Automating Brocade FC Configuration with Powershell (Part 1)

By | January 4, 2017

I’ve been looking at automating physical server creation, and there are tools from Cisco and NetApp that allow Powershell to do the heavy lifting for UCS and Storage. The missing part of the process is the FC switches (Brocade in this case, though when I researched this I could not find a toolkit for Cisco MDS) – so we will cheat and use powershell to issue SSH commands to the switches. This post will look at automating Brocade FC Configuration on v6.00 and later switches.

There are two disclaimers – this is what has worked for me, it may not work for you. I also don’t have access to the script files any more, so this has been assembled from notes and memory – I last looked at this about a year ago. If there is anything wrong you’ll need to troubleshoot.

My Linux skills are not so advanced that I think this is the best way of doing things. If you know of something better please leave a reply in the comments !

Throughout researching this I used The SAN Guy’s list of useful Brocade CLI commands as a crib sheet for using the CLI.

The diagram below shows a very basic overview of the infrastructure, with devices from top to bottom being the SAN, FC switches and the server – though if using Cisco UCS the server will be encapsulated within the appropriate domain.

fc-basic-plan

Configuration used in this article

We will have a single physical server with 2 HBAs:

HBA0 WWPN: 20:00:00:25:B5:40:02:0F
HBA1 WWPN: 20:00:00:25:B5:40:02:1F

The SAN has four WWPN’s (two for each FC switch in the overview diagram above) and they are identified on the FC switches as “san_hba0” and “san_hba1” (connected to one switch) and “san_hba2” and “san_hba3” (connected to the other switch). These aliases have already been created on the FC switches.

The FC switch configuration is called “active_config”.

Creating the Script

We will need to create a zone for the server on each FC switch and include the appropriate server HBA initiator WWPN and the storage WWPN’s in each. I have seen some configs where a server zone will contain all WWPN’s – even for initiators that will never connect to the switch – but in this case the zone will only contain the minimum number of addresses.

We are going to have these steps:

  • Create an alias. alicreate
  • Create a zone. zonecreate
  • Add the zone to the current configuration. cfgadd
  • Save/Enable the current configuration. cfgenable

Using an SSH client we can run through the steps to do this. This would translate to the following for the first switch:

  • alicreate server01_hba0, 20:00:00:25:B5:40:02:0F
  • zonecreate server01, “server01_hba0, san_hba0, san_hba1”
  • cfgadd server01
  • cfgenable active_config

This for the second FC switch:

  • alicreate server01_hb1, 20:00:00:25:B5:40:02:1F
  • zonecreate server01, “server01_hba1, san_hba2, san_hba3”
  • cfgadd server01
  • cfgenable active_config

If you are doing this on your infrastructure please make sure that you run through your commands manually – automation should only be used for proven processes.

Getting it to work (or not)

The module “SSH-Sessions” allows us to run remote commands from Powershell and can be found at http://www.powershelladmin.com – install this.

Sadly, things are not always meant to be simple and if we run our SSH commands directly from powershell it will not work. You might already know this (which is why you’re here) but there is no way we can save the zoning configuration from Powershell because the “cfgenable” command presents an interactive prompt to confirm that the changes should be saved.

Thanks to this forum thread we have a way to run these commands from a linux OS SSH session. So we’re going to use Powershell to SSH to a Linux OS and then run a script that will SSH to a FC switch and create and save the zone.

Using SSH-Session

If you don’t want to put the module into one of the modules paths in order to test it, you don’t have to. From the directory the files are stored in, run:

You may receive the error message:

Could not load file or assembly “Renci.SshNet.dll” or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)

This post solves this issue – we need to right-click the .dll file and open Properties and then click the “Unblock” button – though it is a good idea to do this for all the files. Once done, open a new powershell window and start again.

Once the module has been imported, it’s time to test it out. Let’s try a “zoneshow” command. We’ll do:

If you’re running FOS 6.x you’ll probably run into the problem below, but happily there is a simple solution.

FOS 6.xx Command Problems

This only applies if the target FC switch is running FOS 6.xx. When attempting to run these commands from FOS 6.xx we get this error:

fos6_command_not_found

had an error: sh: [command]: command not found

The answer is available on this page, and the command needs to be phrased as:

Dealing with the cfgsave problem

To show what happens when we try and save the config when running the SSH command directly from Powershell (amend for FOS 6 with “-c” as necessary), run the command:

brocade_powershell_cfgsave

This will hang the powershell window and you’ll have to force close the window.

To solve this problem we need a Linux proxy which we can connect via SSH to run scripts. Whether you’ll need to spin up a new VM or whether there is a current system you can use depends on your environment, but it is important that networking wise, our powershell host can connect to the proxy and the proxy can connect to both FC switches.

Setting up the Proxy

I used CentOS, installed SSHPass and configured a separate user for automation. Make sure that the SSH service is running, and enabled to start with the OS.

To install sshpass (the reference for epel-release is here):

As an FYI, to create a user that we will use to ssh:

We won’t need any special permissions for this user account, as we will create and run scripts as this user.

Scripting

Now we need to open up a SSH session to our Linux OS and log in as the automation user we just created.

We’re going to pass information to the script, and these are represented as ${x} in the script file, where x is the numerical position of the information. Our first simple script is going to log on to the filer and do a ‘zoneshow’.

Our parameters will be:

  1. Hostname / Address of Filer
  2. Username
  3. Password

I’ve called the script “first-script” and the contents are below:

Mark the script that it is executable:

Now let’s run it.

You will see that we can log into the filer, but then nothing else happens. We need to change the script so we execute the commands properly, and the post by alknet on the Brocade Community forums explains how we should do it. Change to your script to match below:

That’s it for this article, in part two we’ll do a basic sanity check that the WWPN’s and zones don’t already exist before changing the configuration.