Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Build a Custom Cisco Configuration Repository : Page 2

You don't have to spend a fortune on CiscoWorks to store and compare your Cisco router configurations. With a little work and some help from Subversion, you can roll your own.


advertisement
A Bit About Subversion
 
Figure 1. Subversion: Subversion is a revision control system that lets you easily track and compare changes to files.
Subversion (see Figure 1) is a revision control system that lets you easily track and compare changes to files. Typically, people use Subversion to track changes to source code. When a developer "checks out" a folder containing code files, Subversion ensures that nobody else can make changes to the code in that folder. As developers finish making changes to the source, they "commit" their changes to the source, which updates the "master copy" of the folder, but maintains a list of the changes that occurred.

But you don't have to limit Subversion's use to source code files; in this context, you can use it to track changes to your router configurations easily. The same basic theory applies to saving changes for Cisco configurations; however, you essentially have only a single source for changes. You can't check out a single file in Subversion. Instead, you check out the entire folder containing the file you want to. Because of this behavior, you need to do a little work-around at the end. Don't worry, though, because Subversion is only going to update the configurations that have actually changed. For example, if you're updating weekly, and your routers haven't had any configuration changes in the past week, then Subversion won't update anything. You'll need to make one change to your Cisco configurations if you plan on using these stored configurations for disaster recovery purposes. If you drop a working configuration onto a router, IOS automatically puts all interfaces into the "shut" state. Therefore, you must make sure to modify the configurations to be put into a "no shut" state when doing disaster recovery.

Configuring Subversion and Apache
You need to create the configuration repository in Subversion. First, create the following directory tree:

gonzo:~ # mkdir /opt gonzo:~ # mkdir /opt/svn gonzo:~ # mkdir /opt/svn/user_access

Then, create the initial configuration repository.

gonzo:~ # svnadmin create /opt/svn/depot

Next, set the permissions on the new configuration repository. Here's where you need the user and group that Apache is configured to use that you found above:



chown --R <apache user>:<apache group> /opt/svn/depot

Finally, create some users. Use the following command and then press Enter.

<span class="pf">htpasswd -cm /opt/svn/user_access/passwd <username></span>

Then, type in the password for that user.

gonzo:/opt # htpasswd -cm /opt/svn/user_access/passwd someuser New password: Re-type new password: Adding password for user someuser

Now that you've created the basic repository, you need to enable mod_dav and Subversion in your Apache configuration. Check your httpd.conf file for the following lines and add them if they're not there:

LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule dav_fs_module modules/mod_dav_fs.so

You need to add the Subversion information to httpd.conf as well, as shown below.

<Location /depot> DAV svn SVNPath /srv/svn/depot # Limit write permission to list of valid users. <LimitExcept GET PROPFIND OPTIONS REPORT> # Require SSL connection for password protection. # SSLRequireSSL AuthType Basic AuthName "Authorization Realm" AuthUserFile /opt/svn/user_access/passwd Require valid-user </LimitExcept> </Location>

After making these modifications, run the command apachectl configtest to check the Apache configuration for errors. You should see the following on your screen:

gonzo:/etc/apache2/conf.d # apache2ctl configtest Syntax OK

If the configuration test doesn't return Syntax OK, it'll return errors instead, and you'll need to fix these before you can continue. Assuming that your configuration is OK, restart Apache using the command apachectl restart.

Now, open your favorite Web browser, and go to the Apache site we just created. In the location bar, enter http:///depot. The Web page should look something like:

Revision 0: / Powered by Subversion version 1.0.5 (dev build).

As you can see, the repository is empty—which is to be expected because you haven't imported any configurations yet. You're going to create a basic structure to store configurations now. First, you need to "check out" the existing repository. Create a "tmp" directory inside your home directory.

conrad@gonzo:~> cd tmp conrad@gonzo:~/tmp> svn co http://localhost/depot Checked out revision 4.

Author's Note: Your revision number will probably be different from mine throughout these examples.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap