定时自动备份【新增飞塔防火墙】
新增飞塔防火墙支持命令行导出配置随即新增两个脚本做测试(testforti,user1.passwd),同理之前的脚本
DEVICENAME=(`cat /home/Network_Config_Backup/user1.passwd | awk '{print $1}'`) BACKUP_DATA=`date +%Y%m%d` devicename=${DEVICENAME} IPADDR=(`cat /home/Network_Config_Backup/user1.passwd | grep "$devicename" | awk '{print $3}'`) echo ${IPADDR} USERNAME=(`cat /home/Network_Config_Backup/user1.passwd | grep "$devicename" | awk '{print $4}'`) echo ${USERNAME} PASSWORD=(`cat /home/Network_Config_Backup/user1.passwd | grep "$devicename" | awk '{print $5}'`) echo ${PASSWORD} TABLE=(`cat /home/Network_Config_Backup/user1.passwd | grep "$devicename" | awk '{print $2}'`) echo ${TABLE} devicename=${devicename}_${BACKUP_DATA} if [ $TABLE = Forti ] then /usr/bin/expect >> /dev/null << EOF set timeout 100 log_file /data2/SW/$devicename spawn ssh ${USERNAME}@$IPADDR expect "*assword:" send "$PASSWORD\r" expect "*#" send "show\r" while (1) { expect { "*--More--" { send " " } "config router multicast" { break } } } EOF fi sleep 3 #判断备份目录中是否存在$devicename,如果存在则检查文件内是否存在字符串end或者return。如果文件不存在视为备份失败,如果不存在end或者return视为备份失败 if [ -f "/data2/SW/$devicename" ];then grep -E "^end$|^return$|config router multicast" /data2/SW/$devicename if [ $? -eq 0 ];then echo "$devicename $IPADDR 备份成功" echo "/data2/SW/${devicename}" echo "$devicename $IPADDR 备份成功" >> /home/Network_Config_Backup/$BACKUP_DATA/log echo "-------------------------------" else echo "$devicename $IPADDR 备份失败2" echo "/data2/SW/${devicename}" echo "$devicename $IPADDR 备份失败2" >> /home/Network_Config_Backup/$BACKUP_DATA/log echo "-------------------------------" fi else echo "$devicename $IPADDR 备份失败1" echo "$devicename $IPADDR 备份失败1" >> /home/Network_Config_Backup/$BACKUP_DATA/log echo "-------------------------------" fi
在以往的配置导出时发现飞塔配置的结尾为end但在配置中间还有N多个end,为防止混淆修改了判断以配置倒数第二行的(config router multicast)来判断,
在结果判断处新增判断(grep -E "^end$|^return$|config router multicast" /data2/SW/$devicename)。
在测试成功之后将测试的配置新增至之前的脚本中,做开始将新增的配置放置到Cisco和Huawei的下面去执行,但是在执行中最后会出现奇怪的地方,脚本识别了设备的种类,用户名地址和密码,但是在抓取命令的时候却是执行的华为的命令,经过排查也并未解决,随机我将华为和飞塔的脚本位置调换再去执行则完全成功,以下是完整的执行脚本。
#!/bin/bash #使用该脚本前需要安装tftp,xinetd,expect #取时间戳 BACKUP_DATA=`date +%Y%m%d` #创建时间戳的备份目录 mkdir -p /home/Network_Config_Backup/$BACKUP_DATA #TFTP服务根目录授权 chmod 777 /home/Network_Config_Backup/$BACKUP_DATA log=/data/log/start_${BACKUP_DATA}.log #修改TFTP根目录 sed -i "s/Network_Config_Backup\/......../Network_Config_Backup\/$BACKUP_DATA/" /etc/xinetd.d/tftp echo echo echo echo ------------------------------------------------------------ echo echo 该脚本适用于Cisco、Huawei、H3C 网络设备使用 echo Cisco使用tftp方式将配置文件上传到服务器 echo Huawei、H3C使用窗口记录方式获取配置信息 echo echo ------------------------------------------------------------ echo echo 备份文件存放位置: /home/Network_Config_Backup/$BACKUP_DATA echo echo echo systemctl restart xinetd sleep 4 #账号密码及IP地址存放在user.passwd中,通过awk获取所有IP并存放在数组IPADDR(大写) DEVICENAME=(`cat /home/Network_Config_Backup/user.passwd | awk '{print $1}'`) #for循环,取出所有设备名称devicename(小写) for devicename in ${DEVICENAME[@]} do #输出备份开始时间戳 echo "`date +%H:%M:%S` 开始备份$devicename" #根据设备名称devicename取出相应交换机的IP地址、用户、密码 IPADDR=(`cat /home/Network_Config_Backup/user.passwd | grep "$devicename" | awk '{print $3}'`) echo ${IPADDR} USERNAME=(`cat /home/Network_Config_Backup/user.passwd | grep "$devicename" | awk '{print $4}'`) echo ${USERNAME} PASSWORD=(`cat /home/Network_Config_Backup/user.passwd | grep "$devicename" | awk '{print $5}'`) echo ${PASSWORD} TABLE=(`cat /home/Network_Config_Backup/user.passwd | grep "$devicename" | awk '{print $2}'`) echo ${TABLE} devicename=${devicename}_${BACKUP_DATA} if [ $TABLE = Cisco ] then /usr/bin/expect >> /home/Network_Config_Backup/$BACKUP_DATA/log << EOF set timeout 10 spawn telnet $IPADDR expect "*sername:" send "$USERNAME\r" expect "*assword:" send "$PASSWORD\r" expect { "*>" { send "enable\r" expect "*assword:" send "$PASSWORD\r" expect "*#" send "copy running-config tftp:\r" expect "*remote host*" send "10.20.5.5\r" expect "*filename*" send "$devicename\n" expect "*!*" send "\n" } "*#" { send "copy running-config tftp:\r" expect "*remote host*" send "10.20.5.5\r" expect "*filename*" send "$devicename\n" expect "*!*" send "\n" } } EOF elif [ $TABLE = Forti ] then /usr/bin/expect >> /dev/null << EOF set timeout 100 log_file /data2/SW/$devicename spawn ssh ${USERNAME}@$IPADDR expect "*assword:" send "$PASSWORD\r" expect "*FLC-DFDC-OT-FW01 #" send "show\r" while (1) { expect { "*--More--" { send " " } "config router multicast" { break } } } EOF elif [ $TABLE = Huawei -o H3C ] then /usr/bin/expect >> /dev/null << EOF set timeout 100 log_file /data2/SW/$devicename spawn ssh ${USERNAME}@$IPADDR expect "*assword:" send "$PASSWORD\r" expect "*>" send "system-view\r" expect "*Z." send "user-interface vty 0 4\r" send "screen-length 0\r" send "display current-configuration\r" while (1) { expect { "*--- More ----" { send " " } "return" { break } } } EOF fi sleep 3 #判断备份目录中是否存在$devicename,如果存在则检查文件内是否存在字符串end或者return。如果文件不存在视为备份失败,如果不存在end或者return视为备份失败 if [ -f "/data2/SW/$devicename" ];then grep -E "^end$|^return$|config router multicast" /data2/SW/$devicename if [ $? -eq 0 ];then echo "$devicename $IPADDR 备份成功" echo "$devicename $IPADDR 备份成功" >> /home/Network_Config_Backup/$BACKUP_DATA/log echo "-------------------------------" else echo "$devicename $IPADDR 备份失败2" echo "$devicename $IPADDR 备份失败2" >> /home/Network_Config_Backup/$BACKUP_DATA/log echo "-------------------------------" fi else echo "$devicename $IPADDR 备份失败1" echo "$devicename $IPADDR 备份失败1" >> /home/Network_Config_Backup/$BACKUP_DATA/log echo "-------------------------------" fi done
浙公网安备 33010602011771号