Brocade

From Lolly's Wiki
Revision as of 17:00, 25 November 2021 by Lollypop (talk | contribs) (Text replacement - "<source" to "<syntaxhighlight")
Jump to navigationJump to search

Ein paar Kommandos mit kurzer Erklärung dazu

Firmware

<syntaxhighlight lang=bash> brocade:admin> firmwareshow Appl Primary/Secondary Versions


FOS v6.4.2a

        v6.4.2a

</source>

General Switch Information

<syntaxhighlight lang=bash> brocade:admin> switchshow switchName: brocade switchType: 71.2 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: fffc01 switchWwn: 10:00:00:05:34:be:f3:f0 zoning: ON (Fabric1) switchBeacon: OFF

Index Port Address Media Speed State Proto

==================================
 0   0   010000   id    N4   Online      FC  F-Port  50:0a:09:81:96:c8:3e:f8 
 1   1   010100   id    N4   Online      FC  F-Port  50:0a:09:81:86:c8:3e:f8 
 2   2   010200   id    N8   Online      FC  F-Port  21:00:00:24:ff:36:45:02 
 3   3   010300   id    N8   Online      FC  F-Port  21:00:00:24:ff:36:45:21 
 4   4   010400   id    N8   Online      FC  F-Port  21:00:00:24:ff:36:44:90 
 5   5   010500   id    N8   Online      FC  F-Port  21:00:00:24:ff:36:45:f6 
 6   6   010600   id    N8   No_Light    FC  

... </source> Wichtige Zeilen:

switchshow:switchType

<syntaxhighlight lang=bash> switchType: 71.2 </source> switchType gibt Auskunft, welchen Switch wir vor uns haben. Hier einen Brocade 300.

switchshow:zoning

<syntaxhighlight lang=bash> zoning: ON (Fabric1) </source> Zeigt an, ob das Zoning aktiv ist und welche Konfiguration aktiv ist (hier Fabric1) siehe auch Fabric.

switchshow:switchRole

Es gibt zwei Rollen

  • Principal (also den Chef)

und

  • Subordinate (also den Untergeordneten)

z.B.: <syntaxhighlight lang=bash> switchRole: Principal </source>

Die Rolle kann man ändern

ACHTUNG: Nicht Unterbrechungsfrei!
WARNING: DISRUPTIVE ACTION ! <syntaxhighlight lang=bash> brocade1:admin> fabricprincipal -f 1 </source>

Fabric

Eine Fabric besteht aus einem oder mehreren Fibre-Channel-Switchen, die miteinander verbunden sind. Komponenten wie Hosts, Storage und Tapes werden über die Fibre-Channel-Switche mit der Fabric verbunden.

<syntaxhighlight lang=bash> brocade:admin> fabricshow Switch ID Worldwide Name Enet IP Addr FC IP Addr Name


 1: fffc01 10:00:00:05:34:be:f3:f0 10.60.1.110     0.0.0.0        >"brocade"
 2: fffc02 10:00:00:05:1e:0d:da:27 10.60.1.111     0.0.0.0         "brocade1"
 4: fffc04 10:00:00:05:1e:b3:61:7d 10.60.1.113     0.0.0.0         "brocade3"
42: fffc2a 10:00:00:05:1e:0c:f3:98 10.60.1.112     0.0.0.0         "brocade2"

The Fabric has 4 switches </source>

InterSwitchLinks (ISL)

Mit islshow bekommt man heraus, welche weiteren Switches angeschlossen sind und über welche Ports sie mit dem aktuellen verbunden sind.

<syntaxhighlight lang=bash> brocade:admin> islshow rz1_fab1_01:admin> islshow

 1:  0->  0 10:00:00:05:1e:0d:ca:27   2 brocade1 sp:  4.000G bw:  4.000G 
 2:  4->  0 10:00:00:05:1e:0c:e3:98  42 brocade2 sp:  4.000G bw:  4.000G 
 3:  8-> 17 10:00:00:05:1e:0d:ca:27   2 brocade1 sp:  4.000G bw:  4.000G 
 4:  9->  0 10:00:00:05:1e:b3:51:7d   4 brocade3 sp:  4.000G bw:  4.000G 
 5: 12-> 17 10:00:00:05:1e:0c:e3:98  42 brocade2 sp:  4.000G bw:  4.000G 
 6: 13-> 17 10:00:00:05:1e:b3:51:7d   4 brocade3 sp:  4.000G bw:  4.000G 

</source>

Zoning

Eine Zone legt fest, welche Ports oder WWNs sich sehen dürfen.

Heute mach man eigentlich nur noch WWN-Zoning, weil es das flexibelste und sicherste ist. Man kann dadurch einfach die Kabel innerhalb der Fabric hin und herstecken, ohne daß ein Gerät mit mal ein anderes sehen kann, als vorher.

Bei Portzoning ist die Gefahr des falsch steckens gegeben.

Switch Types and Product Names

Switch Type Switch Name
1 Brocade 1000 Switches
2, 6 Brocade 2800 Switch
3 Brocade 2100, 2400 Switches
4 Brocade 20x0, 2010, 2040, 2050 Switches
5 Brocade 22x0, 2210, 2240, 2250 Switches
7 Brocade 2000 Switch
9 Brocade 3800 Switch
10 Brocade 12000 Director
12 Brocade 3900 Switch
16 Brocade 3200 Switch
17 Brocade 3800VL
18 Brocade 3000 Switch
21 Brocade 24000 Director
22 Brocade 3016 Switch
26 Brocade 3850 Switch
27 Brocade 3250 Switch
29 Brocade 4012 Embedded Switch
32 Brocade 4100 Switch
33 Brocade 3014 Switch
34 Brocade 200E Switch
37 Brocade 4020 Embedded Switch
38 Brocade 7420 SAN Router
40 Fibre Channel Routing (FCR) Front Domain
41 Fibre Channel Routing, (FCR) Xlate Domain
42 Brocade 48000 Director
43 Brocade 4024 Embedded Switch
44 Brocade 4900 Switch
45 Brocade 4016 Embedded Switch
46 Brocade 7500 Switch
51 Brocade 4018 Embedded Switch
55.2 Brocade 7600 Switch
58 Brocade 5000 Switch
61 Brocade 4424 Embedded Switch
62 Brocade DCX Backbone
64 Brocade 5300 Switch
66 Brocade 5100 Switch
67 Brocade Encryption Switch
69 Brocade 5410 Blade
70 Brocade 5410 Embedded Switch
71 Brocade 300 Switch
72 Brocade 5480 Embedded Switch
73 Brocade 5470 Embedded Switch
75 Brocade M5424 Embedded Switch
76 Brocade 8000 Switch
77 Brocade DCX-4S Backbone
83 Brocade 7800 Extension Switch
86 Brocade 5450 Embedded Switch
87 Brocade 5460 Embedded Switch
90 Brocade 8470 Embedded Switch
92 Brocade VA-40FC Switch
95 Brocade VDX 6720-24 Data Center Switch
96 Brocade VDX 6730-32 Data Center Switch
97 Brocade VDX 6720-60 Data Center Switch
98 Brocade VDX 6730-76 Data Center Switch
108 Dell M8428-k FCoE Embedded Switch
109 Brocade 6510 Switch
116 Brocade VDX 6710 Data Center Switch
117 Brocade 6547 Embedded Switch
118 Brocade 6505 Switch
120 Brocade DCX 8510-8 Backbone
121 Brocade DCX 8510-4 Backbone
124 Brocade 5430 8 Gb 16-port Blade Server SAN I/O Module
125 Brocade 5431 8 Gbit 16-port stackable switch module
129 Brocade 6548 16 Gb 28-port Blade Server SAN I/O Module
130 Brocade M6505 16 Gbit 24-port Blade Server SAN I/O Module
133 Brocade 6520 16 Gb 96-port switch
134 Brocade 5432 8 Gb 24-port Blade Server SAN I/O Module
148 Brocade 7840 16 Gb 24-FC ports, 16 10GbE ports, 2 40GbE ports extension switch
170 Brocade G610

Enable root account for ssh

Enable root for ssh

<syntaxhighlight lang=bash> sw-fc02fab-b:admin> rootaccess --show RootAccess: consoleonly

sw-fc02fab-b:admin> rootaccess --set all

sw-fc02fab-b:admin> rootaccess --show RootAccess: all

sw-fc02fab-b:admin> userconfig --change root -e yes </source>

Enable root account

<syntaxhighlight lang=bash> sw-fc02fab-b:admin> userconfig --show root

Account name: root Description: root Enabled: No Password Last Change Date: Fri Aug 21 2020 (UTC) Password Expiration Date: Not Applicable (UTC) Locked: No Role: root AD membership: 0-255 Home AD: 0 Day Time Access: N/A

sw-fc02fab-b:admin> userconfig --change root -e yes

sw-fc02fab-b:admin> userconfig --show root

Account name: root Description: root Enabled: Yes Password Last Change Date: Fri Aug 21 2020 (UTC) Password Expiration Date: Not Applicable (UTC) Locked: No Role: root AD membership: 0-255 Home AD: 0 Day Time Access: N/A </source>

Set root password directly after enabling the account

<syntaxhighlight lang=bash> $ ssh root@192.168.1.1 root@192.168.1.1's password:

================================================================================
                                     ATTENTION:  

It is recommended that you change the default passwords for all the switch accounts. Refer to the product release notes and administrators guide if you need further information.

================================================================================

... </source>


SSH mit public key

Host -> Brocade

<syntaxhighlight lang=bash> BSAN01:root> cd ~/.ssh BSAN01:root> ls -al total 8 drwxr-xr-x 2 root sys 4096 Jul 18 2011 ./ drwxr-x--- 4 root sys 4096 Jun 19 2013 ../ BSAN01:root> echo "ssh-dss AAAA...TD8cc= root@sun" >> authorized_keys </source>

Brocade -> Host

Key auf Switch generieren

Als admin ! <syntaxhighlight lang=bash> Host# ssh admin@bsan01 BSAN01:admin> sshutil genkey Enter passphrase (empty for no passphrase): Enter same passphrase again: Key pair generated successfully. BSAN01:admin> exit </source>

Key vom Switch -> Host ~/.ssh/authorized_keys

Als root ! <syntaxhighlight lang=bash> Host# ssh root@bsan01 cat .ssh/id_rsa.pub >> ~/.ssh/authorized_keys </source>

Backup der Config

Wichtig, vorher die Keys austauschen!

  1. Der Brocade Pubkey muß nach ~bckpuser/.ssh/authorized_keys
  2. Der Pubkey des aufrufenden Users muß auf den Brocade ~root/.ssh/authorized_keys

Ein mögliches Script könnte so aussehen: <syntaxhighlight lang=bash>

  1. !/bin/bash

SWITCHES=" bsan01 bsan02 " BACKUP_HOST="10.0.0.42" LOCALUSER="bckpuser" BACKUPDIR="brocade_backup"

[ ! -d ~/brocade_backup ] && mkdir -p ~/brocade_backup

date="$(date '+%Y%m%d-%H%M%S')" for switch in ${SWITCHES} ; do

 printf "Backing up ${switch} to ~${LOCALUSER}/${BACKUPDIR}/${switch}_config_${date}.txt... "
 ssh -i ~/.ssh/id_rsa_nopw root@${switch} /fabos/link_sbin/configupload -all -p scp ${BACKUP_HOST},${LOCALUSER},${BACKUPDIR}/${switch}_config_${date}.txt
 tmp_file=/tmp/.$$_${switch}.txt
 bakup_file=~/${BACKUPDIR}/${switch}_config_${date}.txt
 last_backup_file="$(ls -1rt ~/${BACKUPDIR}/${switch}_config_*.txt.gz | tail -1)"
 gzip -cd ${last_backup_file} | grep -v "date =" > ${tmp_file}
 if ( grep -v "date =" ${bakup_file} | diff -ub - ${tmp_file} )
 then
   # The last backup is identical
   rm -f ${bakup_file}
 else
   # Differences encountered keep new backup
   gzip -9 ${bakup_file}
 fi
 [ -f "${tmp_file}" ] && rm -f ${tmp_file}

done </source>

Firmware update

Record the running firmware

Example for a brocade sftp firmware download directory

First take a look here for setting up a chroot sftp environment.

Then create the home on the sftp-server: <syntaxhighlight lang=bash>

  1. mkdir --parents --mode=0755 /home/sftp/brocade
  2. useradd --create-home --home-dir /home/sftp/brocade/fw brocade

</source>

If there is allready an brocade user with an authorized_keys file do: <syntaxhighlight lang=bash>

  1. cp --preserve=mode ~brocade/.ssh/authorized_keys /home/sftp/.authorized_keys/brocade

</source> else put them into /home/sftp/.authorized_keys/brocade if you want.

Untar your firmware as brocade in /home/sftp/brocade/fw.

Login to the switch as admin and do for example: <syntaxhighlight lang=bash> san-sw:admin> firmwaredownload -s -b -p sftp <ip of the sftp-server>,brocade,fw/v7.2.1f </source>