-
Cisco UCS Manager CLI Configuration Guide, Release 2.1
-
Preface
- Introduction
-
System Configuration
-
Configuring the Fabric Interconnects
-
Configuring Ports and Port Channels
-
Configuring Communication Services
-
Configuring Authentication
-
Configuring Organizations
-
Configuring Role-Based Access Control
-
Configuring DNS Servers
-
Configuring System-Related Policies
-
Managing Licenses
-
Managing Virtual Interfaces
-
Registering Cisco UCS Domains with Cisco UCS Central
-
- Network Configuration
- Storage Configuration
- Server Configuration
- System Management
- System Monitoring
-
Index
-
Feedback
Contents
- Backing Up and Restoring the Configuration
- Backup and Export Configuration
- Backup Types
- Considerations and Recommendations for Backup Operations
- Scheduled Backups
- Full State Backup Policy
- All Configuration Export Policy
- Import Configuration
- Import Methods
- System Restore
- Required User Role for Backup and Import Operations
- Configuring Backup Operations
- Creating a Backup Operation
- Running a Backup Operation
- Modifying a Backup Operation
- Deleting a Backup Operation
- Configuring Scheduled Backups
- Configuring the Full State Backup Policy
- Configuring the All Configuration Export Policy
- Configuring Import Operations
- Creating an Import Operation
- Running an Import Operation
- Modifying an Import Operation
- Deleting an Import Operation
- Restoring the Configuration for a Fabric Interconnect
- Erasing the Configuration
Backing Up and Restoring the Configuration
This chapter includes the following sections:
- Backup and Export Configuration
- Backup Types
- Considerations and Recommendations for Backup Operations
- Import Configuration
- Import Methods
- System Restore
- Required User Role for Backup and Import Operations
- Configuring Backup Operations
- Configuring Scheduled Backups
- Configuring Import Operations
- Restoring the Configuration for a Fabric Interconnect
- Erasing the Configuration
Backup and Export Configuration
When you perform a backup through Cisco UCS Manager, you take a snapshot of all or part of the system configuration and export the file to a location on your network. You cannot use Cisco UCS Manager to back up data on the servers.
You can perform a backup while the system is up and running. The backup operation only saves information from the management plane. It does not have any impact on the server or network traffic.
Backup Types
You can perform one or more of the following types of backups through Cisco UCS:
- Full state—A binary file that includes a snapshot of the entire system. You can use the file generated from this backup to restore the system during disaster recovery. This file can restore or rebuild the configuration on the original fabric interconnect, or recreate the configuration on a different fabric interconnect. You cannot use this file for an import.
- All configuration—An XML file that includes all system and logical configuration settings. You can use the file generated from this backup to import these configuration settings to the original fabric interconnect or to a different fabric interconnect. You cannot use this file for a system restore. This file does not include passwords for locally authenticated users.
- System configuration—An XML file that includes all system configuration settings such as usernames, roles, and locales. You can use the file generated from this backup to import these configuration settings to the original fabric interconnect or to a different fabric interconnect. You cannot use this file for a system restore.
- Logical configuration—An XML file that includes all logical configuration settings such as service profiles, VLANs, VSANs, pools, and policies. You can use the file generated from this backup to import these configuration settings to the original fabric interconnect or to a different fabric interconnect. You cannot use this file for a system restore.
Considerations and Recommendations for Backup Operations
Before you create a backup operation, consider the following:
- Backup Locations
The backup location is the destination or folder on the network where you want Cisco UCS Manager to export the backup file. You can maintain only one backup operation for each location where you plan to save a backup file.
- Potential to Overwrite Backup Files
If you rerun a backup operation without changing the filename, Cisco UCS Manager overwrites the existing file on the server. To avoid overwriting existing backup files, change the filename in the backup operation or copy the existing file to another location.
