalink
On Tue, Oct 09, 2001 at 05:57:27AM -0400, Jason Lewis wrote:
> Is anyone else already doing this? I haven't found any other tools that
> would do what I want. I am not looking for a backup as much as I am looking
> for the diffs and an email with the changes.

I have some not-very-bullet-proof scripts that I used to monitor
approx 70 files on junipers (which are sorta unix boxes). I started
with an earlier copy of rancid & did a pile of quick hacking to
get them into the state they are in today.

Most of the work that needs doing is the part that detects host
down vs file not found & does the appropriate thing.

There is also work needed in doing the cvs stuff better & deaing
with changes to the router.db file (delete/add hosts & the like).
[.Most of this is probably easily adaptible from the current rancid
scripts.]

I did find that I needed to split the files to be monitored into
files that only root can read vs everything else. I did use the
trick of a subdir per host.

[.I also have another set of rancid-like scripts that monitor whois
info for domains. Again there is work needed to better bullet-proof
them.]


I'd gladly offer either set of scripts as a starting point to what
is really needed.
--asp

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal