Cisco Catalyst 3750 配置自动备份2
安装 tftp
安装 tftp 和 tftp-server
[root@h102 ~]# yum install tftp tftp-server
Loaded plugins: dellsysid, fastestmirror, refresh-packagekit, security
Setting up Install Process
Determining fastest mirrors
epel/metalink | 5.6 kB 00:00
* base: mirrors.btte.net
* epel: mirrors.ustc.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.btte.net
base | 3.7 kB 00:00
base/primary_db | 4.7 MB 00:09
epel | 4.3 kB 00:00
epel/primary_db | 5.9 MB 00:24
extras | 3.4 kB 00:00
extras/primary_db | 37 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 821 kB 00:01
Resolving Dependencies
--> Running transaction check
---> Package tftp.x86_64 0:0.49-8.el6 will be installed
---> Package tftp-server.x86_64 0:0.49-7.el6 will be updated
---> Package tftp-server.x86_64 0:0.49-8.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Installing:
tftp x86_64 0.49-8.el6 base 32 k
Updating:
tftp-server x86_64 0.49-8.el6 base 39 k
Transaction Summary
============================================================================================================
Install 1 Package(s)
Upgrade 1 Package(s)
Total download size: 71 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): tftp-0.49-8.el6.x86_64.rpm | 32 kB 00:00
(2/2): tftp-server-0.49-8.el6.x86_64.rpm | 39 kB 00:00
------------------------------------------------------------------------------------------------------------
Total 435 kB/s | 71 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : tftp-server-0.49-8.el6.x86_64 1/3
Installing : tftp-0.49-8.el6.x86_64 2/3
Cleanup : tftp-server-0.49-7.el6.x86_64 3/3
Verifying : tftp-0.49-8.el6.x86_64 1/3
Verifying : tftp-server-0.49-8.el6.x86_64 2/3
Verifying : tftp-server-0.49-7.el6.x86_64 3/3
Installed:
tftp.x86_64 0:0.49-8.el6
Updated:
tftp-server.x86_64 0:0.49-8.el6
Complete!
[root@h102 ~]#安装 xinetd
[root@h102 ~]# yum install tftp tftp-server xinetd
Loaded plugins: dellsysid, fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* epel: mirrors.ustc.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.btte.net
Package tftp-0.49-8.el6.x86_64 already installed and latest version
Package tftp-server-0.49-8.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package xinetd.x86_64 2:2.3.14-39.el6_4 will be updated
---> Package xinetd.x86_64 2:2.3.14-40.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Updating:
xinetd x86_64 2:2.3.14-40.el6 base 122 k
Transaction Summary
============================================================================================================
Upgrade 1 Package(s)
Total download size: 122 k
Is this ok [y/N]: y
Downloading Packages:
xinetd-2.3.14-40.el6.x86_64.rpm | 122 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : 2:xinetd-2.3.14-40.el6.x86_64 1/2
Cleanup : 2:xinetd-2.3.14-39.el6_4.x86_64 2/2
Verifying : 2:xinetd-2.3.14-40.el6.x86_64 1/2
Verifying : 2:xinetd-2.3.14-39.el6_4.x86_64 2/2
Updated:
xinetd.x86_64 2:2.3.14-40.el6
Complete!
[root@h102 ~]# 开启tftp
[root@h102 ~]# /etc/init.d/xinetd status
xinetd (pid 39467) is running...
