Topic: NetScaler Automated Backup (Read 17483 times)

jmelika · « **on:** July 09, 2007, 07:27:49 AM »

If you're like me, you've probably asked yourself how on earth to backup NetScaler reliably and automatically. The answer is simple, but requires some minor coding.

You can use your PSCP.exe DOS program to automatically copy the /nsconfig directory from your netscaler nightly to the local disk. I normally do this on my file server which gets backed up to tape after.

1. From your chosen server, make sure you can SSH into the netscaler.
2. Download pscp.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
3. Save that file into a folder of your choice (i.e. C:\Backup)
4. Create a file called nsbackup.vbs in the same folder. Edit the file and add the following to it

@ECHO OFF
REM ===========
REM Editable Area
REM ===========

NSIP = your_netscaler_ip
Username = your_netscaler_root_username
Password = your_password
BackupDir = C:\Backup\NetScaler

REM ====================
REM Do not edit past this point
REM ====================

for /f %%a in ('date /t') do set XDate=%%a
Set Day=%XDate:~0,3%
pscp -r -p -pw %Password% %Username%@%NSIP%:/nsconfig "%BackupDir%\%Day%"
REM END

As you see above, you need to define NSIP, Username, Password, and BackupDir variables. For my peace of mind, I perform the backup in 7 subfolders one for each day of the week (MON, TUE, WED, etc). Those subfolders must be present for this script to work.

Once you test the script and see it copying all of your /nsconfig directory from the netscaler, create a Windows Task job and set it to run this file as often as you wish - I suggest nightly.

Good Luck!
JM

TheOracle · « **Reply #1 on:** February 13, 2008, 03:11:07 PM »

An easier and more secure way is to make use of SSH keys to login, and then you can script your backups. On the "backup" server, i.e. the NS you wish to store the configuration on, do:

cd ~
mkdir .ssh 2> /dev/null
cd /root/.ssh
ssh-keygen -b 1024 -f identity -P '' -t dsa

# For each "target" Netscaler you wish to be able to login without passwords do:
scp identity.pub nsroot@<ip of target>:/root/.ssh/identity.pub
# enter password when prompted for the remote box

On each of the target machines, then do the following:
cd ~/.ssh
cat identity.pub >> authorized_keys

Once done, on the first NetScaler, you should be able to enter "ssh nsroot@<ip>" and it should let you in without a password prompt.

To get the configuration you can now do:

scp nsroot@<ip>:/nsconfig/ns.conf /var/backup/ns-<ip>.conf

You can also now script execution of commands against the NS with something like:

echo "show lb vserver" " ssh -T -o BatchMode=yes -o ConnectTimeout=10 nsroot@<ip>.

Hope that helps!

The Oracle

jmelika · « **Reply #2 on:** February 14, 2008, 03:06:01 PM »

It sure does help. Thanks!

davide · « **Reply #3 on:** November 05, 2009, 03:00:32 PM »

Another way to do a backup of the config is to create a special user and a special command policy. Then you can put the user and its password in a script and not worry about someone else seeing it. And this special user would only have the ability to run a single command.

First, create a new user on the Netscaler. In my case we created the user snarfconfig. Once the user exists run the following commands:

Code: [Select]

add system cmdPolicy snarfconfig ALLOW "(^show ns ns.conf)"
bind system user snarfconfig snarfconfig 0

Once done, the user snarfconfig can execute the single command "show ns ns.conf" and that just spews the saved config. And the user can't execute any other command. You just have to capture the output of the command to save the config.

I think this is more secure than using the root user in a script. And setting up SSH keys can be problematic when you have an HA pair and have a failover. The hostkey will change unless you've done some prep work to make them the same.

jmelika · « **Reply #4 on:** November 06, 2009, 08:47:54 AM »

Thanks Davide. This is a pretty interesting approach. I'll implement it on my end.

mikee · « **Reply #5 on:** January 20, 2010, 07:44:12 AM »

Hello! It's my first post on this forum (sorry for my English

)

I deal with the automated backup of my netscaller by tftp installed on it.
Because tftp installed on FreeBSD don't work with -c (command) option I used text file with tftp commands.Command looks like this: tftp < command.cmd.

In command.cmd i wrote tftp commands:
connect 192.X.X.X
binary
put ns.conf
quit
Beside of this i used crontab to schedule backup task.
I checked this procedure and I'm using it - it works for me

jmelika · « **Reply #6 on:** January 30, 2010, 09:43:03 AM »

Thanks Mikee. This is an interesting way to do it from the Netscaler side.

Thanks for the tip!

JM

jude · « **Reply #7 on:** February 11, 2010, 10:07:39 AM »

Hi mikee,
I tried your method but It seems not working.

Please can you provide detailed steps.

Thanks for your help.

mikee · « **Reply #8 on:** April 07, 2010, 01:27:24 AM »

Hello Jude,
It's working for me fine every day.
I've got 2 scripts.

First "backup.sh":
cd /nsconfig
tar -zcf /tmp/backup-netsc01.tar ns.conf license/ ssl/
cd /tmp
tftp < /var/BACKUP/tftp.cmd
rm backup-netsc01.tar

And the second "tftp.cmd" (witch I have mention):
connect 192.X.X.X
binary
put backup-netsc01.tar
quit

I put them to /var/BACKUP.

And at the end a put the task to the crontab
0 12,18 * * * /var/BACKUP/backup.sh

I'm waiting for the answer - have you deal with it. Good luck!

Netscaler Knowledgebase

News:

Author Topic: NetScaler Automated Backup (Read 17483 times)

jmelika

NetScaler Automated Backup

TheOracle

Re: NetScaler Automated Backup

jmelika

Re: NetScaler Automated Backup

davide

Re: NetScaler Automated Backup

jmelika

Re: NetScaler Automated Backup

mikee

Re: NetScaler Automated Backup

jmelika

Re: NetScaler Automated Backup

jude

Re: NetScaler Automated Backup

mikee

Re: NetScaler Automated Backup