Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Questions and Answers


Loading

Submitting

Backup script for F5 LTM and FTP the UCS off to another server

question

I am trying to automate backups on my F5 LTMs. I have downloaded the following script and tried to run it. For Version 11.x branch https://devcentral.f5.com/wiki/AdvDesignConfig.LTM_Backup_Shell_Script.ashx But it keeps throwing errors

With version 10 backup script the bagpipe backup script worked fine. Now that we are running v11 I can't seem to get it to run. Any assistance would be appreciated.

This scripts works with V9 and V10. create the script called ftpbackup.sh "vi ftpbackup.sh" #!/bin/sh # ftp server ip address HOST='10.2.2.5' # ftp user name USER='ftp_user' # ftp password PASSWD='passw0rd1234' # check if LTM is active node or stanby node A=$(bigpipe failover show | grep -c "active") # store date, to appended to end of the ucs file D=$(date +%d_%m_%Y_%H-%M-%S) # store the hostname of the ltm node U=$(uname -n) # remove all old ucs files rm -f /var/local/ucs/*.ucs case ${A} in # if ltm is active do a config sync and wait 60 sec and generate a ucs file "1") bigpipe config sync; sleep 60; bigpipe config save $U-$D; echo " active unit";; # if lmt not active wait before creating the ucs file "0") sleep 180; bigpipe config save $U-$D; echo "Standby unit";; esac # ftp to remote ftp server ftp -inv $HOST <<ftp_script user $USER $PASSWD bin lcd /var/local/ucs/ mput *.ucs bye ftp_script ### save and exit vi editor # give new script execute rights chmod 1 ftpbackup.sh # As root edit cron file with the crontab -e # crontab format # Minute Hour Day of Month Month Day of Week Command # (0-59) (0-23) (1-31) (1-12 or Jan-Dec) (0-6 or Sun-Sat) 0 0 * * * /var/local/script/ftpbackup.sh

works like a charm

13 Answer(s):

it might help if you tell which errors you get, have you set all variables correctly?

But it keeps throwing errors

what is the error message?

Can you provide some information on the errors please? Perhaps you have an old version that contains bigpipe commands?

<p>here is the code and below is the error:</p> <h1>!/bin/sh -x</h1> <h1></h1> <h1>Name: backup_cron_scriptv11.sh</h1> <h1></h1> <h1></h1> <h1>BIG-IP Backup Script</h1> <h1></h1> <h1>This script automates LTM v11 Backups and saves the files with hostname and date</h1> <h1>off to an FTP server</h1> <h1>version 1.0</h1> <h1>Author: Bhattman</h1> <h1>Original Date: 01/07/10</h1> <h1>Modified by Yih Wen 30/11/12</h1> <p>tmsh save /sys ucs /var/tmp/BIG-IP_backup export a=<code>date +"%y%m%d"</code> export aa=$HOSTNAME.$a.ucs export b=/var/tmp/$aa mv /var/tmp/BIG-IP_backup.ucs $b </p> <p>tar -cf /var/tmp/certs.tar /config/ssl<br> export ff=$HOSTNAME.$a.certs.tar export f=/var/tmp/$ff mv /var/tmp/certs.tar $f </p> <h1>Added By Ed Elias 11/26/02</h1> <p>export c=$HOSTNAME.$a.crontab export cc=/var/tmp/$c cp /etc/crontab $cc </p> <p>export MName=xxxxxxx export Log=/var/tmp/log.bigip </p> <p>export UserName=xxxxx export UserPassword=xxxxxx </p> <h1>Added and Updated by Ed Elias 11/14/07</h1> <p>export Machine1f2=$aa export Machine1f3=$c export Machine1f4=$ff ftp -nvd ${MName} <<-END 1>&2 > ${Log} user ${UserName} ${UserPassword} bin put ${b} ${Machine1f2} put ${cc} ${Machine1f3} put ${f} ${Machine1f4} quit END rm -f ${b} rm -f ${cc} rm -f ${f} RTN_CODE=$? </p> <p>exit $RTN_CODE </p> <dl> <dt>Error I am receiving:</dt> <dd>command not found:</dd> <dd>command not found4: " unknown property ': not a valid identifierort: <code>': not a valid identifierort:</code> ': not a valid identifierort: <code>mv: target</code>\r' is not a directory</dd> <dd>command not found1: tar: Removing leading <code>/' from member names tar: \r: Cannot stat: No such file or directory tar: Error exit delayed from previous errors ': not a valid identifierort:</code> ': not a valid identifierort: <code>mv: target</code>\r' is not a directory</dd> <dd>command not found6:</dd> <dd>command not found8: ': not a valid identifierort: <code>': not a valid identifierort:</code> cp: target <code>\r' is not a directory : command not found2: ': not a valid identifierort: </code></dd> <dd>command not found2: ': not a valid identifierort: <code>': not a valid identifierort:</code></dd> <dd>command not found5: ': not a valid identifierort: <code>': not a valid identifierort:</code></dd> <dd>command not found8: ': not a valid identifierort: <code>': not a valid identifierort:</code> ': not a valid identifierort: `</dd> </dl>