[root@h102 ~]# chkconfig --list | grep tftp
tftp: on
[root@h102 ~]# Tip: 可以确认一下配置,再重启一下服务
[root@h102 ~]# cat /etc/xinetd.d/tftp
# This file is being maintained by Puppet.
# DO NOT EDIT
service tftp
{
port = 69
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
group = root
groups = yes
server = /usr/sbin/in.tftpd
server_args = -v -s /var/lib/tftpboot/ -m /etc/tftpd.map -c
per_source = 11
cps = 100 2
flags = IPv4
}
[root@h102 ~]# server_args 中的参数非常重要
-c代表可以创建文件,如果不加这个参数则会有如下报错
[root@h102 ~]# tftp 127.0.0.1
tftp> put iotop.log
Error code 1: File not found
tftp>-s代表服务存取数据的目录,这个目录要具备相应的读写权限,否则会有如下报错
[root@h102 ~]# tftp 127.0.0.1
tftp> put iotop.log
Error code 0: Permission denied
tftp>解决办法就是加上相应的权限
[root@h102 ~]# chmod o+w /var/lib/tftpboot/
[root@h102 ~]# ll /var/lib/tftpboot/ -d
drwxr-xrwx. 2 root root 4096 May 15 14:53 /var/lib/tftpboot/
[root@h102 ~]#重启一下服务
[root@h102 ~]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@h102 ~]# netstat -a | grep tftp
udp 0 0 *:tftp *:*
[root@h102 ~]#测试上传下载
[root@h102 ~]# tftp 127.0.0.1
tftp> put sda2.log
tftp> get menu.c32
tftp>
-------
[root@h102 ~]# ll /var/lib/tftpboot/
total 640
-rw-r--r--. 1 root root 20832 May 15 2015 chain.c32
-rw-r--r--. 1 root root 26268 May 15 2015 memdisk
-rw-r--r--. 1 root root 61796 May 15 2015 menu.c32
-rw-r--r--. 1 root root 26759 May 15 2015 pxelinux.0
-rw-rw-rw- 1 nobody nobody 505802 May 15 15:51 sda2.log
[root@h102 ~]#加强设备秘钥长度
[f:\~]$ ssh admin@192.168.90.1
Connecting to 192.168.90.1:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Switch#conf
Switch#configure
Configuring from terminal, memory, or network [terminal]? terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#crypto key generate rsa general-keys
% You already have RSA keys defined named Switch.MyDomain.com.
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys ...[OK]
Switch(config)#Tip: 为什么要加长秘钥强度呢,因为默认是512太短不安全,如果使用linux服务器进行连接会报错
[root@h102 ~]# ssh admin@192.168.90.1
The authenticity of host '192.168.90.1 (192.168.90.1)' can't be established.
RSA key fingerprint is 28:c3:8c:2e:6c:8b:30:ba:71:ad:7d:6c:11:64:62:ed.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.90.1' (RSA) to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key
[root@h102 ~]# 长度加固到1024后就可以正常登录了
[root@h102 ~]# ssh admin@192.168.90.1
The authenticity of host '192.168.90.1 (192.168.90.1)' can't be established.
RSA key fingerprint is 43:ba:d6:2a:4a:94:d0:4f:43:ac:79:d8:5d:4f:3e:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.90.1' (RSA) to the list of known hosts.
admin@192.168.90.1's password:
Switch#show run
Switch#show running-config
Building configuration...
Current configuration : 2475 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
username admin privilege 15 password 0 admin123
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
!
aaa session-id common
switch 2 provision ws-c3750-48ts
system mtu routing 1500
--More-- 手动备份配置文件(运行时配置)
[root@h102 ~]# ssh admin@192.168.90.1
admin@192.168.90.1's password:
Switch#show flash
Directory of flash:/
2 -rwx 1100 Mar 1 1993 01:51:16 +00:00 private-config.text
3 -rwx 2475 Mar 1 1993 01:51:15 +00:00 config.text
364 drwx 192 Apr 13 1993 07:53:17 +00:00 c3750-advipservicesk9-mz.122-35.SE
363 -rwx 616 Mar 1 1993 00:15:24 +00:00 vlan.dat
15998976 bytes total (4786688 bytes free)
Switch#copy running-config tftp
Address or name of remote host []? 192.168.90.3
Destination filename [switch-confg]?
!!
