17 Aug

Network Related Juniper and Rancid

Since starting my new job back in March, i’ve had to pick up the slack and take on another role which including handling some network admin related tasks. One of the several projects included building Network system logging system along with a Network configuration backup system.  Years ago when I was working at a dedicated hosting firm, i was shown the network tool that we used to for backing up switches and routers.  This tool which I honestly think it’s the defacto standard in space ‘Rancid.’ Really Awesome New Cisco Config Differ  – it’s a tool that utilizes expect along with svn or git depending on how you set it up to log into your devices and pull a running configuration and store it in svn or git repo your changes. This will allow you to roll back any changes or to be able to bring new hardware back online should you suffer a hardware failure.  It’s a cool  tool made by these fine folks over at Shrubbery Networks.

One of the issues I was hit with getting it to work with Juniper Junos devices. While looking online, i discovered I wasn’t the only one hitting this problem. So a bit of trial and error I saw a group profile had to be enabled on Junos devices for rancid to poll for config changes what I found was the following worked in my case, and I hope it works for anyone else that get’s stumped on this.

Once you’re logged into the CLI interface in Junos add the following to create a Rancid class with the following permissions.


set system login class RANCID permissions access
set system login class RANCID permissions admin
set system login class RANCID permissions firewall
set system login class RANCID permissions flow-tap
set system login class RANCID permissions interface
set system login class RANCID permissions network
set system login class RANCID permissions routing
set system login class RANCID permissions secret
set system login class RANCID permissions security
set system login class RANCID permissions snmp
set system login class RANCID permissions storage
set system login class RANCID permissions system
set system login class RANCID permissions trace
set system login class RANCID permissions view
set system login class RANCID permissions view-configuration

Now lets create rancid user with rancid group permissions.
Now remember the password you set here as you’ll need it when you add this user into your .cloginrc

set system login user rancid class RANCID full-name RANCID authentication plain-text-password

Once you set this – you should be able to use jlogin with the information you set in .cloginrc

Hope this helps.