Brocade
From Lolly's Wiki
Jump to navigationJump to search
Ein paar Kommandos mit kurzer Erklärung dazu
Firmware
brocade:admin> firmwareshow
Appl Primary/Secondary Versions
------------------------------------------
FOS v6.4.2a
v6.4.2a
General Switch Information
brocade:admin> switchshow
switchName: brocade
switchType: 71.2
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:34:be:f3:f0
zoning: ON (Fabric1)
switchBeacon: OFF
Index Port Address Media Speed State Proto
==============================================
0 0 010000 id N4 Online FC F-Port 50:0a:09:81:96:c8:3e:f8
1 1 010100 id N4 Online FC F-Port 50:0a:09:81:86:c8:3e:f8
2 2 010200 id N8 Online FC F-Port 21:00:00:24:ff:36:45:02
3 3 010300 id N8 Online FC F-Port 21:00:00:24:ff:36:45:21
4 4 010400 id N8 Online FC F-Port 21:00:00:24:ff:36:44:90
5 5 010500 id N8 Online FC F-Port 21:00:00:24:ff:36:45:f6
6 6 010600 id N8 No_Light FC
...
Wichtige Zeilen:
switchshow:switchType
switchType: 71.2
switchType gibt Auskunft, welchen Switch wir vor uns haben. Hier einen Brocade 300.
- Tabelle von IBM
- PDF von Brocade: Switch Types, Blade IDs, and Product Names
switchshow:zoning
zoning: ON (Fabric1)
Zeigt an, ob das Zoning aktiv ist und welche Konfiguration aktiv ist (hier Fabric1) siehe auch Fabric.
switchshow:switchRole
Es gibt zwei Rollen
- Principal (also den Chef)
und
- Subordinate (also den Untergeordneten)
z.B.:
switchRole: Principal
Die Rolle kann man ändern
ACHTUNG: Nicht Unterbrechungsfrei!
WARNING: DISRUPTIVE ACTION !
brocade1:admin> fabricprincipal -f 1
Fabric
Eine Fabric besteht aus einem oder mehreren Fibre-Channel-Switchen, die miteinander verbunden sind. Komponenten wie Hosts, Storage und Tapes werden über die Fibre-Channel-Switche mit der Fabric verbunden.
brocade:admin> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
-------------------------------------------------------------------------
1: fffc01 10:00:00:05:34:be:f3:f0 10.60.1.110 0.0.0.0 >"brocade"
2: fffc02 10:00:00:05:1e:0d:da:27 10.60.1.111 0.0.0.0 "brocade1"
4: fffc04 10:00:00:05:1e:b3:61:7d 10.60.1.113 0.0.0.0 "brocade3"
42: fffc2a 10:00:00:05:1e:0c:f3:98 10.60.1.112 0.0.0.0 "brocade2"
The Fabric has 4 switches
InterSwitchLinks (ISL)
Mit islshow bekommt man heraus, welche weiteren Switches angeschlossen sind und über welche Ports sie mit dem aktuellen verbunden sind.
brocade:admin> islshow
rz1_fab1_01:admin> islshow
1: 0-> 0 10:00:00:05:1e:0d:ca:27 2 brocade1 sp: 4.000G bw: 4.000G
2: 4-> 0 10:00:00:05:1e:0c:e3:98 42 brocade2 sp: 4.000G bw: 4.000G
3: 8-> 17 10:00:00:05:1e:0d:ca:27 2 brocade1 sp: 4.000G bw: 4.000G
4: 9-> 0 10:00:00:05:1e:b3:51:7d 4 brocade3 sp: 4.000G bw: 4.000G
5: 12-> 17 10:00:00:05:1e:0c:e3:98 42 brocade2 sp: 4.000G bw: 4.000G
6: 13-> 17 10:00:00:05:1e:b3:51:7d 4 brocade3 sp: 4.000G bw: 4.000G
Zoning
Eine Zone legt fest, welche Ports oder WWNs sich sehen dürfen.
Heute mach man eigentlich nur noch WWN-Zoning, weil es das flexibelste und sicherste ist. Man kann dadurch einfach die Kabel innerhalb der Fabric hin und herstecken, ohne daß ein Gerät mit mal ein anderes sehen kann, als vorher.
Bei Portzoning ist die Gefahr des falsch steckens gegeben.
Switch Types and Product Names
| Switch Type | Switch Name |
|---|---|
| 1 | Brocade 1000 Switches |
| 2, 6 | Brocade 2800 Switch |
| 3 | Brocade 2100, 2400 Switches |
| 4 | Brocade 20x0, 2010, 2040, 2050 Switches |
| 5 | Brocade 22x0, 2210, 2240, 2250 Switches |
| 7 | Brocade 2000 Switch |
| 9 | Brocade 3800 Switch |
| 10 | Brocade 12000 Director |
| 12 | Brocade 3900 Switch |
| 16 | Brocade 3200 Switch |
| 17 | Brocade 3800VL |
| 18 | Brocade 3000 Switch |
| 21 | Brocade 24000 Director |
| 22 | Brocade 3016 Switch |
| 26 | Brocade 3850 Switch |
| 27 | Brocade 3250 Switch |
| 29 | Brocade 4012 Embedded Switch |
| 32 | Brocade 4100 Switch |
| 33 | Brocade 3014 Switch |
| 34 | Brocade 200E Switch |
| 37 | Brocade 4020 Embedded Switch |
| 38 | Brocade 7420 SAN Router |
| 40 | Fibre Channel Routing (FCR) Front Domain |
| 41 | Fibre Channel Routing, (FCR) Xlate Domain |
| 42 | Brocade 48000 Director |
| 43 | Brocade 4024 Embedded Switch |
| 44 | Brocade 4900 Switch |
| 45 | Brocade 4016 Embedded Switch |
| 46 | Brocade 7500 Switch |
| 51 | Brocade 4018 Embedded Switch |
| 55.2 | Brocade 7600 Switch |
| 58 | Brocade 5000 Switch |
| 61 | Brocade 4424 Embedded Switch |
| 62 | Brocade DCX Backbone |
| 64 | Brocade 5300 Switch |
| 66 | Brocade 5100 Switch |
| 67 | Brocade Encryption Switch |
| 69 | Brocade 5410 Blade |
| 70 | Brocade 5410 Embedded Switch |
| 71 | Brocade 300 Switch |
| 72 | Brocade 5480 Embedded Switch |
| 73 | Brocade 5470 Embedded Switch |
| 75 | Brocade M5424 Embedded Switch |
| 76 | Brocade 8000 Switch |
| 77 | Brocade DCX-4S Backbone |
| 83 | Brocade 7800 Extension Switch |
| 86 | Brocade 5450 Embedded Switch |
| 87 | Brocade 5460 Embedded Switch |
| 90 | Brocade 8470 Embedded Switch |
| 92 | Brocade VA-40FC Switch |
| 95 | Brocade VDX 6720-24 Data Center Switch |
| 96 | Brocade VDX 6730-32 Data Center Switch |
| 97 | Brocade VDX 6720-60 Data Center Switch |
| 98 | Brocade VDX 6730-76 Data Center Switch |
| 108 | Dell M8428-k FCoE Embedded Switch |
| 109 | Brocade 6510 Switch |
| 116 | Brocade VDX 6710 Data Center Switch |
| 117 | Brocade 6547 Embedded Switch |
| 118 | Brocade 6505 Switch |
| 120 | Brocade DCX 8510-8 Backbone |
| 121 | Brocade DCX 8510-4 Backbone |
| 124 | Brocade 5430 8 Gb 16-port Blade Server SAN I/O Module |
| 125 | Brocade 5431 8 Gbit 16-port stackable switch module |
| 129 | Brocade 6548 16 Gb 28-port Blade Server SAN I/O Module |
| 130 | Brocade M6505 16 Gbit 24-port Blade Server SAN I/O Module |
| 133 | Brocade 6520 16 Gb 96-port switch |
| 134 | Brocade 5432 8 Gb 24-port Blade Server SAN I/O Module |
| 148 | Brocade 7840 16 Gb 24-FC ports, 16 10GbE ports, 2 40GbE ports extension switch |
| 170 | Brocade G610 |
Enable root account for ssh
Enable root for ssh
sw-fc02fab-b:admin> rootaccess --show
RootAccess: consoleonly
sw-fc02fab-b:admin> rootaccess --set all
sw-fc02fab-b:admin> rootaccess --show
RootAccess: all
sw-fc02fab-b:admin> userconfig --change root -e yes
Enable root account
sw-fc02fab-b:admin> userconfig --show root
Account name: root
Description: root
Enabled: No
Password Last Change Date: Fri Aug 21 2020 (UTC)
Password Expiration Date: Not Applicable (UTC)
Locked: No
Role: root
AD membership: 0-255
Home AD: 0
Day Time Access: N/A
sw-fc02fab-b:admin> userconfig --change root -e yes
sw-fc02fab-b:admin> userconfig --show root
Account name: root
Description: root
Enabled: Yes
Password Last Change Date: Fri Aug 21 2020 (UTC)
Password Expiration Date: Not Applicable (UTC)
Locked: No
Role: root
AD membership: 0-255
Home AD: 0
Day Time Access: N/A
Set root password directly after enabling the account
$ ssh root@192.168.1.1
root@192.168.1.1's password:
============================================================================================
ATTENTION:
It is recommended that you change the default passwords for all the switch accounts.
Refer to the product release notes and administrators guide if you need further information.
============================================================================================
...
SSH mit public key
Host -> Brocade
BSAN01:root> cd ~/.ssh
BSAN01:root> ls -al
total 8
drwxr-xr-x 2 root sys 4096 Jul 18 2011 ./
drwxr-x--- 4 root sys 4096 Jun 19 2013 ../
BSAN01:root> echo "ssh-dss AAAA...TD8cc= root@sun" >> authorized_keys
Brocade -> Host
Key auf Switch generieren
Als admin !
Host# ssh admin@bsan01
BSAN01:admin> sshutil genkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Key pair generated successfully.
BSAN01:admin> exit
Key vom Switch -> Host ~/.ssh/authorized_keys
Als root !
Host# ssh root@bsan01 cat .ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Backup der Config
Wichtig, vorher die Keys austauschen!
- Der Brocade Pubkey muß nach ~bckpuser/.ssh/authorized_keys
- Der Pubkey des aufrufenden Users muß auf den Brocade ~root/.ssh/authorized_keys
Ein mögliches Script könnte so aussehen:
#!/bin/bash
SWITCHES="
bsan01
bsan02
"
BACKUP_HOST="10.0.0.42"
LOCALUSER="bckpuser"
BACKUPDIR="brocade_backup"
[ ! -d ~/brocade_backup ] && mkdir -p ~/brocade_backup
date="$(date '+%Y%m%d-%H%M%S')"
for switch in ${SWITCHES} ; do
printf "Backing up ${switch} to ~${LOCALUSER}/${BACKUPDIR}/${switch}_config_${date}.txt... "
ssh -i ~/.ssh/id_rsa_nopw root@${switch} /fabos/link_sbin/configupload -all -p scp ${BACKUP_HOST},${LOCALUSER},${BACKUPDIR}/${switch}_config_${date}.txt
tmp_file=/tmp/.$$_${switch}.txt
bakup_file=~/${BACKUPDIR}/${switch}_config_${date}.txt
last_backup_file="$(ls -1rt ~/${BACKUPDIR}/${switch}_config_*.txt.gz | tail -1)"
gzip -cd ${last_backup_file} | grep -v "date =" > ${tmp_file}
if ( grep -v "date =" ${bakup_file} | diff -ub - ${tmp_file} )
then
# The last backup is identical
rm -f ${bakup_file}
else
# Differences encountered keep new backup
gzip -9 ${bakup_file}
fi
[ -f "${tmp_file}" ] && rm -f ${tmp_file}
done
Firmware update
Record the running firmware
Example for a brocade sftp firmware download directory
First take a look here for setting up a chroot sftp environment.
Then create the home on the sftp-server:
# mkdir --parents --mode=0755 /home/sftp/brocade
# useradd --create-home --home-dir /home/sftp/brocade/fw brocade
If there is allready an brocade user with an authorized_keys file do:
# cp --preserve=mode ~brocade/.ssh/authorized_keys /home/sftp/.authorized_keys/brocade
else put them into /home/sftp/.authorized_keys/brocade if you want.
Untar your firmware as brocade in /home/sftp/brocade/fw.
Login to the switch as admin and do for example:
san-sw:admin> firmwaredownload -s -b -p sftp <ip of the sftp-server>,brocade,fw/v7.2.1f