- Multiple Types of Backups
You can run and export more than one type of backup to the same location. You need to change the backup type before you rerun the backup operation. We recommend that you change the filename for easier identification of the backup type and to avoid overwriting the existing backup file.
- Scheduled Backups
You can create a backup operation in advance and leave the admin state disabled until you are ready to run the backup. Cisco UCS Manager does not run the backup operation, save, or export the configuration file until you set the admin state of the backup operation to enabled.
- Incremental Backups
You cannot perform incremental backups of Cisco UCS Manager.
- Encryption of Full State Backups
Full state backups are encrypted so that passwords and other sensitive information are not exported as clear text.
Scheduled Backups
You can configure policies in Cisco UCS to schedule the following types of backups:
You cannot schedule any other type of backup.
Full State Backup Policy
The full state backup policy allows you to schedule regular full state backups of a snapshot of the entire system. You can choose whether to configure the full state backup to occur on a daily, weekly, or bi-weekly basis.
Cisco UCS maintains a maximum number of backup files on the remote server. When that number is exceeded, Cisco UCS overwrites the oldest backup file.
All Configuration Export Policy
The all configuration backup policy allows you to schedule a regular backup and export of all system and logical configuration settings. This backup does not include passwords for locally authenticated users. You can choose whether to configure the all configuration backup to occur on a daily, weekly, or bi-weekly basis.
Cisco UCS maintains a maximum number of backup files on the remote server. When that number is exceeded, Cisco UCS overwrites the oldest backup file.
Import Configuration
You can import any configuration file that was exported from Cisco UCS. The file does not need to have been exported from the same Cisco UCS.
The import function is available for all configuration, system configuration, and logical configuration files. You can perform an import while the system is up and running. An import operation modifies information on the management plane only. Some modifications caused by an import operation, such as a change to a vNIC assigned to a server, can cause a server reboot or other operations that disrupt traffic.
You cannot schedule an import operation. You can, however, create an import operation in advance and leave the admin state disabled until you are ready to run the import.Cisco UCS will not run the import operation on the configuration file until you set the admin state to enabled.
You can maintain only one import operation for each location where you saved a configuration backup file.
Import Methods
You can use one of the following methods to import and update a system configuration through Cisco UCS:
- Merge—The information in the imported configuration file is compared with the existing configuration information. If there are conflicts, the import operation overwrites the information on the Cisco UCS domain with the information in the import configuration file.
- Replace—The current configuration information is replaced with the information in the imported configuration file one object at a time.
System Restore
You can use the restore function for disaster recovery.
You can restore a system configuration from any full state backup file that was exported from Cisco UCS. The file does not need to have been exported from Cisco UCS on the system that you are restoring. When restoring using a backup file that was exported from a different system, we strongly recommend that you use a system with the same or similar system configuration and hardware, including fabric interconnects, servers, adapters, and I/O module or FEX connectivity. Mismatched hardware and/or system configuration can lead to the restored system not fully functioning. If there is a mismatch between the I/O module links or servers on the two systems, acknowledge the chassis and/or servers after the restore operation.
The restore function is only available for a full state backup file. You cannot import a full state backup file. You perform a restore through the initial system setup.
Required User Role for Backup and Import Operations
You must have a user account that includes the admin role to create and run backup and import operations.
Configuring Backup Operations
Creating a Backup Operation
ProcedureThe following example shows how to create a disabled all-configuration backup operation for hostname host35 and commit the transaction:
UCS-A# scope system UCS-A /system* # create backup scp://user@host35/backups/all-config9.bak all-configuration disabled Password: UCS-A /system* # commit-buffer UCS-A /system #Running a Backup Operation
Procedure
Command or Action Purpose
Step 1 UCS-A# scope system Enters system mode.
Step 2 UCS-A /system # scope backup hostname Enters system backup mode for the specified hostname.
Step 3 UCS-A /system/backup # enable
Note For backup operations using FTP, SCP, SFTP, you are prompted for the password. Enter the password before committing the transaction.