2475 bytes copied in 1.141 secs (2169 bytes/sec)
Switch#检查一下备份内容
[root@h102 ~]# ll /var/lib/tftpboot/
total 644
-rw-r--r--. 1 root root 20832 May 15 2015 chain.c32
-rw-r--r--. 1 root root 26268 May 15 2015 memdisk
-rw-r--r--. 1 root root 61796 May 15 2015 menu.c32
-rw-r--r--. 1 root root 26759 May 15 2015 pxelinux.0
-rw-rw-rw- 1 nobody nobody 505802 May 15 15:51 sda2.log
-rw-rw-rw- 1 nobody nobody 2475 May 15 16:37 switch-confg
[root@h102 ~]# head /var/lib/tftpboot/switch-confg
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
[root@h102 ~]#Tip: 这个过程可能因为防火墙的问题导致没法上传成功,如果发现了类似
time out的报错,可以尝试通过打开服务器防火墙来解决,防火墙的检查方法为iptables -L -n防火墙的配置文件为/etc/sysconfig/iptables
编写自动备份脚本
[root@h102 backup_script]# vim conf_backup.pl
[root@h102 backup_script]# cat conf_backup.pl
#!/usr/bin/perl
#2017.05.15
#by wilmosfang
#used to save switch running-config
use Expect;
#connection info
$username="admin"; #swith login name
$password="admin123"; #switch login password
$switchip="192.168.90.1"; #switch ip
$serverip="192.168.90.3"; #tftp server ip
#save file
$configname="3750-switch-confg"; #config save name
#set time out
$timeout=10;
$exp = Expect->spawn("ssh -l $username $switchip");
$exp->expect($timeout,
[ qr/\(yes\/no\)/i,sub { my $self = shift;$self->send("yes\n");exp_continue;}],
[ qr/password:/i,sub { my $self = shift;$self->send("$password\n");exp_continue;}],
[ qr/sec\)/,sub { my $self = shift;$self->hard_close();}],
[ qr/Switch#$/,sub { my $self = shift;$self->send("copy running-config tftp\n");exp_continue;}],
[ qr/Address or name of remote host \[\]\?/,sub { my $self = shift;$self->send("$serverip\n");exp_continue;}],
[ qr/Destination filename \[switch-confg\]\?/,sub { my $self = shift;$self->send("$configname\n");exp_continue;}],
);
[root@h102 backup_script]# ll conf_backup.pl
-rw-r--r-- 1 root root 1033 May 15 18:21 conf_backup.pl
[root@h102 backup_script]# chmod +x conf_backup.pl
[root@h102 backup_script]# ll conf_backup.pl
-rwxr-xr-x 1 root root 1033 May 15 18:21 conf_backup.pl
[root@h102 backup_script]#运行脚本进行测试
[root@h102 backup_script]# ./conf_backup.pl
admin@192.168.90.1's password:
Switch#copy running-config tftp
Address or name of remote host []? 192.168.90.3
Destination filename [switch-confg]? 3750-switch-confg
!!
2475 bytes copied in 1.133 secs (2184 bytes/sec)
Switch#[root@h102 backup_script]#
------
[root@h102 tftpboot]# ls
3750-switch-confg memdisk pxelinux.0 switch-confg
chain.c32 menu.c32 sda2.log
[root@h102 tftpboot]# head 3750-switch-confg
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
[root@h102 tftpboot]#创建 git 仓库
[root@h102 tftpboot]# ls
3750-switch-confg switch-confg
[root@h102 tftpboot]# git init .
Initialized empty Git repository in /var/lib/tftpboot/.git/
[root@h102 tftpboot]# git add .
[root@h102 tftpboot]# git commit -m "abc"
[master (root-commit) ed36342] abc
Committer: root <root@h102.temp>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly:
git config --global user.name "Your Name"
git config --global user.email you@example.com
If the identity used for this commit is wrong, you can fix it with:
git commit --amend --author='Your Name <you@example.com>'
2 files changed, 320 insertions(+), 0 deletions(-)
create mode 100644 3750-switch-confg
create mode 100644 switch-confg
[root@h102 tftpboot]# git log --oneline
ed36342 abc
[root@h102 tftpboot]# pwd
/var/lib/tftpboot
[root@h102 tftpboot]#构建定时备份加版本控制脚本
[root@h102 bin]# vim git_commit.bash
[root@h102 bin]# cat git_commit.bash
#!/bin/bash
#2017.5.15
#by wilmosfang
#used to add to git
target_dir="/var/lib/tftpboot"
ts=`date +%Y%m%d%H%M%S`
sync_cmd="/root/perl_script/backup_script/conf_backup.pl"
git_cmd="/usr/bin/git"
$sync_cmd
cd $target_dir
$git_cmd add .