Are the HTML tags in your script or is that just something DC has added? If they are in your script I'd suggest you copy and paste the script from the website again in a way that doesn't include the tags.

this is mine.

# bigip

[root@ve11a:Standby:Not All Devices Synced] config # /var/tmp/backup_cron_scriptv11.sh
+ tmsh save /sys ucs /var/tmp/BIG-IP_backup
Saving active configuration...
/var/tmp/BIG-IP_backup.ucs is saved.
++ date +%y%m%d
+ export a=130905
+ a=130905
+ export aa=ve11a.acme.com.130905.ucs
+ aa=ve11a.acme.com.130905.ucs
+ export b=/var/tmp/ve11a.acme.com.130905.ucs
+ b=/var/tmp/ve11a.acme.com.130905.ucs
+ mv /var/tmp/BIG-IP_backup.ucs /var/tmp/ve11a.acme.com.130905.ucs
+ tar -cf /var/tmp/certs.tar /config/ssl
tar: Removing leading `/' from member names
+ export ff=ve11a.acme.com.130905.certs.tar
+ ff=ve11a.acme.com.130905.certs.tar
+ export f=/var/tmp/ve11a.acme.com.130905.certs.tar
+ f=/var/tmp/ve11a.acme.com.130905.certs.tar
+ mv /var/tmp/certs.tar /var/tmp/ve11a.acme.com.130905.certs.tar
+ export c=ve11a.acme.com.130905.crontab
+ c=ve11a.acme.com.130905.crontab
+ export cc=/var/tmp/ve11a.acme.com.130905.crontab
+ cc=/var/tmp/ve11a.acme.com.130905.crontab
+ cp /etc/crontab /var/tmp/ve11a.acme.com.130905.crontab
+ export MName=200.200.200.101
+ MName=200.200.200.101
+ export Log=/var/tmp/log.bigip
+ Log=/var/tmp/log.bigip
+ export UserName=root
+ UserName=root
+ export UserPassword=password
+ UserPassword=password
+ export Machine1f2=ve11a.acme.com.130905.ucs
+ Machine1f2=ve11a.acme.com.130905.ucs
+ export Machine1f3=ve11a.acme.com.130905.crontab
+ Machine1f3=ve11a.acme.com.130905.crontab
+ export Machine1f4=ve11a.acme.com.130905.certs.tar
+ Machine1f4=ve11a.acme.com.130905.certs.tar
+ ftp -nvd 200.200.200.101
+ rm -f /var/tmp/ve11a.acme.com.130905.ucs
+ rm -f /var/tmp/ve11a.acme.com.130905.crontab
+ rm -f /var/tmp/ve11a.acme.com.130905.certs.tar
+ RTN_CODE=0
+ exit 0

# ftpd

[root@centos101 ~]# ls -l ve*
-rw-r--r-- 1 root root 1679360 Sep  5 01:39 ve11a.acme.com.130905.certs.tar
-rw-r--r-- 1 root root     253 Sep  5 01:39 ve11a.acme.com.130905.crontab
-rw-r--r-- 1 root root  732092 Sep  5 01:39 ve11a.acme.com.130905.ucs

Backups are much simplified in 11.4 with the introduction of iCall. I wrote up an iCall-based backup solution a while back, and the iApp template here in the wiki.