Step 4 UCS-A /system/backup # commit-buffer Commits the transaction.
Modifying a Backup Operation
ProcedureYou can modify a backup operation to save a file of another backup type to that location or to change the filename and avoid overwriting previous backup files.
Command or Action Purpose
Step 1 UCS-A# scope system Enters system mode.
Step 2 UCS-A /system # scope backup hostname Enters system backup mode for the specified hostname.
Step 3 UCS-A /system/backup # disable (Optional) Disables an enabled backup operation so that it does not automatically run when the transaction is committed.
Step 4 UCS-A /system/backup # enable (Optional) Automatically runs the backup operation as soon as you commit the transaction.
Step 5 UCS-A /system/backup # set descr description (Optional) Provides a description for the backup operation.
Note If your description includes spaces, special characters, or punctuation, you must begin and end your description with quotation marks. The quotation marks will not appear in the description field of any show command output.
Step 6 UCS-A /system/backup # set protocol {ftp | scp | sftp | tftp} (Optional) Specifies the protocol to use when communicating with the remote server.
Step 7 UCS-A /system/backup # set remote-file filename (Optional) Specifies the name of the configuration file that is being backed up.
Step 8 UCS-A /system/backup # set type backup-type (Optional) Specifies the type of backup file to be made. The backup-type argument can be one of the following values:
- all-configuration —Backs up the server, fabric, and system related configuration
- logical-configuration —Backs up the fabric and service profile related configuration
- system-configuration —Backs up the system related configuration
- full-state —Backs up the full state for disaster recovery
Note Full-state backup files cannot be imported using an import operation. They are used only to restore the configuration for a fabric interconnect.
Step 9 UCS-A /system/backup # set preserve-pooled-values {no | yes} (Optional) Specifies whether pool-derived identity values, such as vHBA WWPN, vNIC MAC, WWNN, and UUID, will be saved with the backup.
Step 10 UCS-A /system/backup # set user username (Optional) Specifies the username the system should use to log in to the remote server. This step does not apply if the TFTP protocol is used.
Step 11 UCS-A /system/backup # set password (Optional) After you press Enter, you are prompted to enter the password.
Specifies the password for the remote server username. This step does not apply if the TFTP protocol is used.
Step 12 UCS-A /system/backup # commit-buffer Commits the transaction.
The following example adds a description and changes the protocol, username, and password for the host35 backup operation and commits the transaction:
UCS-A# scope system UCS-A /system # scope backup host35 UCS-A /system/backup # set descr "This is a backup operation for host35." UCS-A /system/backup* # set protocol sftp UCS-A /system/backup* # set user UserName32 UCS-A /system/backup* # set password Password: UCS-A /system/backup* # set preserve-pooled-values no UCS-A /system/backup* # commit-buffer UCS-A /system #Configuring Scheduled Backups
Configuring the Full State Backup Policy
Procedure
Command or Action Purpose
Step 1 UCS-A# scope org org-name Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.
Step 2 UCS-A /org # scope backup-policy default Enters the all configuration export policy mode.
Step 3 UCS-A /org/backup-policy # set hostname {hostname | ip-addr} Specifies the hostname or IP address of the location where the backup policy is stored. This can be a server, storage array, local drive, or any read/write media that the fabric interconnect can access through the network.
Note If you use a hostname rather than an IP address, you must configure a DNS server. If the Cisco UCS domain is not registered with Cisco UCS Central or DNS management is set to local, configure a DNS server in Cisco UCS Manager. If the Cisco UCS domain is registered with Cisco UCS Central and DNS management is set to global, configure a DNS server in Cisco UCS Central.
Step 4 UCS-A /org/backup-policy # set protocol {ftp | scp | sftp | tftp} Specifies the protocol to use when communicating with the remote server.
Step 5 UCS-A /org/backup-policy # set user username Specifies the username the system should use to log in to the remote server. This step does not apply if the TFTP protocol is used.
