Automatic connexions from a UNIX host to Cisco without password: If you haven't yet enable ssh, go to the installation steps
On the UNIX host print your public key (cat /root/.ssh/id_rsa.pub), use the first 2 word to add to the Cisco account
Problem is solved, it was at NX5K as well. Its mainly caused by a documentation bug:
Bind the sshkey to an existing nexus user. Take care that you exactly use the first 2 words of the generated pubkey, allthough the key consists of 3 words:
Nexus7KA(config)# username admin sshkey ssh-rsa AAAAB3Nz... Nexus7KA(config)# sh user-account admin user:admin this user account has no expiry date roles:network-operator ssh public key: ssh-rsa AAAAB3Nz.... Important hint: In the Cisco-SSH documentation you will see: "username User1 sshkey ssh-rsa AAAAB3Nz..."
That is no new-line. It is a blanc: “ssh-rsa AAAAB3Nz…”
Try an ssh connection to each switch and accept the key
Now on your unix server, create a script to backup the config:
Customize the Cisco Shell prompt:
[root@nim]/root/scripts # cat /root/scripts/backup_mds_config.sh #!/bin/ksh ##################################################### # #@(#) Backup Cisco switch config and zoning into /export/mksysb/ # This is used for a cron entry. No arguments are # allowed in cron.Absolute paths to commands must # be specified to ssh for it to work properly # ssh key exchange must be separately configured # for the account "USER" # # Adjust the variables for your host and switch ###################################################### dir=`dirname $0` #. $dir/.env export binpath=/root/scripts export sn=`basename $0 | cut -d. -f1` export logpath=/root/scripts/logs export logname=$logpath/$sn.log BACKUP_DIR=/export/mksysb/san DATE=`date "+%Y-%m-%d_%H%M%S"` SWITCH_NAME="mds1 mds2" USER=admin COMMAND1="copy running-config startup-config" COMMAND2="show startup-config" backup_config () { echo $DATE for switch in $(echo $SWITCH_NAME) do echo "Copy running to startup-config : $switch" ssh -l $USER $switch $COMMAND1 echo "Backup MDS $switch config to local file : $BACKUP_DIR/$switch.$DATE" ssh -l $USER $switch $COMMAND2 > $BACKUP_DIR/$switch.$DATE done } backup_config > $logname 2>&1
Samples:
root@nim - /root/scripts/san > ./mkzone.sh config_file User Access Verification User Access Verification User Access Verification User Access Verification ##### ####### ### ##### # # # ##### #### # # # # # # # ## ## ## # # # # # # # # # # # # ## # # # #### ###### ###### # # ###### ##### # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ##### #### ##### ##### ### ##### ##### ** Login to switch mds9506-1 ** Enter the following commands: *************************************************** ssh admin@mds9506-1 copy run start config t c0:50:76:01:45:b6:00:18 fcalias name v_prodsrv1_p0 vsan 1 member pwwn c0:50:76:01:45:b6:00:18 c0:50:76:01:45:b6:00:08 fcalias name v_server1_p0 vsan 1 member pwwn c0:50:76:01:45:b6:00:08 exit config t zone name v_server1_p0_svc3-prd_p1 vsan 1 member fcalias v_server1_p0 member fcalias svc3-prd_p1 zone name v_server1_p0_svc3-prd_p3 vsan 1 member fcalias v_server1_p0 member fcalias svc3-prd_p3 zone name v_server1_p0_svc4-prd_p2 vsan 1 member fcalias v_server1_p0 member fcalias svc4-prd_p2 zone name v_server1_p0_svc4-prd_p4 vsan 1 member fcalias v_server1_p0 member fcalias svc4-prd_p4 zone name v_prodsrv1_p0_svc3-bcp_p1 vsan 1 member fcalias v_prodsrv1_p0 member fcalias svc3-bcp_p1 zone name v_prodsrv1_p0_svc3-bcp_p3 vsan 1 member fcalias v_prodsrv1_p0 member fcalias svc3-bcp_p3 zone name v_prodsrv1_p0_svc4-bcp_p2 vsan 1 member fcalias v_prodsrv1_p0 member fcalias svc4-bcp_p2 zone name