Home  ›  How to Upload Sketch File Into Aci

How to Upload Sketch File Into Aci

Written By Saturday, 16 April 2022 Add Comment Edit

The post-obit table provides an overview of the significant changes to this guide upwards to this electric current release. The table does not provide an exhaustive list of all changes made to the guide or of the new features up to this release.

Table 1. New Features and Changed Behavior in Cisco APIC

Cisco APIC Release

Characteristic

Description

five.2(3)

Integrity cheque for exported configuration files that are saved on external servers

In that location is an integrity check for exported configuration files that are saved on external servers, which ensures that the file'due south contents are not tampered with. For more than information, see Bankroll upwardly, Restoring, and Rolling Back the Cisco APIC Configuration.

4.1(1)

Export Tech Back up/Config data with Read-But Privileges

Configuring an Consign Policy Using the GUI

iv.0(1)

The Cisco Network Assurance Engine (NAE) creates export policies that announced in the GUI

Added a annotation nearly the Cisco NAE export policies.

  • Configuring an Export Policy Using the GUI

  • Configuring an Export Policy Using the NX-Os Style CLI

    Configuring an Export Policy Using the Rest API

two.ii(2e)

Applying the prove running config output to another Cisco APIC

About Import and Consign Configurations

1.two(1m)

Snapshot and recovery (backing up, restoring, and rolling back) in configuration import/export

Backing upwardly, Restoring, and Rolling Back the Cisco APIC Configuration.

1.2(1i)

NX-OS style CLI

Introduced the NX-OS-style CLI.

Overview

This topic provides information on:

  • How to employ configuration Import and Consign to recover configuration states to the last known good land using the Cisco APIC

  • How to encrypt secure properties of Cisco APIC configuration files

You tin can practise both scheduled and on-need backups of user configuration. Recovering configuration states (also known as "roll-dorsum") allows y'all to go back to a known state that was good earlier. The choice for that is called an Diminutive Replace. The configuration import policy (configImportP) supports atomic + replace (importMode=diminutive, importType=replace). When set to these values, the imported configuration overwrites the existing configuration, and any existing configuration that is non present in the imported file is deleted.  As long as y'all do periodic configuration backups and exports, or explicitly trigger export with a known skilful configuration, and so you can subsequently restore back to this configuration using the following procedures for the CLI, REST API, and GUI.

For more than detailed conceptual information virtually recovering configuration states using the Cisco APIC, please refer to the Cisco Application Centric Infrastructure Fundamentals Guide.

The following department provides conceptual data about encrypting secure backdrop of configuration files:

Configuration File Encryption

As of release one.i(2), the secure properties of APIC configuration files can exist encrypted by enabling AES-256 encryption. AES encryption is a global configuration option; all secure properties arrange to the AES configuration setting. Information technology is not possible to export a subset of the ACI fabric configuration such as a tenant configuration with AES encryption while non encrypting the residue of the textile configuration. See the Cisco Application Centric Infrastructure Fundamentals, "Secure Backdrop" chapter for the list of secure backdrop.

The APIC uses a sixteen to 32 character passphrase to generate the AES-256 keys. The APIC GUI displays a hash of the AES passphrase. This hash can be used to see if the same passphrases was used on two ACI fabrics. This hash can be copied to a client computer where information technology can be compared to the passphrase hash of another ACI fabric to come across if they were generated with the same passphrase. The hash cannot be used to reconstruct the original passphrase or the AES-256 keys.

Observe the post-obit guidelines when working with encrypted configuration files:

  • Backward compatibility is supported for importing old ACI configurations into ACI fabrics that utilise the AES encryption configuration selection.


    Notation

    Contrary compatibility is not supported; configurations exported from ACI fabrics that have enabled AES encryption cannot be imported into older versions of the APIC software.

  • Always enable AES encryption when performing fabric fill-in configuration exports. Doing so will assure that all the secure properties of the configuration will be successfully imported when restoring the fabric.


