Brocade
Ein paar Kommandos mit kurzer Erklärung dazu
Firmware
<syntaxhighlight lang=bash> brocade:admin> firmwareshow Appl Primary/Secondary Versions
FOS v6.4.2a
v6.4.2a
</source>
General Switch Information
<syntaxhighlight lang=bash> brocade:admin> switchshow switchName: brocade switchType: 71.2 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: fffc01 switchWwn: 10:00:00:05:34:be:f3:f0 zoning: ON (Fabric1) switchBeacon: OFF
Index Port Address Media Speed State Proto
==================================
0 0 010000 id N4 Online FC F-Port 50:0a:09:81:96:c8:3e:f8 1 1 010100 id N4 Online FC F-Port 50:0a:09:81:86:c8:3e:f8 2 2 010200 id N8 Online FC F-Port 21:00:00:24:ff:36:45:02 3 3 010300 id N8 Online FC F-Port 21:00:00:24:ff:36:45:21 4 4 010400 id N8 Online FC F-Port 21:00:00:24:ff:36:44:90 5 5 010500 id N8 Online FC F-Port 21:00:00:24:ff:36:45:f6 6 6 010600 id N8 No_Light FC
... </source> Wichtige Zeilen:
switchshow:switchType
<syntaxhighlight lang=bash> switchType: 71.2 </source> switchType gibt Auskunft, welchen Switch wir vor uns haben. Hier einen Brocade 300.
- Tabelle von IBM
- PDF von Brocade: Switch Types, Blade IDs, and Product Names
switchshow:zoning
<syntaxhighlight lang=bash> zoning: ON (Fabric1) </source> Zeigt an, ob das Zoning aktiv ist und welche Konfiguration aktiv ist (hier Fabric1) siehe auch Fabric.
switchshow:switchRole
Es gibt zwei Rollen
- Principal (also den Chef)
und
- Subordinate (also den Untergeordneten)
z.B.: <syntaxhighlight lang=bash> switchRole: Principal </source>
Die Rolle kann man ändern
ACHTUNG: Nicht Unterbrechungsfrei!
WARNING: DISRUPTIVE ACTION !
<syntaxhighlight lang=bash>
brocade1:admin> fabricprincipal -f 1
</source>
Fabric
Eine Fabric besteht aus einem oder mehreren Fibre-Channel-Switchen, die miteinander verbunden sind. Komponenten wie Hosts, Storage und Tapes werden über die Fibre-Channel-Switche mit der Fabric verbunden.
<syntaxhighlight lang=bash> brocade:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
1: fffc01 10:00:00:05:34:be:f3:f0 10.60.1.110 0.0.0.0 >"brocade" 2: fffc02 10:00:00:05:1e:0d:da:27 10.60.1.111 0.0.0.0 "brocade1" 4: fffc04 10:00:00:05:1e:b3:61:7d 10.60.1.113 0.0.0.0 "brocade3" 42: fffc2a 10:00:00:05:1e:0c:f3:98 10.60.1.112 0.0.0.0 "brocade2"
The Fabric has 4 switches </source>
InterSwitchLinks (ISL)
Mit islshow bekommt man heraus, welche weiteren Switches angeschlossen sind und über welche Ports sie mit dem aktuellen verbunden sind.
<syntaxhighlight lang=bash> brocade:admin> islshow rz1_fab1_01:admin> islshow
1: 0-> 0 10:00:00:05:1e:0d:ca:27 2 brocade1 sp: 4.000G bw: 4.000G 2: 4-> 0 10:00:00:05:1e:0c:e3:98 42 brocade2 sp: 4.000G bw: 4.000G 3: 8-> 17 10:00:00:05:1e:0d:ca:27 2 brocade1 sp: 4.000G bw: 4.000G 4: 9-> 0 10:00:00:05:1e:b3:51:7d 4 brocade3 sp: 4.000G bw: 4.000G 5: 12-> 17 10:00:00:05:1e:0c:e3:98 42 brocade2 sp: 4.000G bw: 4.000G 6: 13-> 17 10:00:00:05:1e:b3:51:7d 4 brocade3 sp: 4.000G bw: 4.000G
</source>
Zoning
Eine Zone legt fest, welche Ports oder WWNs sich sehen dürfen.
Heute mach man eigentlich nur noch WWN-Zoning, weil es das flexibelste und sicherste ist. Man kann dadurch einfach die Kabel innerhalb der Fabric hin und herstecken, ohne daß ein Gerät mit mal ein anderes sehen kann, als vorher.
Bei Portzoning ist die Gefahr des falsch steckens gegeben.
Switch Types and Product Names
| Switch Type | Switch Name |
|---|---|
| 1 | Brocade 1000 Switches |
| 2, 6 | Brocade 2800 Switch |
| 3 | Brocade 2100, 2400 Switches |
| 4 | Brocade 20x0, 2010, 2040, 2050 Switches |
| 5 | Brocade 22x0, 2210, 2240, 2250 Switches |
| 7 | Brocade 2000 Switch |
| 9 | Brocade 3800 Switch |
| 10 | Brocade 12000 Director |
| 12 | Brocade 3900 Switch |
| 16 | Brocade 3200 Switch |
| 17 | Brocade 3800VL |
| 18 | Brocade 3000 Switch |
| 21 | Brocade 24000 Director |
| 22 | Brocade 3016 Switch |
| 26 | Brocade 3850 Switch |
| 27 | Brocade 3250 Switch |
| 29 | Brocade 4012 Embedded Switch |
| 32 | Brocade 4100 Switch |
| 33 | Brocade 3014 Switch |
| 34 | Brocade 200E Switch |
| 37 | Brocade 4020 Embedded Switch |
| 38 | Brocade 7420 SAN Router |
| 40 | Fibre Channel Routing (FCR) Front Domain |
| 41 | Fibre Channel Routing, (FCR) Xlate Domain |
| 42 | Brocade 48000 Director |
| 43 | Brocade 4024 Embedded Switch |
| 44 | Brocade 4900 Switch |
| 45 | Brocade 4016 Embedded Switch |
| 46 | Brocade 7500 Switch |
| 51 | Brocade 4018 Embedded Switch |
| 55.2 | Brocade 7600 Switch |
| 58 | Brocade 5000 Switch |
| 61 | Brocade 4424 Embedded Switch |
| 62 | Brocade DCX Backbone |
| 64 | Brocade 5300 Switch |
| 66 | Brocade 5100 Switch |
| 67 | Brocade Encryption Switch |
| 69 | Brocade 5410 Blade |
| 70 | Brocade 5410 Embedded Switch |
| 71 | Brocade 300 Switch |
| 72 | Brocade 5480 Embedded Switch |
| 73 | Brocade 5470 Embedded Switch |
| 75 | Brocade M5424 Embedded Switch |
| 76 | Brocade 8000 Switch |
| 77 | Brocade DCX-4S Backbone |
| 83 | Brocade 7800 Extension Switch |
| 86 | Brocade 5450 Embedded Switch |
| 87 | Brocade 5460 Embedded Switch |
| 90 | Brocade 8470 Embedded Switch |
| 92 | Brocade VA-40FC Switch |
| 95 | Brocade VDX 6720-24 Data Center Switch |
| 96 | Brocade VDX 6730-32 Data Center Switch |
| 97 | Brocade VDX 6720-60 Data Center Switch |
| 98 | Brocade VDX 6730-76 Data Center Switch |
| 108 | Dell M8428-k FCoE Embedded Switch |
| 109 | Brocade 6510 Switch |
| 116 | Brocade VDX 6710 Data Center Switch |
| 117 | Brocade 6547 Embedded Switch |
| 118 | Brocade 6505 Switch |
| 120 | Brocade DCX 8510-8 Backbone |
| 121 | Brocade DCX 8510-4 Backbone |
| 124 | Brocade 5430 8 Gb 16-port Blade Server SAN I/O Module |
| 125 | Brocade 5431 8 Gbit 16-port stackable switch module |
| 129 | Brocade 6548 16 Gb 28-port Blade Server SAN I/O Module |
| 130 | Brocade M6505 16 Gbit 24-port Blade Server SAN I/O Module |
| 133 | Brocade 6520 16 Gb 96-port switch |
| 134 | Brocade 5432 8 Gb 24-port Blade Server SAN I/O Module |
| 148 | Brocade 7840 16 Gb 24-FC ports, 16 10GbE ports, 2 40GbE ports extension switch |
| 170 | Brocade G610 |
Enable root account for ssh
Enable root for ssh
<syntaxhighlight lang=bash> sw-fc02fab-b:admin> rootaccess --show RootAccess: consoleonly
sw-fc02fab-b:admin> rootaccess --set all
sw-fc02fab-b:admin> rootaccess --show RootAccess: all
sw-fc02fab-b:admin> userconfig --change root -e yes </source>
Enable root account
<syntaxhighlight lang=bash> sw-fc02fab-b:admin> userconfig --show root
Account name: root Description: root Enabled: No Password Last Change Date: Fri Aug 21 2020 (UTC) Password Expiration Date: Not Applicable (UTC) Locked: No Role: root AD membership: 0-255 Home AD: 0 Day Time Access: N/A
sw-fc02fab-b:admin> userconfig --change root -e yes
sw-fc02fab-b:admin> userconfig --show root
Account name: root Description: root Enabled: Yes Password Last Change Date: Fri Aug 21 2020 (UTC) Password Expiration Date: Not Applicable (UTC) Locked: No Role: root AD membership: 0-255 Home AD: 0 Day Time Access: N/A </source>
Set root password directly after enabling the account
<syntaxhighlight lang=bash> $ ssh root@192.168.1.1 root@192.168.1.1's password:
================================================================================
ATTENTION:
It is recommended that you change the default passwords for all the switch accounts. Refer to the product release notes and administrators guide if you need further information.