Step 6 UCS-A /system/backup-policy # set password After you press Enter, you are prompted to enter the password.
Specifies the password for the remote server username. This step does not apply if the TFTP protocol is used.
Step 7 UCS-A /system/backup-policy # set remote-file filename Specifies the full path to the backup file. This field can contain the filename as well as the path. If you omit the filename, the backup procedure assigns a name to the file.
Step 8 UCS-A /system/backup-policy # set adminstate {disabled | enabled} Specifies the admin state for the policy. This can be one of the following:
Step 9 UCS-A /system/backup-policy # set schedule {daily | weekly | bi-weekly} Specifies the frequency with which Cisco UCS Manager exports the backup file.
Step 10 UCS-A /system/backup-policy # set descr description Specifies a description for the backup policy.
Enter up to 256 characters. You can use any characters or spaces except ` (accent mark), \ (backslash), ^ (carat), " (double quote), = (equal sign), > (greater than), < (less than), or ' (single quote).
Step 11 UCS-A /backup-policy # commit-buffer Commits the transaction.
The following example shows how to configure the full state backup policy for a weekly backup and commit the transaction:
UCS-A# scope org / UCS-A /org # scope backup-policy default UCS-A /org/backup-policy # set hostname host35 UCS-A /org/backup-policy* # set protocol scp UCS-A /org/backup-policy* # set user UserName32 UCS-A /backup-policy* # set password Password: UCS-A /backup-policy* # set remote-file /backups/full-state1.bak UCS-A /backup-policy* # set adminstate enabled UCS-A /backup-policy* # set schedule weekly UCS-A /backup-policy* # set descr "This is a full state weekly backup." UCS-A /backup-policy* # commit-buffer UCS-A /backup-policy #Configuring the All Configuration Export Policy
Procedure
Command or Action Purpose
Step 1 UCS-A# scope org org-name Enters organization mode for the specified organization. To enter the root organization mode, enter / as the org-name.
Step 2 UCS-A /org # scope cfg-export-policy default Enters the all configuration export policy mode.
Step 3 UCS-A /org/cfg-export-policy # set hostname {hostname | ip-addr} Specifies the hostname or IP address of the location where the configuration file is stored. This can be a server, storage array, local drive, or any read/write media that the fabric interconnect can access through the network.
Note If you use a hostname rather than an IP address, you must configure a DNS server. If the Cisco UCS domain is not registered with Cisco UCS Central or DNS management is set to local, configure a DNS server in Cisco UCS Manager. If the Cisco UCS domain is registered with Cisco UCS Central and DNS management is set to global, configure a DNS server in Cisco UCS Central.
Step 4 UCS-A /org/cfg-export-policy # set protocol {ftp | scp | sftp | tftp} Specifies the protocol to use when communicating with the remote server.
Step 5 UCS-A /org/cfg-export-policy # set user username Specifies the username the system should use to log in to the remote server. This step does not apply if the TFTP protocol is used.
Step 6 UCS-A /system/cfg-export-policy # set password After you press Enter, you are prompted to enter the password.
Specifies the password for the remote server username. This step does not apply if the TFTP protocol is used.
Step 7 UCS-A /system/cfg-export-policy # set remote-file filename Specifies the full path to the exported configuration file. This field can contain the filename as well as the path. If you omit the filename, the backup procedure assigns a name to the file.
Step 8 UCS-A /system/cfg-export-policy # set adminstate {disabled | enabled} Specifies the admin state for the policy. This can be one of the following:
Step 9 UCS-A /system/cfg-export-policy # set schedule {daily | weekly | bi-weekly} Specifies the frequency with which Cisco UCS Manager exports the configuration information.
Step 10 UCS-A /system/cfg-export-policy # set descr description Specifies a description for the configuration export policy.