v_prodsrv1_p0_svc4-bcp_p4 vsan 1 member fcalias v_prodsrv1_p0 member fcalias svc4-bcp_p4 exit zoneset name cfg_A_vsan1 vsan 1 member v_server1_p0_svc3-prd_p1 member v_server1_p0_svc3-prd_p3 member v_server1_p0_svc4-prd_p2 member v_server1_p0_svc4-prd_p4 member v_prodsrv1_p0_svc3-bcp_p1 member v_prodsrv1_p0_svc3-bcp_p3 member v_prodsrv1_p0_svc4-bcp_p2 member v_prodsrv1_p0_svc4-bcp_p4 exit zoneset distribute vsan 1 sleep 10 zoneset activate name cfg_A_vsan1 vsan 1 sleep 10 copy run start exit exit *************************************************** ** Logout of switch mds9506-1 ##### ####### ### ##### # # # ##### #### # # # # # # # # # ## ## # # # # # # # # # # # # ## # # # #### ###### ###### # # ###### ##### # # # # # # # # # # # # # ####### # # # # # # # # # # # # # # # # # ##### #### ##### ##### ### ##### # ** Login to switch mds9506-4 ** Enter the following commands: *************************************************** ssh admin@mds9506-4 copy run start config t c0:50:76:01:45:b6:00:12 fcalias name v_prodsrv1_p0 vsan 2 member pwwn c0:50:76:01:45:b6:00:12 c0:50:76:01:45:b6:00:02 fcalias name v_server1_p0 vsan 2 member pwwn c0:50:76:01:45:b6:00:02 exit config t zone name v_server1_p0_svc3-prd_p2 vsan 2 member fcalias v_server1_p0 member fcalias svc3-prd_p2 zone name v_server1_p0_svc3-prd_p4 vsan 2 member fcalias v_server1_p0 member fcalias svc3-prd_p4 zone name v_server1_p0_svc4-prd_p1 vsan 2 member fcalias v_server1_p0 member fcalias svc4-prd_p1 zone name v_server1_p0_svc4-prd_p3 vsan 2 member fcalias v_server1_p0 member fcalias svc4-prd_p3 zone name v_prodsrv1_p0_svc3-bcp_p2 vsan 2 member fcalias v_prodsrv1_p0 member fcalias svc3-bcp_p2 zone name v_prodsrv1_p0_svc3-bcp_p4 vsan 2 member fcalias v_prodsrv1_p0 member fcalias svc3-bcp_p4 zone name v_prodsrv1_p0_svc4-bcp_p1 vsan 2 member fcalias v_prodsrv1_p0 member fcalias svc4-bcp_p1 zone name v_prodsrv1_p0_svc4-bcp_p3 vsan 2 member fcalias v_prodsrv1_p0 member fcalias svc4-bcp_p3 exit zoneset name cfg_B_vsan2 vsan 2 member v_server1_p0_svc3-prd_p2 member v_server1_p0_svc3-prd_p4 member v_server1_p0_svc4-prd_p1 member v_server1_p0_svc4-prd_p3 member v_prodsrv1_p0_svc3-bcp_p2 member v_prodsrv1_p0_svc3-bcp_p4 member v_prodsrv1_p0_svc4-bcp_p1 member v_prodsrv1_p0_svc4-bcp_p3 exit zoneset distribute vsan 2 sleep 10 zoneset activate name cfg_B_vsan2 vsan 2 sleep 10 copy run start exit exit *************************************************** ** Logout of switch mds9506-4 ***** Warning report: WWN c0:50:76:01:45:b6:00:18 still exists fcalias name v_prpds1_p0 vsan 1 pwwn c0:50:76:01:45:b6:00:18 pwwn c0:50:76:01:45:b6:00:19 WWN c0:50:76:01:45:b6:00:08 still exists fcalias name v_prpas1_p0 vsan 1 pwwn c0:50:76:01:45:b6:00:08 pwwn c0:50:76:01:45:b6:00:09 WWN c0:50:76:01:45:b6:00:12 still exists fcalias name v_prpds1_p0 vsan 2 pwwn c0:50:76:01:45:b6:00:12 pwwn c0:50:76:01:45:b6:00:13 WWN c0:50:76:01:45:b6:00:02 still exists fcalias name v_prpas1_p0 vsan 2 pwwn c0:50:76:01:45:b6:00:02 pwwn c0:50:76:01:45:b6:00:03
mkzone.sh
#!/bin/ksh93
#set -x
#
# mkzone.sh - Utility that will take a config file and generate a
# procedure that can be used for Change Management as well
# as cut/pasted into an ssh session to configure.
# Script is able to be run on unix/linux platforms and
# inside Cygwin on Windows.
#
# Usage: mkzone.sh <mkzone_config_file>
#
# This script generate commands to create zoning.
# it detect on which fabric the wwn is available : show flogi database
# So you have to bring your server up on SAN
#
# Condense the config file. Get rid of blank lines and comments.
if [ ! -f ${1:-CONFIG} ]; then
echo "ERROR: Config file ${1} not found."
echo "Usage: mkzone.sh <mkzone_config_file>"
echo ""
exit 1
fi
logpath=/root/scripts/san/logs
errlog=$logpath/errlog
cat ${1} | egrep -v "^$|^#" > $logpath/zones.config.$$
CONFIG=$logpath/zones.config.$$
CONFIG1=$logpath/zones.config.ok
HOST_FABRIC_A=mds9506-1
HOST_FABRIC_B=mds9506-4
ALL_HOST_A="mds9506-1 mds9506-3"
ALL_HOST_B="mds9506-2 mds9506-4"
LOGIN=admin
# Set some variables.
#VSAN=`grep "^VSAN," ${CONFIG} | cut -d, -f2`
#SWITCH_NAME=`grep "^SwitchName," ${CONFIG} | cut -d, -f2`
#ZONESET_NAME=`grep "^ZonesetName," ${CONFIG} | cut -d, -f2`
#ZONE_BY=`grep "^ZoneBy," ${CONFIG} | cut -d, -f2`
DATE=`date '+%Y%m%d'`
if [ -e $errlog ]
then
rm $errlog
fi
convert_wwn ()
{
wwn=$1
wwn_nodot=$(echo $wwn | sed 's/://g;s/\.//g' | tr 'a-z' 'A-Z')
wwn_dot=$(echo $wwn_nodot | sed 's/../&:/g;s/:$//' | tr 'A-Z' 'a-z')
echo $wwn_dot
}
ssh $LOGIN@mds9506-1 "show flogi database" | grep : | grep fc > $logpath/flogi.A 2>/dev/null
ssh $LOGIN@mds9506-3 "show flogi database" | grep : | grep fc >> $logpath/flogi.A 2>/dev/null
ssh $LOGIN@mds9506-2 "show flogi database" | grep : | grep fc > $logpath/flogi.B 2>/dev/null
ssh $LOGIN@mds9506-4 "show flogi database" | grep : | grep fc >> $logpath/flogi.B 2>/dev/null
grep "^ARRAY" ${CONFIG} > $CONFIG1.A
grep "^ARRAY" ${CONFIG} > $CONFIG1.B
for line in $(grep "^SERVER" ${CONFIG})
do
DEVICE_WWN=$(echo $line | cut -d, -f3)
PWWN=$(convert_wwn $DEVICE_WWN)
fabric=$(grep "$PWWN" $logpath/flogi.* | cut -d'.' -f2- | cut -d':' -f1)
line1=$(echo $line | cut -d',' -f1-2)
echo $fabric | egrep "A|B" > /dev/null
if [ $? -ne 0 ]
then
echo "$PWWN doesn't exists on a FABRIC"
else
echo $line1,$PWWN,$fabric >> $CONFIG1.$fabric
fi
done
for connect in ${HOST_FABRIC_A} ${HOST_FABRIC_B}
do
# Backup of config before
ssh $LOGIN@$connect "show zoneset active" > $logpath/zoneset_active_before.$connect.$DATE 2>/dev/null
ssh $LOGIN@$connect "show startup-config" > $logpath/backup_config.$connect.$DATE 2>/dev/null
ssh $LOGIN@$connect "show zoneset brief active" > $logpath/zoneset.$connect 2>/dev/null
VSAN=$(grep "zoneset name" $logpath/zoneset.$connect | awk '{print $5}')
ZONESET_NAME=$(grep "zoneset name" $logpath/zoneset.$connect | awk '{print $3}')
echo $ZONESET_NAME | grep "cfg_A" > /dev/null 2>&1
if [ $? -eq 0 ]
then
CONFIGOK="${CONFIG1}.A"
else
echo $ZONESET_NAME | grep "cfg_B" > /dev/null 2>&1
if [ $? -eq 0 ]
then
CONFIGOK="${CONFIG1}.B"
else
echo "ERROR fabric not found"
exit 1
fi
fi
banner "$connect"
echo "** Login to switch ${connect}"
echo "** Enter the following commands:"
echo "***************************************************"
echo ""
echo "ssh $LOGIN@${connect}"
echo "copy run start"
# echo "copy run bootflash:pre-${DATE}"
echo ""