$git_cmd commit -am "$ts"
[root@h102 bin]# chmod +x git_commit.bash
[root@h102 bin]# ./git_commit.bash
admin@192.168.90.1's password:
Switch#copy running-config tftp
Address or name of remote host []? 192.168.90.3
Destination filename [switch-confg]? 3750-switch-confg
!!
2475 bytes copied in 1.158 secs (2137 bytes/sec)
Switch## On branch master
nothing to commit (working directory clean)
[root@h102 bin]# ll git_commit.bash
-rwxr-xr-x 1 root root 266 May 15 20:01 git_commit.bash
[root@h102 bin]# 备份测试
先修改一下目录中的文件内容
[root@h102 tftpboot]# echo test123 > abc
[root@h102 tftpboot]# ls
3750-switch-confg abc
[root@h102 tftpboot]#执行脚本
[root@h102 bin]# ./git_commit.bash
admin@192.168.90.1's password:
Switch#copy running-config tftp
Address or name of remote host []? 192.168.90.3
Destination filename [switch-confg]? 3750-switch-confg
!!
2475 bytes copied in 1.124 secs (2202 bytes/sec)
Switch#[master 1da38fd] 20170515201127
Committer: root <root@h102.temp>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly:
git config --global user.name "Your Name"
git config --global user.email you@example.com
If the identity used for this commit is wrong, you can fix it with:
git commit --amend --author='Your Name <you@example.com>'
1 files changed, 1 insertions(+), 1 deletions(-)
[root@h102 bin]# 检查一下版本日志
[root@h102 tftpboot]# git log --oneline
1da38fd 20170515201127
ff2d1fd 20170515193720
301e3d0 20170515193633
ed36342 abc
[root@h102 tftpboot]#设置定时任务
[root@h102 bin]# crontab -l
*/1 * * * * /root/bin/git_commit.bash 2>&1 1> /dev/null
[root@h102 bin]# 检查效果
[root@h102 tftpboot]# git log --oneline
1da38fd 20170515201127
ff2d1fd 20170515193720
301e3d0 20170515193633
ed36342 abc
[root@h102 tftpboot]# git log --oneline
3aa6ebb 20170515201901
1da38fd 20170515201127
ff2d1fd 20170515193720
301e3d0 20170515193633
ed36342 abc
[root@h102 tftpboot]#
[root@h102 tftpboot]# git diff 3aa6ebb 1da38fd
diff --git a/abc b/abc
index 0e4b0c7..5271a52 100644
--- a/abc
+++ b/abc
@@ -1 +1 @@
-abc123
+test123
[root@h102 tftpboot]#过五分钟
[root@h102 tftpboot]# git log --oneline
3aa6ebb 20170515201901
1da38fd 20170515201127
ff2d1fd 20170515193720
301e3d0 20170515193633
ed36342 abc
[root@h102 tftpboot]#可见没有变化
说明如果这个目录下的文件内容有变化,最长经过一分钟,就会生成一个以当前时间戳为标记的新版本,如果没有变化,则不会产生新的版本
期间如果交换机的运行配置发生了变化,最多经过一分钟也会导致一个新版本的产生
这个一分钟的间隙,可以根据具体生产环境而进行调整
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
云服务器
云服务器(Cloud Virtual Machine,CVM)提供安全可靠的弹性计算服务。 您可以实时扩展或缩减计算资源,适应变化的业务需求,并只需按实际使用的资源计费。使用 CVM 可以极大降低您的软硬件采购成本,简化 IT 运维工作。
腾讯云开发者
