[rancid] archive cisco command and rancid

Alligator alligator94 at laposte.net
Mon Mar 23 19:16:23 UTC 2015 

Thanks a lot. 

As you say, it will need to heavily modify the rancid script.

 

Thanks for the useful tips.

 

Regards,

Gilles.

 

From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
Of rdrake
Sent: lundi 23 mars 2015 19:30
To: rancid-discuss at shrubbery.net
Subject: Re: [rancid] archive cisco command and rancid

 

On 03/23/2015 01:35 PM, alligator94 wrote:

We use rancid to backup daily around 3700 cisco devices (routers and
switches + some WAP and FW) all around the world and let's say that 10
percent randomly may not be reachable because they are switched off at night
or due to any other connectivity issue. As we have the standard rancid
configuration, I think that there are 3 retries, so it may take time.

I have no access right now to the rancid config, but several clogin run in
//.

 

We have a lot of different models of cisco devices, connected through a
stable and not overloaded mpls network or using ipsec tunnels. Some use
satellite connectivity in the far east countries.

 

Rancid runs on a separate linux system, so it is not disturbing while rancid
run is  below 24hours . But I was wondering if, as we don't change the
devices configuration very often, once a week would be enough if we use the
"archive " cisco command to store the updated config. Today we run rancid on
a daily basis not to miss any change in the devices configurations.

 

Regards

Gilles

 

 

 

You could do a few things.   If you're running tacacs you could kickoff an
individual rancid-run on a single node after a login to that node.  Or if
you're using a syslog server you can watch for "Configured from " in the
logs and kick it off from that.

If you were to use the ftp config you would need to heavily modify the
rancid script.  It would need to detect that the file was newer than what
was saved in CVS, then grab the comments out of the existing CVS file,
combine that with the "sh run" from the ftp.   This would fake things out
and the comments would be wrong on some devices and that would be .. not
ideal.

Either that, or you could strip all the comments from both files and diff
them then only run rancid on files that are different.  That lets you save
lots of runtime and gives you the correct answers, so it would be much
better than the above, at the cost of a little more network traffic.

If you did these I would still advise you to do a full run once a week.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150323/41bcfae8/attachment.html>

More information about the Rancid-discuss mailing list