Network Management

I have a discontinued device - HP Threat Management Services zl Module (J9155A) - that IMC does not seem to recognize properly for backup - I've tried all the options.

Using the module cli, I have a command string that will backup to IMC using tftp or ftp. But don't see any place to make that change using the IMC gui.

As the command can specify the filename it would be ideal to have IMC supply one that include date/time to collect history.

Any knowledge on how to fix this?

thanks

Yes, you can add scripts to extend IMC to backup additional devices. It's not that difficult, but it does take a little while to get your head around it.

It's not via the GUI though. Backup scripts are done via the CLI - specifically in <IMC>/server/conf/adapters/ICC.

It's documented in the admin guide. I've also written a few blogs on some of the troubleshooting aspects, etc.

If the device has a simplish CLI that looks something like Cisco or HP, it's usually pretty easy to add a new adapter. Often you can just copy an existing one, or update the adapter-index.xml files to tell IMC to use one of the existing adapters for your new device.

You can define the supported methods (CLI, TFTP, FTP, SCP, SFTP or some combination thereof), and the required commands. IMC provides variables for storing the backup files, and will handle revision control for them.

Thanks - I had skimmed over that section, but not fully connected w it.

In my case the device (TMS) is listed, but the backup capability is not functioing properly. I'm assuimng I can find the files and fix them.

But I need toget HP to modify the source files, as I assume each update will overwrite my fix until they do.

Could you clarify what you mean by "the device (TMS) is listed" ? Do you mean - it is correctly identified within the UI, or that there is a backup adapter configured for it.

Just because they've added a definition to Settings -> Device Model, doesn't mean that they have a supported backup adapter.

What's the sysOID for that object? If it is in one of the adapter-index.xml files, but not working, then yes, you should get in touch with support, and get it fixed. If they don't support it, you will need to manually create/edit the adapters to get it working. Unfortunately there is a risk of those being over-written on update, so you will need to make a note of what you've done, and re-do it post-update. Unfortunately there's no good automated system within IMC for identifying/carrying forward those particular changes.

Sometimes what you'll find is that you'll add a fix for something, and then a future release will add it to the mainstream code. Can't guarantee it, but obviously that's the best result!

I meant that the device is shown under System > Device Model. But I did not find a specifc adapter folder for the OID 1.3.6.1.4.1.11.2.3.7.11.50.17

So I copied one of the procurve folders, renamed everything to match and edited the script files to adjust the commands. Added the OID to the adapters index.

Its fairly logical and the docs help somewhat. The existing stuff is close, but not the same. So I'd guess that someone figured Procurve generic would work.

But I'm not sure if I've got the modified files recognized by the system. I've restarted IMC as stated, but still get errors. There must be a log of the output somewhere.

Learned the lesson on updates with my panel fixes - KEEP copies of everything you fix to re-apply later is key.

thx for the pointers so far

I'm a bit surprised that your OID is 1.3.6.1.4.1.11.2.3.7.11.50.17, since it looks like 1.3.6.1.4.1.11.2.3.7.11.50 is a Procurve switch of some sort (based upon the contents of the Hewlett-Packard\adapter-index.xml file on 7.1E0303P10

A few things:

* What error messages are you getting?

* In the IMC GUI, what vendor is listed for that device? Does that match the vendor folder name?

* Can you attach a copy of the adapter folder you're using + the adapter-index.xml file?

* Check the imccfgbakdm log file under <IMC>/server/conf/log/ - that may tell you more about what's going on.

* After re-starting IMC, did you re-synchronise the device? 

If you look at the IMC database, does it have an adapter defined for that device? Here's what it looks like for a sample device - I've looked up the device ID, then I've looked up the adapter in use for that device:

mysql> use config_db;
Database changed
mysql> select dev_id,dev_ip from tbl_dev where dev_ip = '192.168.1.1';
+--------+-------------+
| dev_id | dev_ip      |
+--------+-------------+
|     13 | 192.168.1.1 |
+--------+-------------+
1 row in set (0.00 sec)

mysql> select * from tbl_dev_adapter where dev_id=13;
+----------------+--------+-------------+-----------------------------+-----------------+--------------+------------+
| component_name | dev_id | vendor_name | sysoid                      | adapter_name    | adapter_type | error_code |
+----------------+--------+-------------+-----------------------------+-----------------+--------------+------------+
| Custom         |     13 | D-Link      | 1.3.6.1.4.1.171.10.137.3.1  | N/A             |            0 |         18 |
| Custom         |     13 | D-Link      | 1.3.6.1.4.1.171.10.137.3.1  | N/A             |            1 |         18 |
| ICC            |     13 | D-Link      | 1.3.6.1.4.1.171.10.137.3.1  | DlinkGeneric    |            0 |          0 |
| ICC            |     13 | D-Link      | 1.3.6.1.4.1.171.10.137.3.1  | N/A             |            1 |         44 |
| netresdm       |     13 | D-Link      | 1.3.6.1.4.1.171.10.137.3.1  | N/A             |            0 |         18 |
| netresdm       |     13 | D-Link      | 1.3.6.1.4.1.171.10.137.3.1  | N/A             |            1 |         18 |
+----------------+--------+-------------+-----------------------------+-----------------+--------------+------------+
6 rows in set (0.00 sec)

mysql>

It is a firewall/router running on a 1-services zl Module, and it uses mostly procurve switch syntax, but not all commands. It has been discontinued so no further FW updates to come.  Won't be deploying any new image, but might have to reload the config.

I had missed a file rename, so now it did compile and ran. I have a scripting challenge, in that the startup config can be copied by tftp, but the running config can only be copied by CLI - the script wants to do one or the other based on capability setting. Still working on it. The startup looks like a binary.

Here's the query output. FOund the log file.

component_name,dev_id,vendor_name,sysoid,adapter_name,adapter_type,error_code
Custom,9,"Hewlett Packard",1.3.6.1.4.1.11.2.3.7.11.50.17,N/A,0,18
Custom,9,"Hewlett Packard",1.3.6.1.4.1.11.2.3.7.11.50.17,N/A,1,18
ICC,9,"Hewlett Packard",1.3.6.1.4.1.11.2.3.7.11.50.17,HPProcurveTMS,0,0
ICC,9,"Hewlett Packard",1.3.6.1.4.1.11.2.3.7.11.50.17,N/A,1,43

More to come - thanks for the additioanl insights.

Ah, that's good to see that it's picked up the right adapter. Once you've got that step, it's mostly just a matter of fiddling around with the TCL files, and reading logs. At least when you update those you don't need to restart.

I'm pretty sure you can have different capabilities for running + startup backups. It will step through each of the commands defined, until one succeeds. In your case, you'll want to set the file transfer type to TFTP.

You'll end up with a HPProcurveTSM_Config_Backup_Builder.xml file that looks something like this:

<?xml version="1.0"?>
<definition>

	<action name="backup_running_config">
	    <step>    
    		<command name="backup_running_config_cli" description="Backup running configuration via CLI">
    			<result name="running_configuration">
    				<parser parserName="CleanupParser" parserRet="configuration" parserScript="cleanupConfiguration"/>
    			</result>
    		</command>   	
		</step>
	</action>

	<action name="backup_startup_config">
	    <step>	
	    	<command name="backup_startup_config_tftp" description="Backup startup configuration via tftp">    			
    		</command>  
 		</step>
	</action>
	
</definition>

Worst case, you can just ONLY do a running config backup, or ONLY a startup config. Some devices only have one or the other.

Yes, exactly what I ended up with. Now have both running & startup captured successfully - my last device that was not being backed up! Don't know if I'll be able to test the restore any time soon though.

Good to know about the tcl files - was restarting for every change, but that explains the multi layer abstractions.

Thanks again for the insights. Those basic tips and the docs made it easy enough to modify one of the existing adapters, but would have been hard pressed to start one from scratch.

And I've made a backup copy of the modified files for the next update.

Great to hear that it's working!

I agree about it being difficult to build an adapter from scratch. I've done quite a few over the years, and pretty much every one has been based upon taking an existing adapter, and massaging it a bit. 

Hi Neil,

I have the same devices and problem.  Any chance you would be willing to share your functional solution?  This would greatly reduce my stress level.

Thanks,

Pat R.

Sure Pat, 

Hopefully I recollect all the details. First I copied and modified the various scripts used - they are located in this directory:

<Install Drive>:\Program Files\iMC\server\conf\adapters\ICC\ by vendor - use Hewlett Packard in this case. If you review the scripts, you will see scripts for individual oprerations - these must be modified to suit the target device - such as write memory to save might be different on some other device. Also not all devices support the same file transfer or other functions, so some scripts are not useful. Start with an existing device that is close.

To save you the time, I have uploaded the modified scripts for the TMS in a zip file HPProcurveTMS.zip - extract the folder and add it to the Hewlett Packard folder use the name HPProcurveTMS 

In the Hewlett Pacakard folder is a file adapter-index.xml - edit this and add the following to the adapater list:

<adapter name="HPProcurveTMS">
<description>HP Procurve Threat Management Svcs zl Module</description>
<sysoid>1.3.6.1.4.1.11.2.3.7.11.50.17</sysoid>
</adapter>

IMC uses the sysoid to find the device and then reference the folder with the scripts. 

IMPORTANT NOTE: updates to IMC will overwrite this file and the change will be lost. Keep a copy of the above xml and adapter scripts folder separate. While you could replace the adapter-index.xml file with the older one, you would loose any new changes introduced by HPE so better to re-edit and add back in the adapater information. Its a bit frustrating that any useful customizations have to be reapplied each time but that's the way it is.

Don't recall if IMC needed to be started to have this take effect.

Again hopefully I have rememebered all the details - its been a while since I put this in play.

UPDATE: I noticed I had uploaded the wrong files - these should correctly back up both the running and startup config. I have not attempted to validate the restore or upgrade functions - there are no new updates from HP anyway. And I'd probably do any restore manually anyway as I only have one unit.

Also you will need to restart iMC for the new adpater to be recognized but not for any edits to the tcl files

Neil

Attachment(s)

HPProcurveTMS-update.zip   703 B 1 version

hi, i have a problem that looks like this one:

the problem is that the backup don't work !

see error in attachement

ICC adapters are the ones you give later in this post.

The error message tells you where the problem is (line 13 in enter_exec.tcl).

What does that line contain?

here is the file enter_exec.tcl

'set' doesn't take a '-f' flag. It should just be 'set loop true'

What are you trying to do with the '-f' flag?

see the manpage https://www.tcl.tk/man/tcl8.5/TclCmd/set.htm

i'm trying to do nothing lol

this script was already on my IMC 7.2

i just want to make a backup of my FW Juniper.

If it's the default adapters that HP ships, then log a support case to get them to fix them.

You could also edit them yourself if you want to get it working quicker.

that's what i'm trying to do.... :-/

My guess is that the problem comes from setting exec_prompt to ->

You might be able to set it to

set exec_prompt "->"

or just

set exec_prompt >

thanks that was just a part of the problem,

after differents tries the save works but i've got only 20 lines of the config.

take a look

What do your logs tell you? (IMC install dir)/server/conf/logs/imccfgbakdm*

A quick guess is that it's getting truncated because it's detecting something else as the prompt, and it thinks the config is finished. Could also be a pagination problem.

If it was my network, I'd look into using SCP to back those devices up. I don't think that adapter supports SCP, but it would be trivial to add. If you're not comfortable with doing that, you should log a support case with HP. Since the adapter ships with IMC, it is presumably supported.

hi after a few modifications,  it's working properly now !

config files are attached

Attachment(s)

imc save Juniper.zip   703 B 1 version

hi,

since i updated IMC in patch E0403P10, script is working fine but i just have 200 lines from the config,

do you know how can i force it to have all the lines from the config file ?

after deleting the "-f"

i got another error...