I think the problem that I am having might have to do with the fact I am possibly not running the script as the root account. The tmsh save /sys ucs /var/tmp/BIG-IP_backup command won't run from the command line unless I give the tmsh command first. I copied the script into the etc/cron.daily and have been running it manually to see if it works.

The problem with the script file was it contained carriage returns. I removed them and the script appears to run...but it is now prompting for a password.

If I enter the FTP password I then get failed login.

If I use the FTP command from the command line and enter in the username and password it connects to the remote server without an issue.

does your username or password contain any special characters that might cause issues? you could try with a simple username / password (just letters) first to check if it does.

Here is the code:

#!/bin/sh -x
#
#Name: backup_cron_scriptv11.sh
#
#BIG-IP Backup Script
#
#This script automates LTM v11 Backups and saves the files with hostname and date off to an FTP server
#version 1.0
#Author: Bhattman
#Original Date: 01/07/10
#Modified by Yih Wen 30/11/12

tmsh save /sys ucs /var/tmp/BIG-IP_backup export a=<code>date +"%y%m%d"</code> export aa=$HOSTNAME.$a.ucs export b=/var/tmp/$aa mv /var/tmp/BIG-IP_backup.ucs $b 
tar -cf /var/tmp/certs.tar /config/ssl
export ff=$HOSTNAME.$a.certs.tar export f=/var/tmp/$ff mv /var/tmp/certs.tar $f 

#Added By Ed Elias 11/26/02
export c=$HOSTNAME.$a.crontab export cc=/var/tmp/$c cp /etc/crontab $cc 
export MName=192.168.10.10 export Log=/var/tmp/log.bigip 
export UserName=testuser export UserPassword=testpassword 

