Friday, December 6, 2013

Saving Acme Packet Configs using Rancid

No one has yet written a Rancid module for Acme Packet's (now Oracle) Session Border Controller/SBCs/SIP routers. I played around with it because I wanted a quick and easy way to diff Acme config revisions. This method works for me with SBCs using 6.2 of the Acme software. It produces several errors at the top of the config, since the Cisco module tries to run a lot of commands.

1. I created an SSH key as the rancid user, with no password:

/bin/su - rancid -c "ssh-keygen -b 2048 -t rsa"

2. I created an SSH key based user on the SBCs (I have a HA pair, so I did this on the primary) - and I used the public key I created in step one (i.e., ~rancid/.ssh/id_rsa.pub    - just remember that the format is very strict. You should match, more or less, the example below. The comment goes at the beginning, and not at the end like openssh)

ssh-pub-key import authorized-key rancid

IMPORTANT:
       Please paste SSH public key in the format defined in RFC 4716.
       Terminate the key with ";" to exit.......

---- BEGIN SSH2 PUBLIC KEY ----


Comment: My rancid user's public key

AAAAB3NzaC1yc2EAAAasdasdawdawdhZj07+93RKwx0RXcwaaadawdawdaefZuc6ePw+3G9jiZUcyxFb8Td9sc700HtZLN0CtezZKHsC+bJPp0oocb9ykAIzO9xs3vOs55aadwdad21d12fq==


---- END SSH2 PUBLIC KEY ----;

I usually create host file entries for rancid, as not all of the hosts are in dns, and some have multiple addresses. But, it's entirely up to you. The key format above is strict. Make sure there are no empty spaces at the end of lines. 


3. modify .cloginrc and add the following (assuming your SBC is called mysbc1.myfqdn.local


add password mysbc1.myfqdn.local noRealPasswordNecessaryJustFillThisInWithGarbage
add autoenable mysbc1.myfqdn.local 1
add user mysbc1.myfqdn.local rancid
add method mysbc1.myfqdn.local ssh

4. log into the SBC with the actual rancid user, just so the rancid user will add the host to its ssh_known_hosts file

5. add the SBC to the router.db for your particular environment:

mysbc1.myfqdn.local:cisco:up

 6. Now, you should be all set. Run Rancid as you would, normally. For instance, I have a COLO called pac1:

/bin/su - rancid -c "/usr/local/rancid/bin/rancid-run pac1