    Note

    If a fabric backup configuration is exported without AES encryption enabled, none of the secure properties will exist included in the export. Since such an unencrypted backup would non include any of the secure properties, information technology is possible that importing such a file to restore a system could upshot in the administrator forth with all users of the fabric being locked out of the organisation.

  • The AES passphrase that generates the encryption keys cannot be recovered or read by an ACI ambassador or any other user. The AES passphrase is non stored. The APIC uses the AES passphrase to generate the AES keys, then discards the passphrase. The AES keys are not exported. The AES keys cannot be recovered since they are not exported and cannot exist retrieved via the REST API.

  • The same AES-256 passphrase always generates the same AES-256 keys. Configuration consign files can be imported into other ACI fabrics that use the same AES passphrase.

  • For troubleshooting purposes, consign a configuration file that does not contain the encrypted information of the secure backdrop. Temporarily turning off encryption before performing the configuration consign removes the values of all secure properties from the exported configuration. To import such a configuration file that has all secure properties removed, use the import merge mode; do not use the import replace mode. Using the import merge manner will preserve the existing secure properties in the ACI fabric.

  • By default, the APIC rejects configuration imports of files that comprise fields that cannot be decrypted. Use caution when turning off this setting. Performing a configuration import inappropriately when this default setting is turned off could result in all the passwords of the ACI fabric to exist removed upon the import of a configuration file that does not match the AES encryption settings of the textile.


    Annotation

    Failure to discover this guideline could outcome in all users, including fabric administrations, being locked out of the system.

Backing upward, Restoring, and Rolling Dorsum the Cisco APIC Configuration

This section describes the ready of features for bankroll up (creating snapshots), restoring, and rolling dorsum a Cisco Application Policy Infrastructure Controller'southward (APIC's) configuration.

Beginning with the 5.2(three) release, when you export a configuration file to an external server, the Cisco APIC calculates the MD5 checksum for the file contents and stores it in a MD5 file. This MD5 file gets exported along with the configuration file. When importing the configuration file, the Cisco APIC validates the file's integrity by comparison its current MD5 checksum with the value stored on the MD5 file, and the Cisco APIC informs you whether the integrity validation succeeds or fails. By default, this feature is enabled.

Backing Upwardly, Restoring, and Rolling Back Configuration Files Workflow

This section describes the workflow of the features for bankroll up, restoring, and rolling back configuration files. All of the features described in this document follow the same workflow design. In one case the corresponding policy is configured, admintSt must be set to triggered in gild to trigger the chore.

Once triggered, an object of type configJob (representing that run) is created under a container object of type configJobCont. (The naming belongings value is gear up to the policy DN.) The container's lastJobName field tin be used to determine the last chore that was triggered for that policy.


Note

Upward to five configJob objects are kept under a unmarried job container at a time, with each new job triggered. The oldest job is removed to ensure this.

The configJob object contains the following data:

  • Execution time

  • Name of the file being processed/generated

  • Condition, equally follows:

    • Pending

    • Running

    • Failed

    • Neglect-no-data

    • Success

    • Success-with-warnings

  • Details cord (failure letters and warnings)

  • Progress percent = 100 * lastStepIndex/totalStepCount

  • Field lastStepDescr indicating what was beingness done last

Configuration Export to Controller

The configuration export extracts user-configurable managed object (MO) trees from all thirty-two shards in the cluster, writes them into separate files, then compresses them into a tar gzip. The configuration consign and so uploads the tar gzip to a pre-configured remote location (configured using configRsRemotePath pointing to a fileRemotePath object) or stores it every bit a snapshot on the controller(s).


Note

Come across the Snapshots department for more details.

The configExportP policy is configured every bit follows:

  • proper noun: Policy name.

  • format: Format in which the information is stored inside the exported archive (xml or json).

  • targetDn: The domain proper name (DN) of the specific object you want to consign (empty means everything).

  • snapshot: When set up to True, the file is stored on the controller, no remote location configuration is needed.

  • includeSecureFields: Set to truthful by default, indicates whether the encrypted fields (passwords, etc.) should be included in the consign annal.


Note

The configSnapshot object is created property the information about this snapshot (see the Snapshots section).

