[rancid] Dedicated nixrancid using clogin...anyone interested

Discussion:

Lance Vermilion

2010-02-26 19:32:58 UTC

All,

I have been thinking. I don't want to go and add something like
cfengine or anything else to my existing set of tools. I do want to
collect some information and save it, namely files that wouldn't be
changing frequently and since I use OpenNMS which has RANCID tied to
it already this is a valuable add for me. All I need to do is add a
new platform nix that points to nixrancid that uses a slightly
modified clogin (to skip sending "term length 0") and then I can
capture all sorts of important bits of info on *nix machines. Right
now I have played with Linux and I am having quite the success.

I want to write a small addition to nixrancid that would then look at
an additional file called nixcollect.db. This would allow someone to
enable collection based on possible collection bits. So if the
platform type of nix was in router.db then nixrancid would look in
nixcollect.db to figure out what files to screen scrape.

Please let me know if anyone else would be interested in the work I will do.

Currently I am thinking to capture a few things.

#key files in /etc/
/etc/passwd
/etc/profile
/etc/bashrc
/etc/group
/etc/sudoers
/etc/modprobe
/etc/aliases
/etc/crontab
/etc/grub.conf
/etc/shadow
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
/etc/host.conf
/etc/multipath.conf
/etc/resolv.conf
/etc/securetty
/etc/services
/etc/updatedb.conf
/etc/sysctl.conf
/etc/inittab
/etc/initlog.conf
/etc/login.defs
/etc/logrotate.conf
/etc/logrotate.d/*

#syslogd
/etc/syslog.conf

#syslog-ng
/etc/syslog-ng/*

#java
/etc/java/*

#security
/etc/security/*

#drbd
/etc/drbd.conf

#snmp
/etc/snmp/snmpd.conf
/etc/snmp/snmp.local.conf

#tomcat
/etc/tomcat5/*
/etc/sysconfig/tomcat5/

#yum/apt-get/etc
/etc/yum.conf
/etc/yum.repos.d/*.repo
/etc/yum/yum-updatesd.conf

#ssh
/etc/ssh/*

#selinux
/etc/selinux/config
<need to figure out what else really should be captured>

#filesystem
/etc/fstab

#INIT scripts
/etc/init.d/*

#PAM
/etc/pan.d/*

#databases - mysql/etc
/etc/my.cnf

#DNS - bind/named
/etc/named.conf
/etc/named.caching-nameserver.conf
/etc/rfc1912.zones
/etc/sysconfig/named

#iscsi
<need to determine what needs to be collected>

#ntp
/etc/ntp.conf
/etc/ntp/ntpservers
/etc/ntp/keys
/etc/sysconfig/ntpd

#security files - audit
/etc/audit/auditd.conf
/etc/audit/audit.rules
/etc/sysconfig/auditd

#iptables
/etc/sysconfig/iptables-config
/etc/sysconfig/ip6tables-config

#Heartbeat
/etc/ha.d/haresources
/etc/ha.d/ha.cf
/etc/ha.d/authkeys

#sysconfig stuff
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-*
/etc/sysconfig/authconfig
/etc/sysconfig/clock
/etc/sysconfig/kernel

Charles Tompkins

2010-02-27 00:57:46 UTC

Permalink

I am interested and condisidering a rancid deployment for change
management on server files ATM; I am interested in seeing your work.

I can see nixcollect.db using some additional variability or versions
to accomodate other system flavors for all the different paths to etc,
not to mention multiple paths to applications like src-installed (/usr/
local/etc) vs. maintained packages (/etc) or even /opt.

nixcollect_redhat.db
nixcollect_debuntu.db
nixcollect_solaris.db
. . .

Maybe set your path to etc/ as a variable for the firsthalf of the
object and rely on your object definition to supply the secondhalf to
get to the file.

