The attached AirWave script gathers backup files from all Aruba controllers defined in AMP. The attached script has been tested to work on AirWave versions 7.4, 7.5, 7.6, and 7.7.
Script Setup
The script should be placed in /var/airwave/custom. Give the script execute permissions using the following command:
# chmod +x /var/airwave/custom/controller_backup_v2_1.pl
As detailed in the script usage notes below, the script requires an SSH username/password on the AMP, which is used for the controller to copy its backup files. You can create the account using adduser and passwd commands in AMP CLI.
# useradd ampscpuser
# passwd ampscpuser
The user account must have read/write access to the destination directory which is /var/airwave/custom/controller_backups by default but you can alter the destination directory with the -d option. Make the destination directory and make the newly created SCP user the owner of it.
# mkdir /var/airwave/custom/controller_backups
# chown ampscpuser /var/airwave/custom/controller_backups
The script must still run as the AirWave root user, not the newly created SSH account.
Note: The open source package rssh can be used on AMP to create an SSH account that only has SCP access. Installation and configuration instructions for "rssh" are not covered in this KB.
Script Scheduling
To schedule the script to run periodically, use either crontab to set up a custom run time or use the post nightly maintenance hook to have the script run immediately after nightly maintenance completes.
Crontab
The following example would run the script once daily at 12:15AM.
To open the crontab for editing:
# crontab -e
Add the following line outside the "BEGIN AMP..." and "END AMP..." sections.
15 00 * * * /var/airwave/custom/controller_backup_v2_1.pl -u ampscpuser -p <PASSWORD> > /dev/null 2>&1
To save the script output to a log file, use this modified cron entry:
15 00 * * * (date && /var/airwave/custom/controller_backup_v2_1.pl -u ampscpuser -p <PASSWORD>) >> /var/log/controller_backup_script.txt 2>&1
Post Nightly Maintenance
Alternatively, you can use the post_nightly_maintenance script to trigger the controller backup script immediately after nightly maintenance completes. To do this, copy post_nightly_maintenance.sample file and modify it.
# cd /var/airwave/custom
# cp post_nightly_maintenance.sample post_nightly_maintenance
# vi post_nightly_maintenance
Add a line at the end of the copied sample script to call the backup script.
/var/airwave/custom/controller_backup_v2_1.pl -u ampscpuser -p <PASSWORD> > /dev/null 2>&1
Additional Notes
If you fresh install AirWave on a new server and restore an existing backup, the setup necessary for this script will be partially lost. The scripts and backups will still exist in /var/airwave/custom since that directory does get restored but the following setup will need to be performed again:
- The SSH user account created will not be re-created. You will need to repeat the user creation process.
- If you store the backups in a location that isn't a pre-created directory in AMP (using the -d option), you will need to re-create that directory and give ownership to the SSH user.
- If using crontab and not post nightly maintenance, the crontab entry will need to be re-added.
Scripts Usage
(generated from running /var/airwave/custom/controller_backup_v2_1.pl -h)
/var/airwave/custom/controller_backup_v2_1.pl runs backup commands on all "up" Aruba controllers defined in AMP. The
generated backup files and the commands used to generate them are as follows:
<CONTROLLER-NAME>-<TIMESTAMP>-logs.tar - "tar logs tech-support"
<CONTROLLER-NAME>-<TIMESTAMP>-flashbackup.tar.gz - "backup flash"
<CONTROLLER-NAME>-<TIMESTAMP>-license.tar - "license export license"
(FIPS ONLY:) <CONTROLLER-NAME>-<TIMESTAMP>-<FLASH-CONFIG-FILENAME>.sha1
- generated from "backup flash"
The generated controller files are SCP'd to the AMP using an linux account
specified with the options, -u <LINUX USERNAME> -p <LINUX PASSWORD>. After
the files are transferred, they are deleted on the controller. On AMP, the
files get stored in a user specified directory using option -d <directory>.
If a directory isn't specified, the files get stored in
/var/airwave/custom/controller_backups.
The script compresses the files to an archive and deletes
the individual files. The script rotates the latest 5 backup files.
A linux user account with SSH/SCP privileges is required. The linux account
must also have access to the destination directory. To ensure this use the
command, "chmod <SCP username> <destination directory>".
To target only devices in a specific group or folder, use -g or -f with the
group/folder ID, e.g. -g 15
The default timeout for all remote commands is 90 seconds. The timeout can be
adjusted with the -t option, e.g. -t 180.
For debugging purposes, add option -v for verbose mode.
If you would prefer to use an SSH user account that only allows SCP,
investigate the open source package rssh which can be installed on AMP.
The logic for retrieving the sha1 file is as follows: (only applies to FIPS controllers)
The script takes the name of the config file currently in use and extracts
that name and appends ".sha1". For example, if the config file is named
config.cfg, the script retrieves the file config.sha1 off of the controller.
Usage:
/var/airwave/custom/controller_backup_v2_1.pl -u <LINUX USERNAME> -p <LINUX PASSWORD> (-d <DEST DIRECTORY> | -g GROUP ID | -f FOLDER ID |) (-v) (-t)
If you would like to feed the password from a down file, you can use
xargs as such:
# head -n 1 /var/airwave/custom/amp_scp_user_password.txt | xargs -IPASS /var/airwave/custom/controller_backup_v2_1.pl -u ampscpuser -p PASS
Changelog:
v2.1:
The remote command timeout is now adjustable with option -t, example:
/var/airwave/custom/controller_backup_v2_1.pl -u ampscpuser -p password -t 180.
If you don't pass option -t, the default timeout of 90 seconds takes effect.
The script deletes each controller's SSH "known host key" saved for AMP. This fixes an issue where the script wouldn't SCP files correctly if the AMP SSH key was different than a key that a controller had previously accepted. By deleting the key initially, the controller will always accept the key AMP presents and will proceed to transfer the files.
v2.0:
The four versions of the original script have been merged into one. The one script now works on 7.4 and earlier, 7.5 and later, non-FIPS controllers, and FIPS controllers.