Scheduling Exports

An export policy tin can be linked with a scheduler, which triggers the export automatically based on a pre-configured schedule. This is done via the configRsExportScheduler relation from the policy to a trigSchedP object (see the following Sample Configuration section).


Note

A scheduler is optional. A policy can be triggered at any fourth dimension by setting the adminSt to triggered.

Troubleshooting

If y'all get an error message indicating that the generated archive could not be uploaded to the remote location, refer to the Connectivity Problems section.

Sample Configuration Using the NX-Os Style CLI

The post-obit is a sample configuration using the NX-OS Mode CLI: 

                  apic1(config)# snapshot download  Configuration snapshot download setup mode export    Configuration export setup mode import    Configuration import setup style rollback  Configuration rollback setup way upload    Configuration snapshot upload setup mode apic1(config)# snapshot consign policy-name apic1(config-export)# format    Snapshot format: xml or json no        Negate a command or fix its defaults remote    Gear up the remote path configuration will get exported to schedule  Schedule snapshot export target    Snapshot target  bash      bash shell for unix commands end       Go out to the exec mode go out      Exit from current mode fabric    show fabric related information evidence      Show running system information where     evidence the electric current mode apic1(config-export)# format xml apic1(config-export)# no remote path         [If no remote path is specified, the file is exported locally to a folder in the controller] apic1(config-consign)# target                 [Assigns the target of the export, which can be fabric, infra, a specific tenant, or none. If no target is specified, all configuration information is exported.] WORD  infra, fabric or tenant-x apic1(config-export)# apic1# trigger snapshot export policy-proper noun   [Executes the snapshot export job] apic1# ls /data2                             [If no remote path is specified, the configuration export file is saved locally to the controller under the folder data2] ce_Dailybackup.tgz

Sample Configuration Using the GUI

The following is a sample configuration using the GUI:

  1. On the carte bar, click the Admin tab.

  2. Choose IMPORT/EXPORT.

  3. Nether Consign Policies, choose Configuration.

  4. Nether Configuration, click the configuration that you would like to ringlet back to. For example, you can click defaultOneTime, which is the default.

  5. Next to Format, choose a push button for either JSON or XML format.

  6. Adjacent to Starting time Now, choose a push button for either No or Yes to point whether you want to trigger at present or trigger based on a schedule. The easiest method is to cull to trigger immediately.

  7. For the Target DN field, enter the name of the tenant configuration you are exporting.

  8. If you desire to store the configuration on the controller itself, check the Snapshot selection. If you lot want to configure a remote location, uncheck this option.

  9. For the Scheduler field, you have the selection to create a scheduler instructing when and how often to export the configuration.

  10. For the Encryption field, you have the pick to enable or disable the encryption of your configuration file.

  11. When you lot accept finished your configuration, click Outset Now.

  12. Click Submit to trigger your configuration export.

Sample Configuration Using Residual API

The post-obit is a sample configuration using the Residue API: 

                  <configExportP proper name="policy-name" format="xml" targetDn="/some/dn or empty which ways everything"  snapshot="faux" adminSt="triggered"> <configRsRemotePath tnFileRemotePathName="some remote path name" /> <configRsExportScheduler tnTrigSchedPName="some scheduler name" /> </configExportP>

Note

When providing a remote location, if you fix the snapshot to True, the backup ignores the remote path and stores the file on the controller.

Configuration Import to Controller

Configuration import downloads, extracts, parses, analyzes and applies the specified, previously exported archive one shard at a time in the following society: infra, textile, tn-common, then everything else. The fileRemotePath configuration is performed the aforementioned mode as for export (via configRsRemotePath). Importing snapshots is also supported.

The configImportP policy is configured as follows:

  • name - policy proper noun

  • fileName - name of the archive file (not the path file) to be imported

  • importMode

    • Best-effort mode: each MO is practical individually, and errors only cause the invalid MOs to exist skipped.


      Note

      If the object is not present on the controller, none of the children of the object get configured. Best-effort style attempts to configure the children of the object.

    • Atomic mode: configuration is applied past whole shards. A single error causes whole shard to exist rolled back to its original state.

