Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Backing Up Cisco IOS CA Router using EEM

I have been using the EEM to backup a Cisco IOS CA routers critical files to an ftp server. However, I would like to also backup the .cnm files as well but as the numbers of the change constantly due to certificate renewal I can't name them all. Is it possible to use a wildcard (*.cnm) and loop the routine until it is done?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

No. You need to pick a directory on flash in which EEM Tcl policies will be stored (e.g. flash:/policies). Then, copy this file to that directory. Then configure the following:

event manager directory user policy flash:/policies

event manager policy tm_ca_backup.tcl

21 REPLIES
Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

Yes this is possible using glob. I wrote a simple little Tcl snippet to do this which I posted in this thread:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde3b88/0#selected_message

It should plug right into an EEM Tcl policy, but if you require more help adapting this to EEM, let me know.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Thanks for the quick reply. I am no TCL guru by any stretch of the imagination. In looking at the thread you linked I see two TCL snippets:

set fileList [glob -directory flash: -nocomplain *]

foreach file $fileList {

copy flash:/$file usbflash1:/$file

}

**************************************************************

set fileList [glob -directory flash: -nocomplain *]

foreach file $fileList {

copy $file usbflash1:

}

I'm not sure which one I should use. My use of EEM is limited to the action cli commands so I'm not sure how I would plug this into EEM.

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

You would use the second example as the $file variable will have the file system name in it. What does your current EEM backup policy look like?

New Member

Re: Backing Up Cisco IOS CA Router using EEM

OK, thanks for the clarification. Here is what I use now:

event manager applet CA_Backup

event timer cron cron-entry "0 3 * * 0-6"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "file prompt quiet"

action 4.0 cli command "end"

action 5.0 cli command "copy nvram:ST_3825_CA#1CA.cer ftp://10.111.1.127/"

action 5.1 cli command "copy flash:ST_3825_CA.ser ftp://10.111.1.127/"

action 5.2 cli command "copy flash:ST_3825_CA.crl ftp://10.111.1.127/"

action 5.3 cli command "copy flash:ST_3825_CA_00001.p12 ftp://10.111.1.127/"

action 5.4 cli command "copy flash:DMVPN-CA-Key.pub ftp://10.111.1.127/"

action 5.5 cli command "copy flash:DMVPN-CA-Key.prv ftp://10.111.1.127/"

action 5.6 cli command "copy nvram:startup-config ftp://10.111.1.127/"

action 6.0 cli command "config t"

action 7.0 cli command "no file prompt quiet"

action 8.0 cli command "end"

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

This new Tcl policy should do what you want.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Thanks, Joe I could have typed for a few years and never developed this. Forgive my ignorance but do I just paste this into the config?

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

No. You need to pick a directory on flash in which EEM Tcl policies will be stored (e.g. flash:/policies). Then, copy this file to that directory. Then configure the following:

event manager directory user policy flash:/policies

event manager policy tm_ca_backup.tcl

New Member

Re: Backing Up Cisco IOS CA Router using EEM

You should write a book on TCL for Cisco. :-) Thanks for all your help. I will try implementing this today.

Blue

Re: Backing Up Cisco IOS CA Router using EEM

Does/Can the latest LMS back up Tcl scripts, or is that feature on the road map? What is Cisco's recommended practice for backing up flash-based files such as this?

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

No, LMS does not backup arbitrary flash files like it does with vlan.dat. There is discussion about some more EEM management in LMS for a future release.

In the EEM space, we recommend you keep local backups of all your policies, but this must be done manually, or by using another EEM policy to do it.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Hi Joe,

The script you created worked great the first night but it has failed the last two nights in a row. When I go on the ftp server I can see that it fails at exactly the same file. The file is available and the permissions are OK so I am not sure what the issue might be. Can you help?

I've attached the error log.

Thanks...

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

What do you see if you try to copy this file manually to the FTP server?

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Thanks for the quick reply Joe. I just ftp'd manually without issue:

ST_3825_CA#copy flash:C.cnm ftp://10.111.1.127/

Writing C.cnm !

115 bytes copied in 0.040 secs (2875 bytes/sec)

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

Okay, then change the first line of the script, and add:

maxrun 600

Then unregister and re-register the policy, and it should work going forward.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

OK, I'm not sure where I am adding the "maxrun 600" to the script.

The first line is:

if [catch {cli_open} result] {

error $result $errorInfo

} else {

array set cli1 $result

}

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

No, the first line is:

::cisco::eem::event_register_timer cron cron_entry "0 3 * * 0-6"

You add maxrun 600 to the end of that line.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Whoops missed that up top. OK, I will do that. Thank you again.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Just wanted to let you know that the backup still failed to finish completely however it progressed further down the list of files. So increasing the maxrun timer had a positive effect. Is this timer measured in milliseconds? Would it be OK to increase it further without impacting the router adversely?

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

The timer is in seconds. Yes, you should continue to increase it until it can copy all of the files.

New Member

Re: Backing Up Cisco IOS CA Router using EEM

Just to let you know the issue was with the FTP server. Once we had that squared away the copy went with no problems. The only wierd thing is it appears to run twice. It does the FTP copies and then

just reruns itself one more time. I can live with that but it is odd.

Cisco Employee

Re: Backing Up Cisco IOS CA Router using EEM

That is a known bug, CSCsz12460. It is not yet fixed, and there is no workaround other than converting the cron timer to a watchdog timer.

1546
Views
0
Helpful
21
Replies
CreatePlease login to create content