================================================================================
... </source>
SSH mit public key
Host -> Brocade
<syntaxhighlight lang=bash> BSAN01:root> cd ~/.ssh BSAN01:root> ls -al total 8 drwxr-xr-x 2 root sys 4096 Jul 18 2011 ./ drwxr-x--- 4 root sys 4096 Jun 19 2013 ../ BSAN01:root> echo "ssh-dss AAAA...TD8cc= root@sun" >> authorized_keys </source>
Brocade -> Host
Key auf Switch generieren
Als admin ! <syntaxhighlight lang=bash> Host# ssh admin@bsan01 BSAN01:admin> sshutil genkey Enter passphrase (empty for no passphrase): Enter same passphrase again: Key pair generated successfully. BSAN01:admin> exit </source>
Key vom Switch -> Host ~/.ssh/authorized_keys
Als root ! <syntaxhighlight lang=bash> Host# ssh root@bsan01 cat .ssh/id_rsa.pub >> ~/.ssh/authorized_keys </source>
Backup der Config
Wichtig, vorher die Keys austauschen!
- Der Brocade Pubkey muß nach ~bckpuser/.ssh/authorized_keys
- Der Pubkey des aufrufenden Users muß auf den Brocade ~root/.ssh/authorized_keys
Ein mögliches Script könnte so aussehen: <syntaxhighlight lang=bash>
- !/bin/bash
SWITCHES=" bsan01 bsan02 " BACKUP_HOST="10.0.0.42" LOCALUSER="bckpuser" BACKUPDIR="brocade_backup"
[ ! -d ~/brocade_backup ] && mkdir -p ~/brocade_backup
date="$(date '+%Y%m%d-%H%M%S')" for switch in ${SWITCHES} ; do
printf "Backing up ${switch} to ~${LOCALUSER}/${BACKUPDIR}/${switch}_config_${date}.txt... "
ssh -i ~/.ssh/id_rsa_nopw root@${switch} /fabos/link_sbin/configupload -all -p scp ${BACKUP_HOST},${LOCALUSER},${BACKUPDIR}/${switch}_config_${date}.txt
tmp_file=/tmp/.$$_${switch}.txt
bakup_file=~/${BACKUPDIR}/${switch}_config_${date}.txt
last_backup_file="$(ls -1rt ~/${BACKUPDIR}/${switch}_config_*.txt.gz | tail -1)"
gzip -cd ${last_backup_file} | grep -v "date =" > ${tmp_file}
if ( grep -v "date =" ${bakup_file} | diff -ub - ${tmp_file} )
then
# The last backup is identical
rm -f ${bakup_file}
else
# Differences encountered keep new backup
gzip -9 ${bakup_file}
fi
[ -f "${tmp_file}" ] && rm -f ${tmp_file}
done </source>
Firmware update
Record the running firmware
Example for a brocade sftp firmware download directory
First take a look here for setting up a chroot sftp environment.
Then create the home on the sftp-server: <syntaxhighlight lang=bash>
- mkdir --parents --mode=0755 /home/sftp/brocade
- useradd --create-home --home-dir /home/sftp/brocade/fw brocade
</source>
If there is allready an brocade user with an authorized_keys file do: <syntaxhighlight lang=bash>
- cp --preserve=mode ~brocade/.ssh/authorized_keys /home/sftp/.authorized_keys/brocade
</source> else put them into /home/sftp/.authorized_keys/brocade if you want.
Untar your firmware as brocade in /home/sftp/brocade/fw.
Login to the switch as admin and do for example: <syntaxhighlight lang=bash> san-sw:admin> firmwaredownload -s -b -p sftp <ip of the sftp-server>,brocade,fw/v7.2.1f </source>