# Check alias
ssh $LOGIN@$connect "show fcalias" > $logpath/fcalias.$connect 2>/dev/null
# Create the fcaliases.
echo "config t"
for TYPE in SERVER
do
for DEVICE in $(grep "^${TYPE}" ${CONFIGOK} | cut -d, -f2| sort -u)
do
DEVICE_WWN=$(grep ",${DEVICE}," ${CONFIGOK} | cut -d, -f3 | head -1)
PWWN=$(convert_wwn $DEVICE_WWN)
grep "fcalias $DEVICE " $logpath/fcalias.$connect > /dev/null 2>&1
if [ $? -eq 0 ]
then
grep -p "$PWWN" $logpath/fcalias.$connect > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "FCalias $DEVICE $DEVICE_WWN still exists" >> $errlog
else
echo "FCalias $DEVICE still exists but with wrong WWN" >> $errlog
fi
else
grep $PWWN $logpath/fcalias.$connect > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "WWN $PWWN still exists" >> $errlog
grep -p "$PWWN" $logpath/fcalias.$connect >> $errlog
fi
echo "fcalias name ${DEVICE} vsan ${VSAN}"
echo "member pwwn ${PWWN}"
fi
done
done
echo "exit"
echo ""
# Create all of the zones
echo "config t"
ZONE_ADD=""
for line in $(grep "^SERVER" ${CONFIGOK})
do
SERVER=$(echo $line | cut -d, -f2)
NUMBER=$(echo $line | cut -d, -f1 | sed 's/SERVER//')
for storage in $(grep "^ARRAY${NUMBER}," ${CONFIGOK} | cut -d, -f2- | sed 's/,/\ /g')
do
case ${storage} in
svc-prd) word1=svc3-prd ; word2=svc4-prd ;;
svc-bcp) word1=svc3-bcp ; word2=svc4-bcp ;;
ds8100prd) word1=ds8100prd ; word2=ds8100prd ;;
ds8100bcp) word1=ds8100bcp ; word2=ds8100bcp ;;
esac
for ARRAY in $(egrep "$word1|$word2" $logpath/fcalias.$connect | awk '{print $3}' | grep -v "_mm_")
do
echo "zone name ${SERVER}_${ARRAY} vsan ${VSAN}"
echo "member fcalias ${SERVER}"
echo "member fcalias ${ARRAY}"
ZONE_ADD=$(echo "$ZONE_ADD ${SERVER}_${ARRAY}")
done
done
done
echo "exit"
echo ""
# Create the active zoneset and activate it
echo "zoneset name ${ZONESET_NAME} vsan ${VSAN}"
for ZONEADD in ${ZONE_ADD}
do
echo "member ${ZONEADD}"
done
echo "exit"
echo "zoneset distribute vsan ${VSAN}"
echo "sleep 10"
echo "zoneset activate name ${ZONESET_NAME} vsan ${VSAN}"
echo "sleep 10"
echo "copy run start"
# echo "copy run bootflash:post-${DATE}"
echo "exit"
echo "exit"
echo "***************************************************"
echo "** Logout of switch ${connect}"
# Backup of config after
#ssh $LOGIN@$connect "show zoneset active" > $logpath/zoneset_active_after.$DATE 2>/dev/null
done
if [ -e $errlog ]
then
echo
echo "***** Warning report:"
cat $errlog
fi
# Clean up and exit.
rm $CONFIG
exit 0
config_file (server1 is connected to array1…)
# Choose an array in ds8100prd ds8100bcp svc-prd svc-bcp # ARRAYx,<storage> # the array number and server number must match ARRAY1,svc-prd ARRAY2,ds8100prd ARRAY3,svc-prd ARRAY4,svc-prd ARRAY5,ds8100bcp ARRAY6,svc-prd ARRAY7,svc-prd ARRAY8,svc-prd # add SERVERx,<fcalias>,<WWN> # WWN can be with different formats: C05076004B64002A c0:50:76:00:4b:64:00:2a SERVER1,v_prpas1_p0,c050760145b60002 SERVER1,v_prpas1_p0,c050760145b60008 SERVER1,v_prpas1_p1,c050760145b60006 SERVER1,v_prpas1_p1,c050760145b60004 SERVER2,v_prpds1_p0,c050760145b60012 SERVER2,v_prpds1_p0,c050760145b60018 SERVER2,v_prpds1_p1,c050760145b60016 SERVER2,v_prpds1_p1,c050760145b60014