Automating Config / Zone backups for Brocade Switches

I was looking for an easy way to make backups of our fabric and report the status of the backup on our internal web page. I wrote a script that will remotely run configupload and pull the script config file from all the switches via FTP, move the previous config file to an archive location, create a report of the output and copy it to a web page folder. I run the bash script using cygwin on our internal IIS server, and it’s scheduled to run daily.

The script uses ssh, so you could either set up ssh keys or use an opensource package called sshpass (http://sourceforge.net/projects/sshpass). In this example script I’m using sshpass to avoid having to type in a password for each command when the script runs.

I figured out that you must connect to a new switch at least once manually without using sshpass, as it supresses the output that asks you to confirm adding it as a known host. Below is the output, I simply ran a ‘zoneshow’ as the initial command to set it up.

$ ssh USERID@brocade_switch_1 zoneshow
 The authenticity of host ‘brocade_switch_1 (10.0.0.9)’ can’t be established.
 DSA key fingerprint is 3b:cd:98:62:4a:67:99:28:c4:41:f3:19:8d:f1:7d:a0.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added ‘brocade_switch_1,10.0.0.9’ (DSA) to the list of known hosts.

My original script is set up to run for multiple geographical locations which is why I have separate lists set up.   This sample script is set up for two separate theoretical locations, it could easily be expanded or reduced based on your environment.

#Set Environment 
TODAY=`date`
TIMESTAMP=`date +”%Y%m%d%H%M”`
LOCALPATH=”/cygdrive/c/scripts/brocade”
WEBPATH=”/cygdrive/c/inetpub/wwwroot”
FTPHOST=”10.0.0.1″
FTPUSER=”ftpuser”
FTPPATH=”/brocade”
FTPPASSWORD=”password”

#Add timestamp to top of report
echo $TODAY > $WEBPATH/brocade_backup_report.txt
echo ” ” >> $WEBPATH/brocade_backup_report.txt

#Clear data from last run
>$LOCALPATH/brocade_backup_report_1.txt
>$LOCALPATH/brocade_backup_report_2.txt

#Move yesterday’s backups to an archive location
mv $WEBPATH/brocade/*.txt /cygdrive/e/archive/brocade

#List of Switches to be backed up
SWITCHLIST1=”switch1siteA switch2siteA switch3siteA switch4siteA”
SWITCHLIST2=”switch1siteB switch2siteB switch3siteB switch4siteB switch5siteB switch6siteB”

for x in $SWITCHLIST1
do
echo “$x”: “$FTPPATH/$x.$TIMESTAMP” >> $LOCALPATH/brocade_backup_report_1.txt
sshpass -p ‘password’ ssh admin@$x configupload -ftp $FTPHOST,$FTPUSER,$FTPPATH/$x.$TIMESTAMP.txt,$FTPPASSWORD >> $LOCALPATH/brocade_backup_report_1.txt
echo ” ” >> $LOCALPATH/brocade_backup_report_1.txt
done

for x in $SWITCHLIST2
do
echo “$x”: “$FTPPATH/$x.$TIMESTAMP” >> $LOCALPATH/brocade_backup_report_2.txt
sshpass -p ‘password’ ssh USERID@$x configupload -ftp $FTPHOST,$FTPUSER,$FTPPATH/$x.$TIMESTAMP.txt,$FTPPASSWORD >> $LOCALPATH/brocade_backup_report_2.txt
echo ” ” >> $LOCALPATH/brocade_backup_report_2.txt
done

# This last section creates the report for the web page.
cat $LOCALPATH/brocade_backup_report_1.txt.txt $LOCALPATH/brocade_backup_report_2.txt.txt >> $WEBPATH/brocade_backup_report.txt

The report output looks like this:

Thu Sep 12 06:00:01 CDT 2013
 
switch1siteA: /brocade/switch1siteA.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch2siteA: /brocade/switch2siteA.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch3siteA: /brocade/switch3siteA.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch4siteA: /brocade/switch4siteA.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch1siteB: /brocade/switch1siteB.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch2siteB: /brocade/switch2siteB.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch3siteB: /brocade/switch3siteB.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch4siteB: /brocade/switch4siteB.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch5siteB: /brocade/switch5siteB.201309120600
configUpload complete: All selected config parameters are uploaded
 
switch6siteB: /brocade/switch6siteB.201309120600
configUpload complete: All selected config parameters are uploaded
Advertisements

Useful Brocade FOS CLI Commands

brocadefosclireference

Below is a list of useful Brocade CLI commands that I keep at my desk for reference. They are divided up into categories for Zoning, Show, Port, Time/Date, License, Banner, Password, SNMP, User Config, Firmware, and Miscellaneous.

