Over the past few years I’ve spent a considerable amount of time trying to find an cheap or free solution for backing up network devices at my workplace. As we were completely a Cisco house this lead be to installing RANCID on Ubuntu. This was a brilliant solution only taking a couple of hours to implement and backup the entire network.
Fast forward 8 years and things have changed dramatically, my workplace is no longer a Cisco only house, implementing Dell, Juniper, Fortinet and Cisco device into the network. This in turn has caused quite a bit of pain in getting our backups to work effectively. Our most recent requisition was some Juniper EX series switches. Investigation suggested that RANCID is capable of backing up Juniper equipment but it took some messing about to make it work. Here are the steps I have implemented to be able to get a backup of the switches:
- Software used:
Ubuntu Linux
RANCID 3.7 - Juniper Config
Install a class specifically for the backup user:
set system login class backup permissions access set system login class backup permissions admin set system login class backup permissions firewall set system login class backup permissions flow-tap set system login class backup permissions interface set system login class backup permissions network set system login class backup permissions routing set system login class backup permissions secret set system login class backup permissions security set system login class backup permissions snmp set system login class backup permissions storage set system login class backup permissions system set system login class backup permissions trace set system login class backup permissions view set system login class backup permissions view-configuration
Install a new user and tie to the newly created class:
set system login user backup class backup set system login user backup authentication plain-text-password
This isn’t ideal and the best way would be to implement the user with an SSH key-pair rather than passwords that way the RANCID server doesn’t have your network passwords in a plain text file.
3. RANCID Config
Here I have needed to make some modifications. First of all if you already have backups and are re-using the management addresses when migrating delete the files from the config folder and also the Entries file in the CVS folder of each individual site.
Modify your router.db file in your site folders to be the following for each of your juniper switches:
<deviceIP/name:deviceType:status> router.name:juniper:up
Next you will need to modify the base file for types within RANCID, for me this was in /etc/rancid. In this file fine the following line:
juniper;command;junos::ShowConfiguration;show configuration
and change it to this:
juniper;command;junos::ShowConfiguration;show configuration | display set
If required, modify your .cloingrc file to include your newly created user and password here is what I did as a test:
add method 192.168.1.1 ssh add user 192.168.1.1 backup add password 192.168.1.1 passwordsetinjuniper
Then I needed to modify the junos perl script, for Ubuntu and the default install location this is in /usr/share/perl5/rancid/junos.pm. The following line needs to be commented:
next if (/^## last commit: /i);
Finally if you’re running this in Ubuntu run the login for Juniper to ensure that the server can login to switch successfully:
/usr/lib/rancid/bin/jlogin -f /var/lib/rancid/.cloginrc junipermgmtIP
If all is well and you can successfully login proceed to running the rancid-run file and monitor the logs to confirm the configuration have backed up:
sudo su -c /var/lib/rancid/bin/rancid-run -s /bin/bash -l rancid
Random IT Stuff 