How compile
a list of objects connected to the storage SAN .
For comfortable work with a switches and especially for automation via scripts, you need to install SSH keys on your devices. This can be donemanually or through the proposed utilities, if you, like me, has large network . I'll describe both methods, but above all how to generate akey (if you know it, just skip this section).
Generate SSH key ssh-keygen
In most UNIX systems this is done through the command ssh-keygen, it has a lot of arguments, but in this case, enough -f to specify which file to save the key, if you omit it, and then the key will be stored in a file by default / home / <username> / .ssh / id_rsa is not always convenient,since it is possible this file exists and is used for other purposes.
So:
ssh-keygen
-f my_key
Generating
public/private rsa key pair.
Enter
passphrase (empty for no passphrase): --
Here is necessary to press Enter, otherwise the script will
stop to the request password
Enter
same passphrase again:
Your
identification has been saved in my_key.
Your
public key has been saved in my_key.pub.
The
key fingerprint is:
70:4f:9c:ab:f4:f0:8e:cf:14:24:5a:a4:47:82:1c:4e
my_user@server.com
As
a result:
ls
-l my_key*
-rw------- 1 user group 1675 May 24 21:01 my_key
-rw-r--r-- 1 user group 412 May 24 21:01 my_key.pub
We
got a pair of keys file my_key.pub contains the
public part of the keythat we send into the switch or other
device, and my_key private key that confirms the right
to connect.
We are ready to install the keys.
We are ready to install the keys.
Manually
Cisco
It's all quite simple: extract the key from a file –
Cisco
It's all quite simple: extract the key from a file –
cat
my_key.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA18qtCG8mEd0G99t7BC90PfInOONYj3XAgyIBk3jE+QruXDsyjg5AuBB/N0DTEbq8t6L3ki8DkyeGg+MgKMH/4n6kk
K/662SbJlXfHOPJxRWoW9RYBiIA75wko92PE6EHZtWxZAabStWC3XzUxYcfF0FLgg1fRdqTB2xbgmSpIvJG5W6gG8VtVTIqONqUgJ8svGARF/vvig7NCKbRT8lQvY
S9OLsf5s43YTxuHJHZSMhQ1Qtvk1/jgSTgV4FU6W3VCb7DG8VtolrDnJTqn+KWjqgsGVKf9NkmUrU8DP+HrWheK+6y9As1AbStSNM3irVGGxf2VQboEEih+sovQxM
UiQ== user@server.com
We
are connecting to a communicator via ssh or telnet
Enter the command conf t to enter configuration mode
and then –
Enter the command conf t to enter configuration mode
and then –
user
admin sshkey ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA18qtCG8mEd0G99t7BC90PfInOONYj3XAgyIBk3jE+QruXDsyjg5AuBB/N0DTEbq8t6L3ki8DkyeGg+MgKMH/4n6kk
K/662SbJlXfHOPJxRWoW9RYBiIA75wko92PE6EHZtWxZAabStWC3XzUxYcfF0FLgg1fRdqTB2xbgmSpIvJG5W6gG8VtVTIqONqUgJ8svGARF/vvig7NCKbRT8lQvY
S9OLsf5s43YTxuHJHZSMhQ1Qtvk1/jgSTgV4FU6W3VCb7DG8VtolrDnJTqn+KWjqgsGVKf9NkmUrU8DP+HrWheK+6y9As1AbStSNM3irVGGxf2VQboEEih+sovQxM
UiQ== user@server.com
Of
course in your key :)
and finally save the configuration -
copy running-config startup-config
and finally save the configuration -
copy running-config startup-config
That's
all.
Brocade
In
case ,you're working with brocade, it's more complicated. Brocade don't receive
key as string, it generate a pair itself, some time it's not suitable, or
requests parameters of server, from which it can get key file via FTP or SCP .
This process going as follows:
You
connect to switch via ssh or telnet and type command –
sshutil
importpubkey
switch start key import and ask IP of
the server (not a name of the server!!!),
you enter the server IP (Server, you've
generate a key on ) , for example 192.168.1.10
Enter
IP address: 192.168.1.10
After that you'll get request of file location – directory name .You'll enter
the path ,
For example /home/user
Enter
remote directory: /home/user/
Next , you'll be asked to enter key file
name – pay attention – it's public part!
For example my_key.pub -
Enter
public key name(must have .pub suffix): my_key.pub
Here enter user name on the server where you
save the key, for example user -
Enter
login name: user
And Password, for example password -
user@192.168.1.10's
password:
If you
typed all correct, you will get message about successful key import.
Now
command like -
ssh
-i /home/user/my_key admin@my-switch
give
access to switch without password request.
As
you see, it's quite simple, but if you manage big network, and don't want
repeat same operation tens time, You can use my utilitys brc_sw_ssh_key.exp and
cis_sw_ssh_key.exp (here). Copy the archive to the program directory and unpack
it. You will see number of utilities in directory ./util (about other utilities
present here see later). You need packet "expect" for the program.
Automatically
key installation:
Cisco
(script cis_sw_ssh_key.exp)
./cis_sw_ssh_key.exp
<Switch> <SW_pass> <Key_file>
where
-
<Switch> - Name or IP of the switch
<SW_pass> - Password of admin account
<Key_file> - Public key file
Example: ./cis_sw_ssh_key.exp switch-1 password
/home/user/my_key.pub
!!!
Recommendation – crate batch file and start the command from it. Other way your
switch admin password will be saved in server history file as clear text .
!!!
Brocade
(script brc_sw_ssh_key.exp)
./brc_sw_ssh_key.exp
<Switch> <SW_pass> <Server_IP> <Srv_User>
<Key_Dir> <Key_file> <Srv_pass>
where
-
<Switch> - Name or IP of the switch
<SW_pass> - Password of admin account
<Server_IP> - IP of the server with SCP
access to public key file.
<Srv_User> - User's name on the server
<Key_Dir> - Key file's directory
<Key_file> - Public key file
<Srv_pass> - Password
of the server's user
Example:
./brc_sw_ssh_key.exp switch-1 password 192.168.1.10 user /home/user/ my_key.pub
password
!!!
Recommendation – crate batch file and start the command from it. Other way
your switch admin password and server's
user password will be saved in server history file as clear text .!!!
As
well, all switches SSH keys installed and we can start work automatically.
For
correct work of all automation scripts, we need a library of fabric objects – list of names and WWN for each actual objects.
As
first step, I want explain methods searching FC ports of storage connected to
fabric. I describe next storages: EMC symmetrix,
EMC VNX, EMC
Clariion, Netapp and Hitachi , but
you can find same steps to other storages.
Manual
searching:
symcfg -sid <SID >
list -v -FA all - it print information
about all FA ports, we fined interfaces with Director Connection Status - Yes
(connected to fabric).
For
example:
...............................
Director Identification: FA-11G
Director Type : FibreChannel (563)
Director Status : Online
Number of Director Ports : 2
Director Ports Status : [ON,ON,N/A,N/A]
Director Connection Status : [Yes,N/A,N/A,N/A]
Director Symbolic Number : 11G
Director Numeric Number : 107
Director Slot Number : 11
WWN Node Name : 5000097407145800
Here
- port 11G:1 connected to fabric, PWWN=50:00:09:74:07:14:59 :A8.