Zoning Commands

alicreate “Name”, “domain,port#” Used to create an alias
alicreate “Name”,”portname1; portname2″ To create multiple ports under a single alias
alidelete “Name” To delete an alias
aliadd “Name”, “domain,port#” To add additional ports to an alias
aliremove “Name”, “domain,port#” To remove a port from the alias
alishow “AliName” To show the alias configuration on the switch
zonecreate “Zone Name”, “alias1; alias2″ To create zones based on alias
zonedelete “ZoneName” To delete a zone
zoneadd “ZoneName”, “alias name” To add additional alias into the zone
zoneremove “ZoneName”, “alias name” To remove an alias from the zone
zoneshow “zoneName” To show the zone configuration information
cfgcreate “Configname”, “Zone1; Zone2″ To create configurations by adding in zones
cfgdelete “ConfigName” To delete a configuration
cfgadd “ConfigName”, “Zone3″ To add additional zones in the configuration
cfgremove “ConfigName”, “Zone3″ To remove a zone from the configuration
cfgshow “ConfigName” To show the details of that configuration
cfgenable “ConfigName” To enable a configuration on the switch
cfgsave To have the effective configuration to be written into the flash memory

Show Commands

 psshow Displays the status of the power supply
fansshow Displays the status of the fans
tempshow Displays the status of the temperature readings
sensorshow Displays the status of the sensor readings
nsshow Displays information in the name server
nsshow -t Displays information in the name server
nsshow -r Displays the information in the name server along with the state change registration details
nscamshow Displays detailed information of all the devices connected to all the switches in the fabric (Remote Name Servers)
nsallshow Displays the 24 bit address of all devices that are in the fabric
licenseshow Displays all the licenses that have been added in the switch
date Displays the current date set on the switch
bannershow Displays the banner that will appear when logging in using the CLI or web tools
httpcfgshow Displays the JAVA version the switch expects at the management console
switchname Displays the name of the switch
fabricshow Displays information of all the switches in the fabric
userconfig –show -a Displays the account information like role , description , password exp date , locked status
switchstatusshow Displays the overall status of the switch
switchstatuspolicyshow Displays policy set for the switch regarding Marginal(Yellow) or Down(Red) error status
portshow To show the port status
portcfgshow Displays the speed set for all ports on all slots and other detailed port information
configshow fabric.ops Displays the parameters of the switch. Ensure all switches in a fabric have the same parameters in order to communicate
configshow fabric.ops.pidFormat Displays the PID set for a switch Core , Native or Extended edge
switchuptime OR uptime Displays the uptime for the switch
firmwareshow Displays the firmware on the switch
version Displays the current firmware version on the switch
hashow Displays the status of local and remote CP’s. High availability , heartbeat and synchronization

Port Settings

portcfgshow Displays the port settings
portcfg rscnsupr [slot/port] –enable A registered state change registration is suppressed when a state change occurs on the port
portcfg rscnsupr [slot/port] –disable A registered state change registration is sent when a state change occurs on the port
portname To assign a name for a port
portdisable To disable a port or slot
portenable To enable a port or slot
portcfgpersistentdisable To disable a port , status would not change even after rebooting the switch
portcfgpersistentenable To enable a port , status would not change even after rebooting the switch
portshow To show the port status
portcfgspeed , To set speed for a port#te – 0:auto negotiated 1,2,4 Gbit/sec , 1 : 1Gbit/sec , 2 : 2 Gbit/sec , 4 : 4Gbit/sec
switchcfgspeed To set speed for all the ports on the switch Note – 0:auto negotiated 1,2,4 Gbit/sec , 1 : 1Gbit/sec , 2 : 2 Gbit/sec , 4 : 4Gbit/sec
portcfgshow Displays the speed set for all ports on all slots and other detailed port information
portcfgdefault To set the port settings to default
portcfglongdistance To set the long distance mode . Default is L0(Normal), as per distance will display LE <=10 kms , L0.5 <=25kms , L1 <=50 kms, L2<=100kms , LD=auto , LS = Static
portcfgeport Used to disable a port from being a E port

