Manage the Configuration File
Typically, you use the save command to save the active configuration to disk (‘config/config.boot’); however, you can also save the active configuration to a different file or remote server.
Enter save and press the ? key.
ubnt@RTR# save
Possible completions:
<Enter> Save to system config file
<file> Save to file on local machine
scp://<user>:<passwd>@<host>/<file> Save to file on remote machine
ftp://<user>:<passwd>@<host>/<file> Save to file on remote machine
tftp://<host>/<file> Save to file on remote machine
[edit]
ubnt@RTR# save tftp://10.1.0.15/rtr-config.boot
Saving configuration to
‘tftp://10.1.0.15rtr-config.boot’...
############################################### 100.0%
Done
[edit]
Scenario: In the midst of the administrator changing an IPsec tunnel into an OpenVPN tunnel, the administrator had to revert the EdgeRouter to its previous configuration with the IPsec tunnel.
- Before making changes, the administrator saved a backup configuration file with a working IPsec tunnel configuration:
ubnt@RTR# save config.boot-ipsec Saving configuration to ‘/config/config.boot-ipsec’... Done [edit]
- Note: This is a backup; if the EdgeRouter were rebooted, it would still boot from the default file: ‘/config/config.boot’
- After the administrator deleted the IPsec configuration and was configuring of the OpenVPN tunnel, circumstances changed so that the IPsec tunnel was required again. Consequently, the administrator reverted the EdgeRouter to its previous configuration with the IPsec tunnel.
ubnt@RTR# load config.boot-ipsec Loading configuration from ‘/config/config.boot-ipsec’... Load complete. Use ‘commit’ to make changes active. [edit] ubnt@RTR# commit [edit] ubnt@RTR# save; exit Saving configuration to ‘/config/config.boot’... Done exit ubnt@RTR:~$
To automatically make a remote backup after every commit, use the commit-archive configuration option, enter location, and press the ? key.
ubnt@RTR# set system config-management commit-archive location
Possible completions:
<url> Uniform Resource Identifier
Detailed information:
“scp://<user>:<passwd>@<host>/<dir>”
“ftp://<user>:<passwd>@<host>/<dir>”
“tftp://<host>/<dir>”
ubnt@RTR# set system config-management commit-archive location tftp://10.1.0.15/RTR
[edit]
ubnt@RTR# commit
Archiving config...
tftp://10.1.0.15/RTR OK
[edit]
On the remote tftp server, a copy with the hostname and date is saved for each commit.
admin2@server://tftpboot/RTR$ ls -l total 8 -rw------- 1 nobody nogroup 908 Aug 17 17:19 config.boot-RTR.20120817_171932 -rw------- 1 nobody nogroup 874 Aug 17 17:20 config.boot-RTR.20120818_002046
You can also keep a specified number of revisions of the configuration file on the local disk. Use the commit‑revisions configuration option.
ubnt@RTR# set system config-management commit-revisions 50 [edit] ubnt@RTR# commit [edit]
Here is an example that uses the commit-revisions command:
ubnt@RTR# set system login user joe authentication plaintext-password secret [edit] ubnt@RTR# commit [edit] ubnt@RTR# save; exit Saving configuration to ‘/config/config.boot’... Done exit ubnt@RTR:~$ show system commit 0 2012-08-17 18:32:13 by ubnt via cli commit 1 2012-08-17 18:31:52 by ubnt via cli commit 2 2012-08-17 18:31:51 by root via init commit
Note: The following commands require that the configuration option, commit-revisions, be set first.
show system commit diff commit-confirm show system commit file confirm show system commit rollback commit comment
To display the changes in revision 0, use the show system commit diff command.
ubnt@RTR:~$ show system commit diff 0
[edit system login]
+user joe {
+ authentication {
+ encrypted-password
$1$CWVzYggs$NyJXxC3S572rfm6pY8ZMO.
+ plaintext-password ““
+ }
+ level admin
+}
To display the entire configuration file for revision 0, use the show system commit file command.
ubnt@RTR:~$ show system commit file 0
To add a comment to the commit, use the comment command.
ubnt@RTR# set system login user joe level operator [edit] ubnt@RTR# commit comment “change joe from admin to op” [edit] ubnt@RTR# save; exit Saving configuration to ‘/config/config.boot’... Done exit
Now you will see the comment when you use the show system commit command.
ubnt@RTR:~$ show system commit 0 2012-08-17 18:44:41 by ubnt via cli change joe from admin to op 1 2012-08-17 18:34:01 by ubnt via cli commit 2 2012-08-17 18:32:13 by ubnt via cli commit 3 2012-08-17 18:31:52 by ubnt via cli commit 4 2012-08-17 18:31:51 by root via init commit
When you work on a remote router, certain changes, such as a firewall or NAT rule, can cut off access to the remote router, so you then have to visit the remote router and reboot it. To avoid such issues when you make risky changes, use the commit-confirm command first. Then use the confirmcommand to save your changes.
ubnt@RTR:~$ configure [edit] ubnt@RTR# set firewall name WAN_IN rule 50 action drop [edit] ubnt@RTR# set firewall name WAN_IN rule 50 destination address 172.16.0.0/16 [edit] ubnt@RTR# commit-confirm commit confirm will be automatically reboot in 10 minutes unless confirmed Proceed? [confirm][y] [edit]
After you verify that the changes should be saved, use the confirm command.
ubnt@RTR# confirm [edit]
You can also specify the number of minutes to wait, but you must remember to also use the confirm command. Otherwise, if you forget, then you can be surprised by the EdgeRouter’s reboot to its previous configuration.
ubnt@RTR# commit-confirm 1 commit confirm will be automatically reboot in 1 minutes unless confirmed Proceed? [confirm][y] [edit] ubnt@RTR# Broadcast message from root@RTR (Mon Aug 20 14:00:06 2012): The system is going down for reboot NOW! INIT: Switching to runlevel: 6 INIT: Stopping routing services...zebra...done. Removing all Quagga Routes. [SNIP]
To roll back to an earlier commit, use the show system commit and rollback commands.
ubnt@RTR:~$ show system commit 0 2012-08-21 14:46:41 by admin_5 via cli fix bgp policy maps 1 2012-08-21 14:45:59 by admin_5 via cli commit 2 2012-08-21 14:45:33 by admin_5 via cli fix port forwarding 3 2012-08-21 14:45:15 by admin_5 via cli fix firewall 4 2012-08-21 14:44:29 by ubnt via cli commit 5 2012-08-21 14:21:15 by ubnt via cli add port forward for port 2222 to build-server 6 2012-08-21 14:20:24 by ubnt via cli add dmz interface to eth2 7 2012-08-21 14:19:53 by ubnt via cli add ipsec tunnel to office_exchange 8 2012-08-21 14:07:18 by ubnt via cli add firewall for WAN_IN 9 2012-08-21 14:06:37 by ubnt via cli add user first_last 10 2012-08-21 14:04:47 by ubnt via cli commit 11 2012-08-21 14:04:46 by root via init commit
After viewing the history of system commits, you decide to discard the last four commits by admin_5. Roll back the system configuration file to commit 4:
ubnt@RTR# rollback 4 Proceed with reboot? [confirm] [y] Broadcast message from root@RTR (ttyS0) (Mon Aug 21 15:09:12 2012): The system is going down for reboot NOW!
No comments:
Post a Comment