  • importType

    • supplant - Current organisation configuration is replaced with the contents or the annal beingness imported (only diminutive way is supported)

    • merge - Nothing is deleted, annal content is applied on pinnacle the existing system configuration.

  • snapshot - when true, the file is taken from the controller and no remote location configuration is needed.

  • failOnDecryptErrors - (true past default) the file fails to import if the archive was encrypted with a different fundamental than the one that is currently set up in the system.

Troubleshooting

The following scenarios may need troubleshooting:

  • If the generated archive could not exist downloaded from the remote location, refer to the Connectivity Issues section.

  • If the import succeeded with warnings, cheque the details.

  • If a file could not exist parsed, refer to the following scenarios:

    • If the file is non a valid XML or JSON file, check whether or not the files from the exported archive were manually modified.

    • If an object property has an unknown belongings or holding value, it may be because:

      • The property was removed or an unknown property value was manually entered

      • The model type range was modified (non-astern compatible model modify)

      • The naming holding list was modified

  • If an MO could not exist configured, note the following:

    • Best-effort mode logs the fault and skips the MO

    • Atomic fashion logs the error and skips the shard

Sample Configuration Using the NX-OS Style CLI

The following is a sample configuration using the NX-OS Mode CLI: 

                                      apic1# configure  apic1(config)# snapshot   download  Configuration snapshot download setup way export    Configuration consign setup mode import    Configuration import setup mode rollback  Configuration rollback setup manner upload    Configuration snapshot upload setup mode apic1(config)# snapshot import   WORD       Import configuration proper name default balance-user apic1(config)# snapshot import policy-name apic1(config-import)#   action  Snapshot import action merge|supersede file    Snapshot file name style    Snapshot import style diminutive|best-effort no      Negate a command or set its defaults remote  Set the remote path configuration will go imported from  bash    bash shell for unix commands stop     Exit to the exec mode get out    Get out from current mode fabric  testify fabric related information show    Show running system information where   show the electric current mode apic1(config-import)# file < from "show snapshot files" > apic1(config-import)# no remote path  apic1(config-import)# apic1# trigger snapshot import policy-name       [Executes the snapshot import job]

Sample Configuration Using the GUI

The post-obit is a sample configuration using the GUI:

  1. On the carte bar, click the ADMIN tab.

  2. Select IMPORT/Export.

  3. Under Import Policies, select Configuration.

  4. Nether Configuration, select Create Configuration Import Policy. The CREATE CONFIGURATION IMPORT POLICY window appears.

  5. In the Proper name field, the file name must match whatsoever was backed upward and volition have a very specific format. The file proper noun is known to whoever did the backup.

  6. The side by side 2 options relate to recovering configuration states (also known as "roll-back"). The options are Input Type and Input Mode. When y'all recover a configuration land, you want to roll back to a known land that was adept before. The option for that is an Diminutive Replace.

  7. If you desire to store the configuration on the controller itself, bank check the Snapshot selection. If y'all want to configure a remote location, uncheck this choice.

  8. In the Import Source field, specify the same remote location that y'all already created.

  9. For the Encryption field, you lot have the option to enable or disable the encryption

    of your configuration file.

  10. Click SUBMIT to trigger your configuration import.

Sample Configuration Using the Residue API

The following shows a sample configuration using the REST API: 

                  <configImportP name="policy-name" fileName="someexportfile.tgz" importMode="diminutive" importType="supplant" snapshot="fake" adminSt="triggered"> <configRsRemotePath tnFileRemotePathName="some remote path proper noun" /> </configImportP>

Snapshots

Snapshots are configuration fill-in archives, stored (and replicated) in a controller managed folder. To create one, an consign tin can be performed with the snapshot property fix to true. In this instance, no remote path configuration is needed. An object of configSnapshot type is created to expose the snapshot to the user.

You tin can create recurring snapshots, which are saved to .

configSnapshot objects provide the post-obit:

  • file name

  • file size

  • creation date

  • root DN indicating what the snapshot is of (fabric, infra, specific tenant, and so on)

  • power to remove a snapshot (by setting the retire field to true)

To import a snapshot, first create an import policy. Navigate to and click Import Policies. Right click and choose Create Configuration Import Policy to fix the import policy attributes.

