[rancid] archive cisco command and rancid

rdrake rdrake at direcpath.com
Mon Mar 23 18:29:52 UTC 2015


On 03/23/2015 01:35 PM, alligator94 wrote:
>
> We use rancid to backup daily around 3700 cisco devices (routers and
> switches + some WAP and FW) all around the world and let’s say that 10
> percent randomly may not be reachable because they are switched off at
> night or due to any other connectivity issue. As we have the standard
> rancid configuration, I think that there are 3 retries, so it may take
> time.
>
> I have no access right now to the rancid config, but several clogin
> run in //.
>
>  
>
> We have a lot of different models of cisco devices, connected through
> a stable and not overloaded mpls network or using ipsec tunnels. Some
> use satellite connectivity in the far east countries.
>
>  
>
> Rancid runs on a separate linux system, so it is not disturbing while
> rancid run is  below 24hours . But I was wondering if, as we don’t
> change the devices configuration very often, once a week would be
> enough if we use the “archive “ cisco command to store the updated
> config. Today we run rancid on a daily basis not to miss any change in
> the devices configurations.
>
>  
>
> Regards
>
> Gilles
>
>  
>
>  
>
>  
>
You could do a few things.   If you're running tacacs you could kickoff
an individual rancid-run on a single node after a login to that node. 
Or if you're using a syslog server you can watch for "Configured from "
in the logs and kick it off from that.

If you were to use the ftp config you would need to heavily modify the
rancid script.  It would need to detect that the file was newer than
what was saved in CVS, then grab the comments out of the existing CVS
file, combine that with the "sh run" from the ftp.   This would fake
things out and the comments would be wrong on some devices and that
would be .. not ideal.

Either that, or you could strip all the comments from both files and
diff them then only run rancid on files that are different.  That lets
you save lots of runtime and gives you the correct answers, so it would
be much better than the above, at the cost of a little more network traffic.

If you did these I would still advise you to do a full run once a week.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150323/8b87a187/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150323/8b87a187/attachment.sig>


More information about the Rancid-discuss mailing list