Enter up to 256 characters. You can use any characters or spaces except ` (accent mark), \ (backslash), ^ (carat), " (double quote), = (equal sign), > (greater than), < (less than), or ' (single quote).
Step 11 UCS-A /cfg-export-policy # commit-buffer Commits the transaction.
The following example shows how to configure the all configuration export policy for a weekly backup and commit the transaction:
UCS-A# scope org / UCS-A /org # scope cfg-export-policy default UCS-A /org/cfg-export-policy # set hostname host35 UCS-A /org/cfg-export-policy* # set protocol scp UCS-A /org/cfg-export-policy* # set user UserName32 UCS-A /cfg-export-policy* # set password Password: UCS-A /cfg-export-policy* # set remote-file /backups/all-config9.bak UCS-A /cfg-export-policy* # set adminstate enabled UCS-A /cfg-export-policy* # set schedule weekly UCS-A /cfg-export-policy* # set descr "This is an all configuration backup." UCS-A /cfg-export-policy* # commit-buffer UCS-A /cfg-export-policy #Configuring Import Operations
Creating an Import Operation
You cannot import a Full State configuration file. You can import any of the following configuration files:
Before You BeginProcedureCollect the following information that you will need to import a configuration file:
Command or Action Purpose
Step 1 UCS-A# scope system Enters system mode.
Step 2 UCS-A /system # create import-config URL {disabled | enabled} {merge | replace} Creates an import operation. Specify the URL for the file being imported using one of the following syntax:
- ftp:// username@hostname / path
- scp:// username@hostname / path
- sftp:// username@hostname / path
- tftp:// hostname : port-num / path
You can save multiple import operations, but only one operation for each hostname is saved.
If you use the enable keyword, the import operation automatically runs as soon as you enter the commit-buffer command. If you use the disable keyword, the import operation will not run until it is enabled. When enabling an import operation, you must specify the hostname you used when creating the import operation.
If you use the merge keyword, the configuration information is merged with the existing information. If there are conflicts, the system replaces the information on the current system with the information in the import configuration file. If you use the replace keyword, the system takes each object in the import configuration file and overwrites the corresponding object in the current configuration.
Step 3 UCS-A /system/import-config# set descr description (Optional) Provides a description for the import operation.
Note If your description includes spaces, special characters, or punctuation, you must begin and end your description with quotation marks. The quotation marks will not appear in the description field of any show command output.
Step 4 UCS-A /system/import-config # commit-buffer Commits the transaction.
The following example creates a disabled import operation for hostname host35 that replaces the existing configuration and commits the transaction:
UCS-A# scope system UCS-A /system* # create import-config scp://user@host35/backups/all-config9.bak disabled replace Password: UCS-A /system/import-config* # commit-buffer UCS-A /system/import-config #Running an Import Operation
Modifying an Import Operation
Procedure
Command or Action Purpose
Step 1 UCS-A# scope system Enters system mode.
Step 2 UCS-A /system # scope import-config hostname Enters system import configuration mode for the specified hostname.
Step 3 UCS-A /system/import-config # disable (Optional) Disables an enabled import operation so that it does not automatically run when the transaction is committed.
Step 4 UCS-A /system/import-config # enable (Optional) Automatically runs the import operation as soon as you commit the transaction.
Step 5 UCS-A /system/import-config # set action {merge | replace} (Optional) Specifies one of the following action types to use for the import operation:
- Merge —The configuration information is merged with the existing information. If there are conflicts, the system replaces the information on the current system with the information in the import configuration file.
- Replace —The system takes each object in the import configuration file and overwrites the corresponding object in the current configuration.
Step 6 UCS-A /system/import-config # set descr description (Optional) Provides a description for the import operation.
Note If your description includes spaces, special characters, or punctuation, you must begin and end your description with quotation marks. The quotation marks will not appear in the description field of any show command output.
Step 7 UCS-A /system/import-config # set password (Optional) After you press Enter, you are prompted to enter the password.