Time and Date Settings

date Displays the current date set on the switch
tsclockserver 10.10.1.1 Instruction for the principal switch to synchronize time with the NTP server (specify the  ip address of the NTP server)
tsclockserver LOCL Instruction to stop NTP server synchronization (Local time of the switch)
date mmddhhmmyy To set the time of the switch when the NTP server synchronization is cancelled
tstimezone -5 To set the time zone for individual switches

License Commands

licenseshow Displays all the licenses that are added in the switch
licenseadd To add a new license to the switch
licenseremove To remove a license from the switch
licenseidshow Based on Switch WWN

Banner Commands

bannershow Displays the banner that will appear when logging in using the CLI or web tools
bannerset To set the banner which will appear when logging in using the CLI or web tools
bannerset “” To remove the bannerset (two quotes)

Password commands

passwd To change the password for that particular login
passwdcfg –set -lowercase 3 uppercase 1 -digits 2 -punctuation 2 -minlength 10 -history 3 To set the password rules
passwdcfg –set -minpasswordage 1 To set the minimum password age in Days
passwdcfg –set -maxpasswordage 30 To set the maximum password age in Days
passwdcfg –set -warning 23 To set a warning for the expiration Days remaining
passwdcfg –set -lockoutthreshold 5 To set the account lockout thresh hold
passwdcfg –set -lockoutduration 30 To set the account lockout duration in Minutes
passwdcfg –setdefault To restore the password policy to Factory settings (min length – 8, history -1 , lockoutduration – 30)

SNMP Commands

snmpconfig snmpconfig for 5.0 above fos
agtcfgset snmp config for fos below 5.0
snmpmibcapset for choosing the MIB’s for the snmp settings

User Configuration

userconfig –show -a / userconfig –show Displays all the account information like role , description , password expiration date , locked status
userconfig –add john -r admin -d “John Doe” To add a new account -r = role , -d = description
userconfig –show john Displays all the information for the account john
userconfig –change -e no To Disable an account , usually default a/cs like admin and user . But ensure before disabling the admin a/c there is another a/c with admin rights
userconfig –change -e yes To Enable an account

Firmware commands

configupload Saves the switch config as an ASCII text file to an FTP server
configdownload To restore a switch configuration from ASCII text file Note – Need to disable the switch before downloading the config file
configure => cfgload attributes : [y] => Ensure secure config upload / download : [y] Fabric OS v 4.4 & above provides Secure File Copy Protocol (SCP) during upload or download of configurations
firmwaredownload To download the firmware to be installed on the switch
firmwareshow To be run after installing the firmware on the switch
version Displays the current firmware version on the switch
fastboot Needs to be run after installing the firmware. This does not include the post.
reboot Needs to be run after installing the firmware. This includes the post.

Miscellaneous commands

killtelnet To kill a particular session which is using telnet
configure To configure a switch
quietmode To switch off the quiet mode
quietmode 1 To suppress messages to the console
switchname Displays the switch name
switchname “EXAMPLE” To assign a switch name
bannerset To set the banner which will appear when logging in using the CLI or web tools
timeout Displays the timeout time set for Telnet session on the switch
timeout 10 To set a specific timeout time for the Telnet session
switchuptime or uptime Displays the uptime for the switch
switchcfgspeed To set speed for all the ports on the switch Note – 0:auto negotiated 1,2,4 Gbit/sec , 1 : 1Gbit/sec , 2 : 2 Gbit/sec , 4 : 4Gbit/sec
fastboot To reboot the switch without post
reboot To reboot the switch with the post
switchstatusshow Displays the overall status of the switch
switchstatuspolicyshow Displays policy set for the switch regarding Marginal(Yellow) or Down(Red) error status
switchstatuspolicyset To change the policy set for the switch regarding Marginal(Yellow) or Down(Red) error status

 

Archiving NAZ and NAR files from EMC VNX and Clariion arrays

It can be useful to copy and archive naz and nar files from all arrays to a local server.  It’s useful for helping EMC with troubleshooting efforts, general health checks, and researching historical trends.   I use them often with our EMC technical rep when a workload analysis is done, and it’s much faster to simply have them all copied somewhere automatically on a daily basis.

Not all of our arrays have an analyzer license, so the files are stored in “naz” format rather than “nar” format.  The naz files need to be sent to emc for decryption before they can be used by a customer.

The windows shell script below will store the current date in a variable, attempt to start analyzer and then pull the current file.  Arrays that don’t have an analyzer license will only run data collection for a maximum of 7 days.  The script attempts to start the service every day, so if it happens to have been 7 days it will start back up.  I set the archive interval to 600 seconds and run the script every 24 hours.

 

@ECHO OFF
 
For /f “tokens=2-4 delims=/ ” %%a in (‘date /t’) do (set date=%%a-%%b-%%c)
For /f “tokens=1-3 delims=: ” %%a in (‘time /t’) do (set time=%%a-%%b-%%c)
for /f “tokens=1-7 delims=:/-, ” %%i in (‘echo exit^|cmd /q /k”prompt $d $t”‘) do (
   for /f “tokens=2-4 delims=/-,() skip=1” %%a in (‘echo.^|date’) do (
      set dow=%%i
      set %%a=%%j
      set %%b=%%k
      set %%c=%%l
      set hh=%%m
      set min=%%n
      set ss=%%o
   )
)
 
echo Array01a
naviseccli -h Array01a analyzer -start
echo Array02a
naviseccli -h Array02a analyzer -start
echo Array03a
naviseccli -h Array03a analyzer -start
echo Array04a
naviseccli -h Array04a analyzer -start
echo Array05a
naviseccli -h Array05a analyzer -start
echo Array06a
naviseccli -h Array05a analyzer -start
 
NaviSECCli.exe -h Array01a analyzer -archiveretrieve -file APM00111100006_SPA_%date%-%time%.naz -Location D:\SAN\narcollection\Array01
NaviSECCli.exe -h Array01b analyzer -archiveretrieve -file APM00111100006_SPB_%date%-%time%.naz -Location D:\SAN\narcollection\Array01
 
NaviSECCli.exe -h Array02a analyzer -archiveretrieve -file APM00111000005_SPA_%date%-%time%.naz -Location D:\SAN\narcollection\Array02
NaviSECCli.exe -h Array02b analyzer -archiveretrieve -file APM00111000005_SPB_%date%-%time%.naz -Location D:\SAN\narcollection\Array02
 
NaviSECCli.exe -h Array03a analyzer -archiveretrieve -file APM00182700004_SPA_%date%-%time%.nar -Location D:\SAN\narcollection\Array03
NaviSECCli.exe -h Array03b analyzer -archiveretrieve -file APM00182700004_SPB_%date%-%time%.nar -Location D:\SAN\narcollection\Array03
 
NaviSECCli.exe -h Array04a analyzer -archiveretrieve -file APM00122600000_SPA_%date%-%time%.naz -Location D:\SAN\narcollection\Array04
NaviSECCli.exe -h Array04b analyzer -archiveretrieve -file APM00122600000_SPB_%date%-%time%.naz -Location D:\SAN\narcollection\Array04
 
NaviSECCli.exe -h Array05a analyzer -archiveretrieve -file APM00122700001_SPA_%date%-%time%.nar -Location D:\SAN\narcollection\Array05
NaviSECCli.exe -h Array05b analyzer -archiveretrieve -file APM00122700001_SPB_%date%-%time%.nar -Location D:\SAN\narcollection\Array05
 
NaviSECCli.exe -h Array06a analyzer -archiveretrieve -file APM00132900002_SPA_%date%-%time%.naz -Location D:\SAN\narcollection\Array06
NaviSECCli.exe -h Array06b analyzer -archiveretrieve -file APM00132900003_SPB_%date%-%time%.naz -Location D:\SAN\narcollection\Array06