Automate f5 backup using PowerShell
There are many ways to take UCS backup of F5 appliance. This article explains how to automate the F5 backup using PowerShell. Below script utilize SSH to connect to F5.
Once connected to F5 via ssh, tmsh is used to perform backup and linux commands for file handling.
To install the module, open powershell.exe as administrator and run the below command.
Install-Module Posh-SSHPosh-SSH module’s package details are available at PowerShell Gallery https://www.powershellgallery.com/packages/Posh-SSH/2.0.2
Backup F5 UCS using PowerShell
Create password file
Run the below code to encrypt and save the password to a file.
$passwordFilePath = "E:\Script\password.txt"
$f5LoginCred = Get-Credential admin
$f5LoginCred.password | ConvertFrom-SecureString | set-content $passwordFilePathNote: The secure password file created above will only work for the account which was used to create it and in the computer where the file was created. If you plan to schedule the script with a service account, then the secure password file should be generated with that account.
Have a look at the article https://tekcookie.com/avoid-hardcode-password-in-powershell-script/ to know more about password handling in PowerShell.
Backup Script
Run the below code to initiate and copy the backup.
# Powershell to Backup F5 configuration
#Import Posh-SSH module for handling ssh part
Import-Module Posh-SSH
### Variable Declaration ###
$F5_IP = "192.168.1.22"
$bkpDestinationPath = "\\RemoteBackupHost\f5Backup"
$passwordFilePath = "E:\Script\password.txt"
### End of Variable Declaration ###
#Below snippet reads the password while in task scheduler and then encrypts to txt file
#Comment below 2 lines after the password is exported to file
#$f5LoginCred = Get-Credential admin
#$f5LoginCred.password | ConvertFrom-SecureString | set-content $passwordFilePath
#read password from file
$password = Get-Content $passwordFilePath | ConvertTo-SecureString
$f5LoginCred = New-Object System.Management.Automation.PsCredential("admin",$password)
#create new Posh-SSH session with the F5 device
$f5Session = New-SSHSession -ComputerName $F5_IP -Credential $f5LoginCred -AcceptKey
#Building Backup command
$date = (Get-Date).DateTime.Replace(":","").Replace(" ","_").Replace(",","").Replace(" ","")
$bkpCommand = "tmsh save /sys ucs backup$date.ucs"
$sshoutput = Invoke-SSHCommand -Command $bkpCommand -SSHSession $f5Session
#Execute below command if the backup is successful
if($sshoutput.Output[1] -like "*is saved." -and $sshoutput.ExitStatus -eq 0) {
#Copy the backup file to remote location
Get-SCPItem -ComputerName $F5_IP -Credential $f5LoginCred `
-Path "/var/local/ucs/backup$date.ucs" -PathType File `
-Destination $bkpDestinationPath
#Find and delete backup files older than 5 days having the word "backup" in the name
$sshDeleteCommand = "find /var/local/ucs -type f -name '*backup*' -mtime +5 -exec rm {} \;"
$sshoutput = Invoke-SSHCommand -Command $sshDeleteCommand -SSHSession $f5Session
}
#Killing all the SSH session
Get-SSHSession | Remove-SSHSessionSchedule this script and the f5 appliance backup is automated.
Note: The account used to connect to F5 should have “Advanced shell” Terminal Access and the Management port should allow SSH
Thank you for reading my post. Hope this is helpful to you.
Hi
i am getting the below error while using this
Host : 10.XX.XXX.112
Output : {Socket error connecting to 127.0.0.1:6889}
ExitStatus : 1
Please need help urgently
I think port is getting blocked. Are you able to ssh to the f5 device from the machine where you are trying to run this script?
Sorry for the late reply.
This is the super and simple way automate F5 backup without any costly applictaion