cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
454
Views
0
Helpful
3
Replies
Highlighted
Beginner
Beginner

Cisco APIC backup

Hello , 

 

I want to do Cisco APIC backup through Rest API or Ansible to remote locations. Can any share some recommendations and its process . 

 

Regards

WAQ

3 REPLIES 3
Highlighted
Enthusiast

Re: Cisco APIC backup

Hi @WAQ 

 

I'm not certain if you are asking if you can configure the ACI backup through REST (Yes you can) or if you are asking to pull the backup via REST.

 

Let me answer the first one.

 

Yes, you can configure the remote location and the export policy via REST (and via Ansible and REST).

 

Here is an example of using the Ansible ACI REST module to configure the remote location.  This is pretty basic and I don't recommend you do this in production (you want your secure variables in an sensible vault file or you want to enter them when you run the playbook and the payload variables should be in a file in your host_vars directory) so this is just to show you how it can be done.    I would also not include the payload directly but rather set up a Jinja2 template and generate the payload file rather than have it all in the body.  But..having said all of that..for lab testing, this is an example of how you can do this.

 

---
###############################################################################
# This playbook executes actions on an APIC Controller via the Ansible ACI Rest Module
###############################################################################
- name: ACI Backup Export Playbook
  hosts: aci
  gather_facts: no

  vars:
    aci_user: admin
    aci_pwd: ciscopsdt
    aci_host: sandboxapicdc.cisco.com
    rem_name: Prod_SCP_Server_1.1.1.1
    scp_user: aci_backup
    scp_pwd: Cisco123
    scp_ip: 1.1.1.1
    exp_name: Backup_Export_Policy_for_SCP


  tasks:

  - name: Create a Remote Location
    aci_rest:
      host: "{{ aci_host }}"
      username: "{{ aci_user }}"
      password: "{{ aci_pwd }}"
      validate_certs: no
      method: post
      path: "/api/node/mo/uni.json"
      content:
        {
          "fileRemotePath": {
            "attributes": {
              "dn": "uni/fabric/path-{{ rem_name }}",
              "remotePort": "22",
              "name": "{{ rem_name }}",
              "descr": "Production SCP Server",
              "protocol": "scp",
              "userName": "{{ scp_user }}",
              "userPasswd": "{{ scp_pwd }}",
              "host": "{{ scp_ip }}",
              "status": "created,modified"
            },
            "children": [
              {
                "fileRsARemoteHostToEpg": {
                  "attributes": {
                    "tDn": "uni/tn-mgmt/mgmtp-default/oob-default",
                    "status": "created,modified"
                  },
                  "children": []
                }
              }
            ]
          }
        }
    delegate_to: localhost

 

Here is an example of the full playbook that has the configuration of the remote location as well as the export policy.  You also need to configure the AES global settings to enable encryption so that your backup has all your passwords otherwise you have to re-enter those and you are at risk of locking yourself out of your fabric (worst case) so just enable AES encryption for your backups.

 

https://github.com/cldeluna/cisco_aci/blob/master/aci_rest_cfg_export.yml

 

For this to work you need to have an FTP, SCP, SFTP server available and you an account.  You can set up the fabric to create backups and transfer them to your server (I use an SCP server in the example playbook) periodically (like every 8 hours).    This is one of the first things I try to set up for a client when building an ACI fabric.

To try to answer the second question, while you can pull quite alot of configuration via REST, it is not suitable for a complete backup.  For that you want to backup file the APIC generates.

 

Not sure if I answered your question, so please clarify if I did not!

 

Thanks!

Highlighted
Beginner
Beginner

Re: Cisco APIC backup

HI @Claudia de Luna  

 

Sorry for late reply. am trying to make some APIC backup with REST API to remote location FTP Server. 

am trying to found API Call to implement for check purposes. Can you please share me your feedback/reference. 

 

Regards

 

WAQ

Highlighted
Enthusiast

Re: Cisco APIC backup

Hi @WAQ 

 

You can use the REST Call below to query the config exports for your Export Policy.  In my case, the export policy I created is called GDL_ConfigExportPolicy

 

https://{{URL}}//api/node/mo/uni/backupst/jobs-[uni/fabric/configexp-GDL_ConfigExportPolicy].json?query-target=children

 

This will return something like the JSON below.  After that you can apply logic on executeTime or even the fileName and details to see if your config backup (export) was created.

 

{
    "totalCount": "2",
    "imdata": [
        {
            "configJob": {
                "attributes": {
                    "ack": "no",
                    "annotation": "",
                    "childAction": "",
                    "decryptErrors": "",
                    "descr": "",
                    "details": "Success",
                    "dn": "uni/backupst/jobs-[uni/fabric/configexp-GDL_ConfigExportPolicy]/run-2020-05-05T14-28-13",
                    "executeTime": "2020-05-05T14:28:13.070+00:00",
                    "extMngdBy": "",
                    "fileName": "ce2_GDL_ConfigExportPolicy-2020-05-05T14-28-13.tar.gz",
                    "lastStepDescr": "Done",
                    "lastStepIndex": "39",
                    "lastStepTime": "2020-05-05T14:28:16.419+00:00",
                    "lcOwn": "local",
                    "modTs": "2020-05-05T14:28:16.373+00:00",
                    "monPolDn": "",
                    "name": "2020-05-05T14-28-13",
                    "nameAlias": "",
                    "operSt": "success",
                    "retriesUsed": "0",
                    "status": "",
                    "totalStepCount": "39",
                    "type": "export",
                    "uid": "0",
                    "userName": "admin"
                }
            }
        },
        {
            "configJob": {
                "attributes": {
                    "ack": "no",
                    "annotation": "",
                    "childAction": "",
                    "decryptErrors": "",
                    "descr": "",
                    "details": "Success",
                    "dn": "uni/backupst/jobs-[uni/fabric/configexp-GDL_ConfigExportPolicy]/run-2020-05-05T14-32-49",
                    "executeTime": "2020-05-05T14:32:49.752+00:00",
                    "extMngdBy": "",
                    "fileName": "ce2_GDL_ConfigExportPolicy-2020-05-05T14-32-49.tar.gz",
                    "lastStepDescr": "Done",
                    "lastStepIndex": "39",
                    "lastStepTime": "2020-05-05T14:32:54.015+00:00",
                    "lcOwn": "local",
                    "modTs": "2020-05-05T14:32:53.967+00:00",
                    "monPolDn": "",
                    "name": "2020-05-05T14-32-49",
                    "nameAlias": "",
                    "operSt": "success",
                    "retriesUsed": "0",
                    "status": "",
                    "totalStepCount": "39",
                    "type": "export",
                    "uid": "0",
                    "userName": "admin"
                }
            }
        }
    ]
}