RF ports
(used for RDF) - discovered by other command:
symcfg -sid <SID >
list -v -RA all
As
result:
Director Identification: RF-9H
Director Type : RDF-BI-DIR
Director Status : Online
Director Symbolic Number : 09H
Director Numeric Number : 121
Director Slot Number : 9
Negotiated Speed (GB/Second) :
4
RDF HW Compression Supported : No
WWN Node Name : 50000974071459E0
naviseccli
-password <Password> -scope 0 -user <User_Name> -h
<Host_name> port -list -sp
or
naviseccli
-h <Host_name> port -list -sp if file SecureFile was created previously
by command -
naviseccli
-AddUserSecurity -password <Password> -scope 0 -user <User_Name> -h
<Host_name>
We
search port NOT marked as "Down" output of the command
Example:
SP
Name: SP A
SP
Port ID: 9
SP
UID:
50:06:02:60:C6:E0:5A:86:50:06:01:62:46:E3:5A:86
Link
Status: Up
Port
Status: Online
Switch
Present: NO
SP
Name: SP A
SP
Port ID: 10
SP
UID:
50:06:02:60:C6:E0:5A:86:50:06:01:62:46:E6:5A:87
Link
Status: Down
Port
Status: DISABLED
Switch
Present: NO
Port
А9 connected and WWN is 50:06:01:62:46:E3:5A:86. Port A10 Down
NETAPP,
we will use command fcp config over SSH or RSH
-
Search
ports with ONLINE status
exsample:
0c: ONLINE <ADAPTER UP> PTP
Fabric
host address 030380
portname 50:0a:09:85:87:e9:4c:c8 nodename 50:0a:09:80:87:e5:4c:c8
mediatype auto speed auto
0f: OFFLINED BY USER/SYSTEM <ADAPTER DOWN>
host address 000000
portname 50:0a:09:84:97:43:3c:75
nodename 50:0a:09:85:87:43:3c:78
mediatype auto speed auto
Port
0c ONLINE, PWWN -
50:0a:09:85:87:e9:4c:c8
Check
block: Port Information for PWWN resolving and block: Link Status for link
status.
Example:
Port
Information
Port Address
0
A 50060E8021054380 50060E8021054380 0000EF
0300A0
0
B 50060E8021054381 50060E8021054381 0000EF
282900
0
C 50060E8021054382 50060E8021054382 0000EF
000000
Link
Status
0
A LinkUp(F_Port Connected)
0
B LinkUp(F_Port Connected)
0
C Link Failure
0
D Link Failure
As
you see, it's quite simple, but no so funny work. I wrote small utility get_stor_port.sh
for automation of this work. You should start get_switch_obj.sh before. It will
collect information needed for separation storage ports by fabric.
Server's
PWWN are last components, needed for automation of fabric management.
This
information can be gotten from OS or utilities of FC cards vendors, or from
outside of OS – blade systems, switches or serves BIOS. I have additional
utility for HP Blade Systems, and I will happy help with developing scripts for
other hardware types.
Finally,
I give small example of scripts usage :
./txt_get_zones.sh
serv1,serv2 ALL ALL
-v
serv1_VMAX181_5F0
50:01:43:80:04:c3:6b:48 50:00:09:74:06:04:69:50
serv2_VMAX131_14E0
50:01:43:80:03:bc:1a:60 50:00:09:74:06:03 :a1:34
serv2_VMAX131_4E0 50:01:43:80:03:bc:1a:60
50:00:09:74:06:03 :a1:0c
serv2_VMAX555_5G0 50:01:43:80:03:bc:1a:60
50:00:09:74:06:16:99:90
serv2_VMAX555_6G0 50:01:43:80:03:bc:1a:60
50:00:09:74:06:16:99:94
serv2_VMX181_7G0 50:00:09:74:06:04:69:98
50:01:43:80:03:bc:1a:60
CIS_FBR :
PROD1 VSAN: 1
serv1_VMAX181_7E1
50:01:43:80:04:c3:6b:4a 50:00:09:74:06:04:69:19
serv2_VMX181_FA-5G-1
50:01:43:80:03:bc:1a:62 50:00:09:74:06:04:69:91
serv2_VMAX555_5G1 50:01:43:80:03:bc:1a:62
50:00:09:74:06:16:99:91
serv2_VMAX555_6G1 50:01:43:80:03:bc:1a:62
50:00:09:74:06:16:99:95
serv2_VMAX131_13E0 50:01:43:80:03:bc:1a:62
50:00:09:74:06:03 :a1:30
serv2_VMAX131_3E0 50:01:43:80:03:bc:1a:62
50:00:09:74:06:03 :a1:08