Specifies the password for the remote server username. This step does not apply if the TFTP protocol is used.
Note Cisco UCS Manager does not store this password. Therefore, you do not need to enter this password unless you intend to enable and run the import operation immediately.
Step 8 UCS-A /system/import-config # set protocol {ftp | scp | sftp | tftp} (Optional) Specifies the protocol to use when communicating with the remote server.
Step 9 UCS-A /system/import-config # set remote-file filename (Optional) Specifies the name of the configuration file that is being imported.
Step 10 UCS-A /system/import-config # set user username (Optional) Specifies the username the system should use to log in to the remote server. This step does not apply if the TFTP protocol is used.
Step 11 UCS-A /system/import-config # commit-buffer Commits the transaction.
The following example adds a description, changes the password, protocol and username for the host35 import operation, and commits the transaction:
UCS-A# scope system UCS-A /system # scope import-config host35 UCS-A /system/import-config # set descr "This is an import operation for host35." UCS-A /system/import-config* # set password Password: UCS-A /system/import-config* # set protocol sftp UCS-A /system/import-config* # set user jforlenz32 UCS-A /system/import-config* # commit-buffer UCS-A /system/import-config #Restoring the Configuration for a Fabric Interconnect
Before You BeginProcedureCollect the following information that you will need to restore the system configuration:
- Fabric interconnect management port IP address and subnet mask
- Default gateway IP address
- Backup server IP address and authentication credentials
Note
You must have access to a Full State configuration file to perform a system restore. You cannot perform a system restore with any other type of configuration or backup file.
Step 1 Connect to the console port. Step 2 If the fabric interconnect is off, power on the fabric interconnect. You will see the power on self-test message as the fabric interconnect boots.
Step 3 At the installation method prompt, enter console . Step 4 Enter restore to restore the configuration from a full-state backup. Step 5 Enter y to confirm that you want to restore from a full-state backup. Step 6 Enter the IP address for the management port on the fabric interconnect. Step 7 Enter the subnet mask for the management port on the fabric interconnect. Step 8 Enter the IP address for the default gateway. Step 9 Enter one of the following protocols to use when retrieving the backup configuration file: Step 10 Enter the IP address of the backup server. Step 11 Enter the full path and filename of the Full State backup file. Step 12 Enter the username and password to access the backup server. The fabric interconnect logs in to the backup server, retrieves a copy of the specified Full State backup file, and restores the system configuration. For a cluster configuration, you do not need to restore the secondary fabric interconnect. As soon as the secondary fabric interconnect reboots, Cisco UCS synchronizes the configuration with the primary fabric interconnect.
The following example restores a system configuration from the Backup.bak file, which was retrieved from the 20.10.20.10 backup server using FTP:
Enter the configuration method. (console/gui) ? console Enter the setup mode; setup newly or restore from backup. (setup/restore) ? restore NOTE: To configure Fabric interconnect using a backup file on a remote server, you will need to setup management interface. The management interface will be re-configured (if necessary), based on information stored in the backup file. Continue to restore this Fabric interconnect from a backup file (yes/no) ? yes Physical Switch Mgmt0 IPv4 address : 192.168.10.10 Physical Switch Mgmt0 IPv4 netmask : 255.255.255.0 IPv4 address of the default gateway : 192.168.10.1 Enter the protocol to get backup file (scp/ftp/tftp/sftp) ? scp Enter the IP address of backup server: 20.10.20.10 Enter fully qualified backup file name: Backup.bak Enter user ID: user Enter password: Retrieved backup configuration file. Configuration file - Ok Cisco UCS 6100 Series Fabric Interconnect UCS-A login:Erasing the Configuration
Procedure
Caution
You should erase the configuration only when it is necessary. Erasing the configuration completely removes the configuration and reboots the system in an unconfigured state. You must then either restore the configuration from a backup file or perform an initial system setup.
Command or Action Purpose