#Added and Updated by Ed Elias 11/14/07
export Machine1f2=$aa export Machine1f3=$c export Machine1f4=$ff ftp -nvd ${MName} <<-END 1>&2 > ${Log} user ${UserName} ${UserPassword} bin put ${b} ${Machine1f2} put ${cc} ${Machine1f3} put ${f} ${Machine1f4} quit END rm -f ${b} rm -f ${cc} rm -f ${f} RTN_CODE=$? 
exit $RTN_CODE 
Here is what I am seeing:
[testuser@F5:Active:In Sync] cron.daily # sh -x ./f5backupv11.sh + tmsh save /sys ucs /var/tmp/BIG-IP_backup Saving active configuration... /var/tmp/BIG-IP_backup.ucs is saved. ++ date +%y%m%d + export a=130909 + a=130909 + export aa=f5.test.com.130909.ucs + aa=f5.test.com.130909.ucs + export b=/var/tmp/f5.test.com.130909.ucs + b=/var/tmp/f5.test.com.130909.ucs + mv /var/tmp/BIG-IP_backup.ucs /var/tmp/f5.test.com.130909.ucs + tar -cf /var/tmp/certs.tar /config/ssl tar: Removing leading `/' from member names + export ff=f5.test.com.130909.certs.tar + ff=f5.test.com.130909.certs.tar + export f=/var/tmp/f5.test.com.130909.certs.tar + f=/var/tmp/f5.test.com.130909.certs.tar + mv /var/tmp/certs.tar /var/tmp/f5.test.com.130909.certs.tar + export c=f5.test.com.130909.crontab + c=f5.test.com.130909.crontab + export cc=/var/tmp/f5.test.com.130909.crontab + cc=/var/tmp/f5.test.com.130909.crontab + cp /etc/crontab /var/tmp/f5.test.com.130909.crontab + export MName=192.168.10.10 + MName=192.168.10.10 + export Log=/var/tmp/log.bigip + Log=/var/tmp/log.bigip + export UserName=testuser + UserName=testuser + export UserPassword=testpassword + UserPassword=testpassword + export Machine1f2=f5.test.com.130909.ucs + Machine1f2=f5.test.com.130909.ucs + export Machine1f3=f5.test.com.130909.crontab + Machine1f3=f5.test.com.130909.crontab + export Machine1f4=f5.test.com.130909.certs.tar + Machine1f4=f5.test.com.130909.certs.tar + ftp -n -vd 192.168.10.10</p> <p>Here is what it is showing in the logs:</p> <p>[testuser@F5:Active:In Sync] tmp # vi log.bigip Connected to 192.168.10.10 (192.168.10.10). 220 testsrv X2 WS_FTP Server 6.1.1(82011250) ---> SYST 503 Command SYST not accepted during Connected ---> USER testuser 331 Enter password ---> PASS XXXX 230 User logged in ---> TYPE I 200 Transfer mode set to BINARY local: /var/tmp/f5.test.com.130909.ucs remote: f5.test.com.130909.ucs ---> PASV ~
  1. Create directory on BIG-IP /shared/ucs/ as root:
    mkdir /shared/ucs
  2. Copy the backup script (backupucs) as root via SCP to /shared/backupucs and make it executable:
    chmod +x /shared/backupucs
  3. Create a SSH public keys as root:
    ssh-keygen -t dsa
  4. Export the local root public key for remote login on the target / backup server:
    ssh-copy-id -i ~/.ssh/id_dsa.pub remote_user@your_backup_server
  5. Modify cron on BIG-IP as root:
    crontab -e

# cron tab for root
1-59/30 * * * * /usr/bin/diskmonitor
00 5 * * * /shared/backupucs

The following script will now be triggered by cron each morning 5 a.m..
A current .ucs file with hostname and timestamp in its name will be created and copied to the target server via SCP.
Files older than 7 days will be deleted.
Don´t forget to modify the passphrase. ;)
As the archive contains the private keys, encrypted export should be mandatory.

\#! /bin/bash
time=`date +%Y_%m_%d_%H%M`
unit=`tmsh list sys global-settings one-line | grep -oP '(?<=hostname\s)[^\.]*'`
tmsh save /sys ucs /shared/ucs/autoarchive_${unit}_${time}.ucs passphrase 'topsecret'
scp /shared/ucs/autoarchive_${unit}_${time}.ucs remote_user@your_backup_server:/data/config/loadbalancer/
find /shared/ucs/ -name "autoarchive*" -mtime +7 -ls >> /var/log/ucsdelete
find /shared/ucs/ -name "autoarchive*" -mtime +7 -ls -exec rm -f {} \;

script runs when executed line by line but when executed in a file, it fails to run. error is: [root@devicename:/S1-green-P:Active] shared # ./backupucs1 Data Input Error: A filename and only one file should be specified. .ucs: No such file or directorySalpdc01 : command not found5:

Would you insert a new line (#2) with "set -x" in the script. If you run it now from shell it should be clear what line throws the error. Btw, the "backslash" (line #1 pos #1) is wrong in the script.

First of all, thanks for all your replies. Here is the problem that we were having with the script not FTPing: Firewall is blocking the passive mode ftp transfer.

http://blogs.msdn.com/b/asiatech/archive/2009/04/30/iis-ftp-service-hang-due-to-ports-contention-in-passive-mode.aspx

We can request a change for the firewall config to be fixed so that FTP works transparently.

In the mean time, I added a "passive" command in the ftp blurp in the script. This command is a toggle switch command, and when it is run for the first time, it turns off the passive mode (i.e. all ftp transfers take place in active mode). With FTP mode active, script is working fine.

Once again thanks.

Your answer: