Backup HP ProCurve Switches via SSH, TFTP and PowerShell

15. February 2017

blog.feldmann.io

PowerShell Version: >4 
Modules: Posh-SSH

So, this is a pretty specific one! I have been tasked to backup old and new ProCurve Switches and of course I am using PowerShell for this 😉 I found a script about doing this via SFTP where you enable ip ssh filetransfer on the switches and get the files from there but unfortunately two of the 2610’s in the environment do a reboot on every sftp connection…so…that is not an option here 😉 The only good alternative I came up with was to SSH on the client and use TFTP to copy the configs where you want them. The tftp client is enabled on the ProCurve’s by default so what you need to do this is PowerShell with Posh-SSH, and a TFTP Server:

#import posh-ssh
Import-Module -name posh-ssh

# globals
$today = Get-Date -Format "ddMMyyy"
$month = Get-Date -Format MMMM
$year = Get-Date -Format "yyyy"
$tftp_server = "IP OF YOUR TFTP SERVER"

# create a folder for every year
Get-Item "C:\switch_backup\$year\" -ErrorAction SilentlyContinue
if (!$?)
    {
    New-Item "C:\switch_backup\$year\" -ItemType Directory
    }

# create a folder for every month
Get-Item "C:\switch_backup\$year\$month\" -ErrorAction SilentlyContinue
if (!$?)
    {
    New-Item "C:\switch_backup\$year\$month\" -ItemType Directory
    }

# create a folder for every day
Get-Item "C:\switch_backup\$year\$month\$today\" -ErrorAction SilentlyContinue
if (!$?)
    {
    New-Item "C:\switch_backup\$year\$month\$today\" -ItemType Directory
    }

# simple credential handling
$username = "manager"
$pwfile = "C:\tmp\cred.txt"
$Credentials=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, (Get-Content $pwfile | ConvertTo-SecureString)

# put all the devices in this array
$switches_array = @()
$switches_array = "SWITCHIP","SWITCHIP","SWITCHIP"

foreach ($switch in $switches_array)
    {
    # create a folder for every device
    Get-Item "C:\switch_backup\$year\$month\$today\$switch" -ErrorAction SilentlyContinue
    if (!$?)
        {
        New-Item "C:\switch_backup\$year\$month\$today\$switch" -ItemType Directory
        }
    # start the SSH Session
    New-SSHSession -ComputerName $switch -Credential $Credentials -AcceptKey:$true
    $session = Get-SSHSession -Index 0
    # usual SSH won't work, we need a shell stream for the procurve
    $stream = $session.Session.CreateShellStream("dumb", 0, 0, 0, 0, 1000)
    # send a "space" for the "Press any key to continue" and wait before you issue the next command
    $stream.Write("`n")
    Sleep 5
    # copy startup-config and wait before you issue the next command
    $stream.Write("copy startup-config tftp $tftp_server \$year\$month\$today\$switch\startup-config`n")
    Sleep 10
    # copy running-config and wait before you issue the next command
    $stream.Write("copy running-config tftp $tftp_server \$year\$month\$today\$switch\running-config`n")
    Sleep 10
    # disconnect from host
    Remove-SSHSession -SessionId 0
    # compare running and startup config and remove running-config if equal
    $running_config = Get-Content C:\switch_backup\$year\$month\$today\$switch\running-config -ErrorAction SilentlyContinue
    $startup_config = Get-Content C:\switch_backup\$year\$month\$today\$switch\startup-config -ErrorAction SilentlyContinue
    $comparison = Compare-Object -ReferenceObject $startup_config -DifferenceObject $running_config
    if (!$comparison)
        {
        Remove-Item C:\switch_backup\$year\$month\$today\$switch\running-config -Force
        }
    }

As for the creds I chose a password file as secure-string – not the safest but fairly easy to work with:

Read-Host "Enter Password:" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\tmp\cred.txt"

 

#PowerShell
6 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


*