Snapshot Manager Policy

The configSnapshotManagerP policy allows you to create snapshots from remotely stored export archives. Yous can attach a remote path to the policy, provide the file name (aforementioned as with configImportP), set the mode to download, and trigger. The manager downloads the file, analyzes information technology to brand sure the archive is valid, stores it on the controller, and creates the corresponding configSnapshot object.

Y'all tin also create a recurring snapshot.


Note

When enabled, recurring snapshots are saved to .

The snapshot managing director too allows you to upload a snapshot archive to a remote location. In this case, the manner must be gear up to upload.

Troubleshooting

For troubleshooting, refer to the Connectivity Issues section.

Snapshot Upload from Controller to Remote Path Using the NX-OS CLI 

                  apic1(config)# snapshot upload policy-name apic1(config-upload)#   file    Snapshot file name no      Negate a control or set its defaults remote  Gear up the remote path configuration will get uploaded to  bash    fustigate shell for unix commands finish     Leave to the exec mode get out    Exit from current fashion textile  testify fabric related data testify    Show running arrangement information where   show the current fashion apic1(config-upload)# file <file name from "show snapshot files"> apic1(config-upload)# remote path remote-path-proper noun apic1# trigger snapshot upload policy-name       [Executes the snapshot upload task]

Snapshot Download from Controller to Remote Path Using the NX-OS CLI 

                  apic1(config)# snapshot download policy-name apic1(config-download)#   file    Snapshot file name no      Negate a control or set its defaults remote  Set the remote path configuration volition get downloaded from  bash    fustigate beat for unix commands cease     Exit to the exec fashion exit    Go out from electric current mode cloth  show fabric related information show    Prove running system information where   show the current manner apic1(config-download)# file < file from remote path> apic1(config-download)# remote path remote-path-proper name apic1# trigger snapshot download policy-name       [Executes the snapshot download chore]

Snapshot Upload and Download Using the GUI

To upload a snapshot file to a remote location:

  1. Right-click on the snapshot file listed in the Config Rollbacks pane, and select the Upload to Remote Location option. The Upload snapshot to remote location box appears.

  2. Click SUBMIT.

To download a snapshot file from a remote location:

  1. Click the import icon on the upper right side of the screen. The Import remotely stored export archive to snapshot box appears.

  2. Enter the file name in the File Name field.
  3. Select a remote location from the Import Source pull-down, or check the box next to Or create a new one to create a new remote location.

  4. Click SUBMIT.

Snapshot Upload and Download Using the REST API 

                  <configSnapshotManagerP name="policy-proper noun" fileName="someexportfile.tgz" fashion="upload|download" adminSt="triggered"> <configRsRemotePath tnFileRemotePathName="some remote path name" /> </configSnapshotManagerP>

Rollback

The configRollbackP policy enables you to disengage the changes made betwixt two snapshots, effectively rolling back any configuration changes that were made to the snapshot that was saved earlier. When the policy is triggered, objects are processed equally follows:

  • Deleted MOs are recreated

  • Created MOs are deleted

  • Modified MOs are reverted


Annotation

  • The rollback feature but operates on snapshots.

  • Remote archives are not supported directly. Nonetheless, you can turn a remotely saved consign into a snapshot using the snapshot director policy (configSnapshotMgrP). For more than information, run into the Snapshot Manager Policy

  • The configRollbackP policy does not require a remote path configuration. If a remote path is provided, it will be ignored.

Rollback Workflow

The policy snapshotOneDN and snapshotTwoDn fields must be set with the commencement snapshot (S1) preceding snapshot two (S2). When triggered, the snapshots are extracted and analyzed to calculate and use the differences betwixt the snapshots.

The MOs are handled as follows:

  • MOs are present in S1 merely not present in S2 — These MOs were deleted before S2. The rollback will recreate these MOs.

  • MOs are nowadays in S2 but not present in S1 — These MOs were created after S1. The rollback will delete these MOs under the following circumstances:

    • These MOs were not modified subsequently S2 was taken.

    • No MO descendants were created or modified subsequently S2 was taken.

  • MOs are present in both S1 and S2 just with different property values — If the belongings was modified to a unlike value after S2 was taken, the property is left as is. Otherwise, the rollback will revert these properties to S1.

The rollback feature likewise generates a diff file that contains the confiuration generated as a effect of these calculations. Applying this configuration is the last step of the rollback process. The content of this file tin can be retrieved through a special REST API called readiff: apichost/mqapi2/snapshots.readiff.xml?jobdn=SNAPSHOT_JOB_DN.

Rollback, which is difficult to predict, too has a preview mode (set preview to true), which prevents rollback from making any actual changes. It simply calculates and generates the unequal file, assuasive you to preview what exactly is going to happen once the rollback is really performed.

Diff Tool

Another special Residue API is available, which provides diff functionality betwixt 2 snapshots: apichost/mqapi2/snapshots.diff.xml?s1dn=SNAPSHOT_ONE_DN&s2dn=SNAPSHOT_TWO_DN.

Sample Configuration Using the NX-OS Mode CLI

This example shows how to configure and execute a rollback using the NX-OS Manner CLI: 

                  apic1#                                          prove snapshot files                                        File    : ce2_DailyAutoBackup-2015-eleven-21T01-00-17.tar.gz Created : 2015-eleven-21T01:00:21.167+00:00 Root    :  Size    : 22926  File    : ce2_DailyAutoBackup-2015-eleven-21T09-00-21.tar.gz Created : 2015-11-21T09:00:24.025+00:00 Root    :  Size    : 23588  apic1#                                          configure                                        apic1(config)#                                          snapshot rollback myRollbackPolicy                                                              apic1(config-rollback)#                                          first-file ce2_DailyAutoBackup-2015-11-21T01-00-17.tar.gz                                        apic1(config-rollback)#                                          2nd-file ce2_DailyAutoBackup-2015-11-21T09-00-21.tar.gz                                        apic1(config-rollback)#                                          preview                                        apic1(config-rollback)#                                          end                                        apic1#                                          trigger snapshot rollback myRollbackPolicy

Sample Configuration Using the GUI

This example shows how to configure and execute a rollback using the GUI:

  1. On the menu bar, click the Admin tab.

  2. Click Config Rollbacks, located under the Admin tab.

  3. Select the first configuration file from the Config Rollbacks list (in the left-side pane).

  4. Select the second configuration file in the Configuration for selected snapshot pane (in the right-side pane).

  5. Click the Compare with previous snapshot drib-downward menu (at the bottom of the correct-side pane), and then select the second configuration file from that listing. A diff file is then generated and then that you can compare the differences between the ii snapshots.


    Note

    Later the file generates, there is an pick to undo these changes.

Sample Configuration Using the Balance API

This example shows how to configure and execute a rollback using the Rest API: 

                  <configRollbackP name="policy-proper name" snapshotOneDn="dn/of/snapshot/one" snapshotOneDn="dn/of/snapshot/ii" preview="false" adminSt="triggered" />

Near Import and Export Configurations

The import config and export config commands enable you to apply the bear witness running config output to another Cisco APIC. This section contains the guidelines for these commands and demonstrates how the commands are executed.

Import and Export Configuration Guidelines and Limitations

This section explains the guidelines and limitations for the export config and import config commands.

  • Passwords and other encrypted data are not included in the configuration file.

  • Some REST API configurations may not be uniform with CLI configurations; this may cause errors when applying a configuration file to a Cisco APIC.

  • Some features require configurations to be in a specific lodge. These configurations are validated when performed through the CLI. Configurations through the REST API, however, are not validated and may cause errors when running the imported file due to missing configurations.

  • Interactive commands are prefixed with a "#" and ignored when running the configuration file.

martingioncy.blogspot.com

Source: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Using_Import_Export_to_Recover_Config_States.html

0 Response to "How to Upload Sketch File Into Aci"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel