Categories
Networking Scripting

Procurve Secure Configuration Manager

This is a simple script that obtains the current running configuration of HP Procurve switches via SCP, compares it against previously stored versions, and stores any updated copy in the appropriate directory.  Once there are 10 copies the oldest copy is deleted automatically.  Again, I am using Pexpect for the SCP connection and authentication is handled via public key authentication.  To setup public key authentication on the switch, see my previous post.

#!/usr/bin/python
### The Procurve Public Key Automator Script needs to be run prior to utilizing this script ###

# Import modules needed for script
import pexpect
import sys
import time
import datetime
import os
import filecmp
import glob


# Change this to an appropriate directory that has read and write permissions for the user/group that will be running the script
path = '/var/sw_confs/'

# Create a dictionary to store all the devices and attributes
devices = {}

# Set Switches Attributes: make changes as necessary 
devices[('NYCoreSW-01')] =  '172.16.1.2'
devices[('ATLCoreSW-01')] = '172.16.2.2'
devices[('CHICoreSW-01')] = '172.16.3.2'
devices[('LACoreSW-01')] = '172.16.4.2'
devices[('SEACoreSW-01')] = '172.16.5.2'

# Create the base directory for storing the configs
if not os.path.exists(path):
  os.makedirs(path)
  
# Creates the individual directory for each switch
def sw_dir(host):
  conf_dir = path + host
  if not os.path.exists(conf_dir):
    os.makedirs(conf_dir)
  return conf_dir

# Builds the filename based on date and time for each switch config
def file_name():
  systime = time.time()
  timestamp = datetime.datetime.fromtimestamp(systime).strftime('%Y_%m_%d-%H_%M_%S')
  fn = ('%s.conf' % timestamp)
  return fn

# Loop through each switch	
for host in devices:
  conf_dir = sw_dir(host) + '/'
  os.chdir(conf_dir)
  rc = 'running-config.tmp'
  # Connect to the switch via scp and download the running config
  s = pexpect.spawn('scp %s:cfg/running-config %s' % (devices[host], rc))
  s.expect(pexpect.EOF, timeout=10)
  # Create a list of files ending in .conf and store them in order of creation date	
  conf_list = filter(os.path.isfile, glob.glob("*.conf"))
  conf_list.sort(key=lambda x: os.path.getmtime(x))
  # Check for existing conf files within the specific switch's directory and compare the last saved with the current running and if it's different save a new copy otherwise delete the copy (rc) just downloaded.
  if len(conf_list) >= 1:
    compare = filecmp.cmp(rc, conf_list[-1])
    if compare == False:
      fn = file_name()
      os.rename(rc, fn)
    elif compare == True:
      os.remove(rc)
  elif len(conf_list) < 1:
    fn = file_name()
    os.rename(rc, fn)
  # We are only interested in keeping the last 10 versions of config, so remove the oldest version.
  if len(conf_list) >= 9:
    os.remove(conf_list[0])

Once you have the script edited, modify permissions so that it is executable, and setup a cron job to run as often as you’d like to ensure all switches are backed up.  The example below backs up the configs every 30 minutes on the hour and half-hour mark.

crontab -e
0,30 * * * * /path/to/script/pscm.py

Leave a Reply

Your email address will not be published. Required fields are marked *