on 05-31-2018 09:00 PM
If you're using a Linux platform as your Config Data Backup repository and you need an automated mechanism to manage the number of files to keep, then I wanted to share what I am using to keep my Cisco Prime and ISE backups at bay. We run daily backups and we have been deleting the old files manually. This is not clever or productive
These backup files are usually huge and we don't need them taking up more space than required. And we don't want to manually delete them either. And by the way, this process can apply to any file, not just backups.
NB: I have updated this document to fix the glaring issue in my version 1.0 which would eventually cause file deletion if the ISE server stopped creating backups (since my version 1.0 logic was based on file creation time and deleting any file older than 2 days).
My version 2.0 now uses correct logic which ensures that we retain at least the most recent 3 files (irrespective of current date).
The file date creation is queried with the ls --sort=time argument, and the for loop only deletes files from the 4th iteration onwards.
You can amend the logic to suite your needs (e.g. keep the latest 10 backup files)
Example: backup files stored in /var/backups/ise
$ ls -l *.tar.gpg --sort=time
-rw-rw-r-- 1 abier abier 0 Jul 1 03:00 Test-CFG10-180701-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 Jun 1 03:00 Test-CFG10-180601-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 31 08:00 Daily-CFG10-180531-0800.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 31 03:00 Test-CFG10-180531-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 30 03:00 Test-CFG10-180530-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 29 03:00 Test-CFG10-180529-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 28 08:00 Daily-CFG10-180528-0800.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 28 03:00 Test-CFG10-180528-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 27 03:00 Test-CFG10-180527-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 26 03:00 Test-CFG10-180526-0300.tar.gpg
The following BASH one liner can be executed on the command line
counter=0; for i in $( ls /var/backups/ise/*.tar.gpg --sort=time ); do if (($counter > 2 )); then rm $i; fi ;let "counter++"; done
So then all that’s required is to create a cron job on a daily basis (or depending on how often Prime/ISE create a file that needs to be managed). We don’t need root user for this – we can create a cron job as the same user who created the backups (e.g. ops) – this means the process is self-contained and managed by ops.
Creating the crontab entry
[ops@bkp ise]$ crontab –e
And then enter the line below – in this case * * * * * means run every 1 minute. This is just for illustration purpose so that you can test it yourself and see the results immediately.
* * * * * counter=0; for i in $( ls /var/backups/ise/*.tar.gpg --sort=time ); do if (($counter > 2 )); then rm $i; fi ;let "counter++"; done
After the cron job has run, viola! The lastest three files remain in place. If you run the command again then the files are untouched.
$ ls -l *.tar.gpg --sort=time
-rw-rw-r-- 1 abier abier 0 Jul 1 03:00 Test-CFG10-180701-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 Jun 1 03:00 Test-CFG10-180601-0300.tar.gpg
-rw-rw-r-- 1 abier abier 0 May 31 08:00 Daily-CFG10-180531-0800.tar.gpg
I have the following crontab entry in place. It will run every day at 05:00AM (My ISE backups run daily at 3AM and they take 15 minutes to complete).
[ops@bkp ~]$ crontab -l
0 5 * * * counter=0; for i in $( ls /var/backups/ise/*.tar.gpg --sort=time ); do if (($counter > 2 )); then rm $i; fi ;let "counter++"; done
PS: if you want to test this in your lab with dummy files, then you can create as many dumy files as you need with the touch command. Ensure that you specify the file creation date/time to make it realistic
e.g. In my case I used the non-US date format but the theory applies
touch Test-CFG10-180701-0300.tar.gpg -t "201807010300"
Very nice doc, Arne! Thank you for sharing!
thanks Howard. When I get a spare moment I want to enhance the logic to prevent the script from gobbling up all the files in the case where ISE stops backing up (e.g. during a longer maintenance window or extended test cycle). My logic is somewhat flawed in that regard. I just noticed today that none of my ISE 2.4 p1 servers have a working Config Backup schedule (it's configured but not working)
I like that you are utilizing the same permission level for the job. Great work arne.bier.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: