Introduction: Scripting your Brocade Fibre Channel switches

Got tired as a SAN administrator after logging into all your Fibre Channel switches to perform just one configuration change? Well, I did and I decided to find a way to perform basic configuration tasks by script.

We all know how to remotely manage a Brocade fibre channel switch. If you have lots of time, you are using the WebTools. If you have only minutes left during a working day, you know almost all FabOS commands by heart, connecting to the switches using ssh.

On the top of my wishlist was the possibility to schedule an upload of the switch configuration. That’s why I started with this little project. At least the start was very easy. After spending several hours using ssh to connect to the switches the command to save the config was rapidly written down:
configupload -all -ftp 10.0.0.1,configupload,fcswitch01-today.txt
(For testing purposes the account configupload is configured without a password.)

That’s the beginning. Let’s now connect to the switch to execute this command. I choose to use Expect as a programming language. With this language it is very easy to respond on interactive commands, like snmpconfig. The idea is to build a framework, that can be used for all kinds of commands you can execute on a fibre channel switch. In Expect, you can connect to a Brocade switch using ssh with the command
spawn ssh -l admin fcswitch01

The nice part of Expect is in my opinion, you can describe what you will see. So what will happen, when setting up a ssh connection to fcswitch01 using the account admin? You will be asked to enter your password. So you can describe that as follows.
expect "*password: "

Now you can send your password within the script.
send "password\r"
The \r represents a hard return. If the password of the admin account is really “password”, you now will be logged on into the switch.

Again, you have to describe what the output of the ssh terminal, would be if you logged on by yourself. Afterwards, you can issue the command you want to execute. Finally you have to exit the session in a decent manner. This would be scripted as follows.
expect "*admin> "
send "configupload -all -ftp 10.0.0.1,configupload,fcswitch01-today.txt\r"
expect "*admin> "
send "exit\r"

At this point we have written a script that allows us to upload a switch configuration of a particular switch. Unfortunately a fibre channel SAN mostly consists of multiple switches. We don’t want to have one script per switch. We need to use some variables in the script and make the script more general. Besides that, I don’t think the presence of the account and the password in the script is a safe way.

To enhance the script, I usually use three text files. One is containing all the switches in the fabrics and the file is called switches.txt. For naming purposes I make sure name resolution is working for the switches. If customers don’t want to add them to DNS, I always edit the hosts file of the management server. A second file user.txt only contains the account used for login. In the third file password.txt the associated password is written.

The three files are opened read-only at the first three lines of the script:
set file [open ~/tools/switches.txt r]
set pass [open ~/tools/pass/password.txt r]
set account [open ~/tools/pass/user.txt r]

The user and password are put into a variable, so we can use that variable in the script. We use the command gets for it. gets reads one line of the text file.

gets $pass admpw
gets $account admin

Next to do, is to go to the file switches.txt and read one line after another and perform some actions to the switch. That is done in the following way.

while 1 {
if {[gets $file fcsw] == -1} break
commands
}

At the end I usually declare another variable in which the current date is set. I will use this date in the filename for the switch config.
set date [timestamp -format %Y%m%d]

When we combine al this programming, we will get the following script. I normally use this script every night to have a daily backup of all switch configurations.

set file [open ~/tools/switches.txt r]
set pass [open ~/tools/pass/password.txt r]
set account [open ~/tools/pass/user.txt r]
set date [timestamp -format %Y%m%d]
#--
gets $pass admpw
gets $account admin
#--
while 1 {
if {[gets $file fcsw] == -1} break
#--
spawn ssh -l $admin $fcsw
expect "*password: "
send "$admpw\r"
expect "*$admin> "
send "configupload -all -ftp 10.0.0.1,configupload,$fcsw-$date.txt\r"
expect "*$admin> "
send "exit\r"
}

The beauty of this script is maybe not the programming, but the reusability of it. Replace the command of the configupload with any other command you need to execute. This is a very fast way to make sure you have consistent configurations of all your switches. I will attach a script in which snmp settings are configured. You can also see how you can deal with interactive commands also with Expect.

configupload, the example described in this post

setsnmp-1, an example for configuring snmpv1

Share
  1. Superb one, Thanks for sharing.
    we can also do Password less login to the brocade switches , (One time SSH key entry in the switch), and that will make the job bit easier.

    Trying now ;)
    Cheers

  2. Great! it save a lot of time on this routine operation.
    Vladimir

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">