RANCID and MultiContext Firewalls —
I have deployed RANCID, a popular open-source network device config backup utility, in our environment. It works great especially when configured to svnsync to a master repository. The recent trouble I have found is RANCID doesnt support multi-context firewalls. There is no way to configure RANCID to detect multi-context mode, go to each context and download the config. Changing the Firewall so that each context has an admin address is seriously not going to work. So my only resolution was to create a script.
The script works similar to RANCID:
- Verify device connectivity
- Check to see if device is in multimode
- Create a list of devices in the pool
- Create a list of Contexts to copy
- Gather the system configs from each server in the pool
- Gather the Context Configs that are found on the the firewalls. (These dont have to be grabbed from each device as in they should be set up in an active/active or active/standby configuration)
- Check to see if config exists in directory
- If No, copy the files to the DIR, commit to SVN
- If Yes, Diff the files, If different, copy to DIR, commit to SVN, else nothing
- Email changes if DIFF is positive and write to log
Presently this is the best way for me to do this. I am working on how to update RANCID, but for times sake I cant spend it hacking it to make it work for me right now. I will update with the actual script once I am finished.
Categorised as: Network Administration
This is something that I am going to have to figure out as well…
Let me know how it goes.
i’m very interested on the same subject, have you made any advances on this can I help with this ?
Actually there is something better out there that we use. I have to update my post but using NetworkAuthority Inventory is the rancid replacement. It used to be called ziptie. Good stuff
http://inventory.alterpoint.com