Regards,
-Charles

Post by Lance Vermilion
All,
I have been thinking. I don't want to go and add something like
cfengine or anything else to my existing set of tools. I do want to
collect some information and save it, namely files that wouldn't be
changing frequently and since I use OpenNMS which has RANCID tied to
it already this is a valuable add for me. All I need to do is add a
new platform nix that points to nixrancid that uses a slightly
modified clogin (to skip sending "term length 0") and then I can
capture all sorts of important bits of info on *nix machines. Right
now I have played with Linux and I am having quite the success.
I want to write a small addition to nixrancid that would then look at
an additional file called nixcollect.db. This would allow someone to
enable collection based on possible collection bits. So if the
platform type of nix was in router.db then nixrancid would look in
nixcollect.db to figure out what files to screen scrape.
Please let me know if anyone else would be interested in the work I will do.
Currently I am thinking to capture a few things.
#key files in /etc/
/etc/passwd
/etc/profile
/etc/bashrc
/etc/group
/etc/sudoers
/etc/modprobe
/etc/aliases
/etc/crontab
/etc/grub.conf
/etc/shadow
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
/etc/host.conf
/etc/multipath.conf
/etc/resolv.conf
/etc/securetty
/etc/services
/etc/updatedb.conf
/etc/sysctl.conf
/etc/inittab
/etc/initlog.conf
/etc/login.defs
/etc/logrotate.conf
/etc/logrotate.d/*
#syslogd
/etc/syslog.conf
#syslog-ng
/etc/syslog-ng/*
#java
/etc/java/*
#security
/etc/security/*
#drbd
/etc/drbd.conf
#snmp
/etc/snmp/snmpd.conf
/etc/snmp/snmp.local.conf
#tomcat
/etc/tomcat5/*
/etc/sysconfig/tomcat5/
#yum/apt-get/etc
/etc/yum.conf
/etc/yum.repos.d/*.repo
/etc/yum/yum-updatesd.conf
#ssh
/etc/ssh/*
#selinux
/etc/selinux/config
<need to figure out what else really should be captured>
#filesystem
/etc/fstab
#INIT scripts
/etc/init.d/*
#PAM
/etc/pan.d/*
#databases - mysql/etc
/etc/my.cnf
#DNS - bind/named
/etc/named.conf
/etc/named.caching-nameserver.conf
/etc/rfc1912.zones
/etc/sysconfig/named
#iscsi
<need to determine what needs to be collected>
#ntp
/etc/ntp.conf
/etc/ntp/ntpservers
/etc/ntp/keys
/etc/sysconfig/ntpd
#security files - audit
/etc/audit/auditd.conf
/etc/audit/audit.rules
/etc/sysconfig/auditd
#iptables
/etc/sysconfig/iptables-config
/etc/sysconfig/ip6tables-config
#Heartbeat
/etc/ha.d/haresources
/etc/ha.d/ha.cf
/etc/ha.d/authkeys
#sysconfig stuff
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-*
/etc/sysconfig/authconfig
/etc/sysconfig/clock
/etc/sysconfig/kernel
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Lance Vermilion

2010-03-01 18:10:21 UTC

Permalink

Charles,

I hope to actually put some structured code together in the next 5-8
days (before I leave on my honeymoon). I first have to take care of
some higher priority issues here. I will share what I come up with.
Stay tuned.

-lance

On Fri, Feb 26, 2010 at 5:57 PM, Charles Tompkins

I am interested and condisidering a rancid deployment for change management
on server files ATM; I am interested in seeing your work.
I can see nixcollect.db using some additional variability or versions to
accomodate other system flavors for all the different paths to etc, not to
mention multiple paths to applications like src-installed (/usr/local/etc)
vs. maintained packages (/etc) or even /opt.
nixcollect_redhat.db
nixcollect_debuntu.db
nixcollect_solaris.db
. . .
Maybe set your path to etc/ as a variable for the firsthalf of the object
and rely on your object definition to supply the secondhalf to get to the
file.
Regards,
-Charles

Diego Ercolani

2010-03-01 21:32:57 UTC

Permalink

You're welcome with these patches, if you think you can even start from my
patches dated july 2009:

http://www.shrubbery.net/pipermail/rancid-discuss/2009-July/004036.html

where I also implemented an extension to the rancid .clogin configuration
implementing multiline structure

In data lunedì 1 marzo 2010 19:10:21, Lance Vermilion ha scritto:
: > Charles,

Post by Lance Vermilion
I hope to actually put some structured code together in the next 5-8
days (before I leave on my honeymoon). I first have to take care of
some higher priority issues here. I will share what I come up with.
Stay tuned.
-lance
On Fri, Feb 26, 2010 at 5:57 PM, Charles Tompkins

Post by Charles Tompkins
I am interested and condisidering a rancid deployment for change
management on server files ATM; I am interested in seeing your work.
I can see nixcollect.db using some additional variability or versions to
accomodate other system flavors for all the different paths to etc, not
to mention multiple paths to applications like src-installed
(/usr/local/etc) vs. maintained packages (/etc) or even /opt.
nixcollect_redhat.db
nixcollect_debuntu.db
nixcollect_solaris.db
. . .
Maybe set your path to etc/ as a variable for the firsthalf of the object
and rely on your object definition to supply the secondhalf to get to the
file.
Regards,
-Charles

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Alex DEKKER

2010-03-01 20:33:29 UTC

Permalink

Post by Lance Vermilion
Please let me know if anyone else would be interested in the work I will do.

Yes, mainly because I've already got RANCID working with a variety of routers
and switches, so this would make adding servers into the mix painless.

alexd