Rancid Ubuntu Install Stage 2.5 – change management

Rancid has always been one of my favourite network management tools along with Cacti, SolarWinds, Kiwi Cat tools, ManagEngine Netflow and Cisco ACS. I’ve always known that Rancid has some extra features under the hood to allow for occasional and or bulk changes. After having a spare 30 minutes whilst also attempting to keep myself occupied…

Kiwi is out of the window. !!!

After digging around the world library (Google), I came across a script a guy had compiled which in its simplest form reads a text file for a list of devices eg;

192.168.3.1
192.168.3.2
192.168.3.3

The script then reads a text file for a list of required commands eg;

configure terminal
snmp-server chassis-ID AWESOME-SWITCH
exit
wr me
exit

When the script is run you are prompted to locate the input file identified by the script from a defined directory. After keying in the file name and issuing ENTER, the script prompts again for the text file from a defined directory. Again, keying in the file name and issuing ENTER. At this point the script reads the changes and prints them to the console asking if you wish to proceed and asking you to type “yes” (no speech marks) ENTER. Anything more or less than “yes” and the script bombs out. However, “yes” being the all powerful keyword, allows the script to continue allowing the Rancid server to login to each device listed and applying the changes listed. As an additional feature it also outputs all of the session output into a log file with a date/time stamp. My next task will be looking at adding the logs to CVS to simplify the audit process.

The folder structure that I created to make this work for me as identified in the script below was:

USER@LINUX-SVR:/var/lib/rancid/network-change-scripts$

Create a file in this directory with your changes as would be inputted on a command line e.g:

conf t
hostname rancid-changed-me
exit
wr me
exit

USER@LINUX-SVR:/var/lib/rancid/network-change-devices$

Create a file in this directory with your list of hosts e.g:

1.1.1.1
2.2.2.2
3.3.3.3

USER@LINUX-SVR:/var/lib/rancid/network-change-logs$

The script will generate logs dynamically when the script is called.

The script looks something like this if the file is called push-config.sh:

USER@LINUX-SVR:/var/lib/rancid/network-change-scripts$ cat push-config.sh

!– Begin config-push.sh —
#!/usr/local/bin/bash
#
# The purpose of this script is to automate configuration changes to a
# large number of devices. The script identifies the device list, as well
# as the change script, and then pushes the changes one by one.
# When the script runs you will be prompted through through the process,

CLOGINPATH=”/usr/lib/rancid/bin/clogin”
CREDENTIALS=”/var/lib/rancid/.cloginrc”
DEVICELISTPATH=”/var/lib/rancid/network-change-devices/”
CHANGESCRIPTPATH=”/var/lib/rancid/network-change-scripts/”
CHANGELOG=”/var/lib/rancid/network-change-logs/changelog-`date +%T-%d-%m-%Y`.log”

clear
echo “=====[ Rancid Config Push Script ]=====”
echo “”
echo “Please enter the proposed device list:”
echo “`ls $DEVICELISTPATH`”
echo “————————————–”
echo -n “> ”
read DEVICELIST

if [ -f $DEVICELISTPATH$DEVICELIST ]
then
echo “”
echo “Device List = \”./device-lists/$DEVICELIST\” (confirmed)”
else
echo “”
echo “Device list = \”./device-lists/$DEVICELIST\” (does not exist!)”
echo “Aborting…”
echo “”
exit
fi

echo “”
echo “Please enter name of change script:”
echo “`ls $CHANGESCRIPTPATH | grep -v “.sh” | grep -v “device-lists”`”
echo “———————————–”
echo -n “> ”
read CHANGESCRIPT

if [ -f $CHANGESCRIPTPATH$CHANGESCRIPT ]
then
echo “”
echo “Change Script = \”./change-scripts/$CHANGESCRIPT\” (confirmed)”
echo “”
else
echo “Device list = \”./change-scripts/$CHANGESCRIPT\” (does not exist!)”
echo “Aborting…”
echo “”
exit
fi

echo “– Proposed Changes –”
echo “`cat $CHANGESCRIPTPATH$CHANGESCRIPT`”
echo “– Proposed Changes –”
echo “”
echo “Are you sure you want to proceed? If so, type \”yes\”:”
echo -n “> ”
read AREYOUSURE

if [ $AREYOUSURE != “yes” ]
then
echo “”
echo “Aborting…”
echo “”
exit
else
echo “”
echo “Implementing Changes…”
echo “”
fi

#for i in `cat $DEVICELISTPATH$DEVICELIST`
# do echo “===[ $i ]===”
# $CLOGINPATH -f $CREDENTIALS -x $CHANGESCRIPTPATH$CHANGESCRIPT $i
#done

for DEVICE in `cat $DEVICELISTPATH$DEVICELIST`
do
echo “===[ $DEVICE ]===”
echo “” >> $CHANGELOG
echo “===[ $DEVICE ]===” >> $CHANGELOG
echo “” >> $CHANGELOG
OUTPUT=`$CLOGINPATH -f $CREDENTIALS -x $CHANGESCRIPTPATH$CHANGESCRIPT $DEVICE`
echo “$OUTPUT” >> $CHANGELOG
done
# — end config-push.sh —

To run the script from a command line in the same directory use ./config-push.sh

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: