I'm fairly new to CSM so this may be a newbee question. In the "old days" we would write mem to save the running config to startup, then write net to save the running config to a defined file on an TFTP server. But now that we use CSM, there is no write net function that happens during the process of deploying a change to the config. The actual config is saved in CSM somewhere since we are actually making changes to it before deploying a change, right? But it's not in a format where I could replace a failed ASA by "copy tftp startup-config?"
I read where you can "Preview Configuration" and then Copy/Paste the "ASA(Full)" configuration, but there is a major flaw in that plan. The displayed output hides all of the passwords. I.E. enable, passwd, tacacs+ or radius keys, local username password. Beside's, Copy/Paste has never been the best option to initially configure, or to replace a failed unit. All you are doing is hoping the running config isn't interfering with what you are pasting. (The Factory Config for DHCP comes to mind).
Is there a function where I can export the entire configuration to a file that is the complete startup configuration? Or, is there a function I could enable to have the ASA's periodically "Write Net?"
You could configure a FlexConfig for one or more ASAs in order to execute the copy command before and/or after a config push. I just tested this on my CSM 4.2 server and it worked. You will want to use the /noconfirm option so that the end device doesn't present interactive prompts to CSM.