Automate f5 backup using PowerShell

There are many ways to take UCS backup of F5 appliance. This article explains how to automate the F5 backup using PowerShell. Below script utilize SSH to connect to F5.

Once connected to F5 via ssh, tmsh is used to perform backup and linux commands for file handling.

To install the module, open powershell.exe as administrator and run the below command.

Install-Module Posh-SSH

Posh-SSH module’s package details are available at PowerShell Gallery https://www.powershellgallery.com/packages/Posh-SSH/2.0.2


Backup F5 UCS using PowerShell

Create password file

Run the below code to encrypt and save the password to a file.

$passwordFilePath = "E:\Script\password.txt"
$f5LoginCred = Get-Credential admin
$f5LoginCred.password | ConvertFrom-SecureString | set-content $passwordFilePath

Note: The secure password file created above will only work for the account which was used to create it and in the computer where the file was created. If you plan to schedule the script with a service account, then the secure password file should be generated with that account.

Have a look at the article https://tekcookie.com/avoid-hardcode-password-in-powershell-script/ to know more about password handling in PowerShell.

Backup Script

Run the below code to initiate and copy the backup.

# Powershell to Backup F5 configuration
#Import Posh-SSH module for handling ssh part
Import-Module Posh-SSH

### Variable Declaration ###
$F5_IP = "192.168.1.22"
$bkpDestinationPath = "\\RemoteBackupHost\f5Backup"
$passwordFilePath = "E:\Script\password.txt"
### End of Variable Declaration ###

#Below snippet reads the password while in task scheduler and then encrypts to txt file
#Comment below 2 lines after the password is exported to file

#$f5LoginCred = Get-Credential admin
#$f5LoginCred.password | ConvertFrom-SecureString | set-content $passwordFilePath 

#read password from file
$password = Get-Content $passwordFilePath | ConvertTo-SecureString 
$f5LoginCred = New-Object System.Management.Automation.PsCredential("admin",$password)

#create new Posh-SSH session with the F5 device 
$f5Session = New-SSHSession -ComputerName $F5_IP -Credential $f5LoginCred -AcceptKey

#Building Backup command
$date = (Get-Date).DateTime.Replace(":","").Replace(" ","_").Replace(",","").Replace(" ","")
$bkpCommand = "tmsh save /sys ucs backup$date.ucs"
$sshoutput = Invoke-SSHCommand -Command $bkpCommand -SSHSession $f5Session
#Execute below command if the backup is successful
if($sshoutput.Output[1] -like "*is saved." -and $sshoutput.ExitStatus -eq 0) {
    #Copy the backup file to remote location
    Get-SCPItem -ComputerName $F5_IP -Credential $f5LoginCred `
        -Path "/var/local/ucs/backup$date.ucs" -PathType File `
        -Destination $bkpDestinationPath
    
    #Find and delete backup files older than 5 days having the word "backup" in the name
    $sshDeleteCommand = "find /var/local/ucs -type f -name '*backup*' -mtime +5 -exec rm {} \;"
    $sshoutput = Invoke-SSHCommand -Command $sshDeleteCommand -SSHSession $f5Session
    
}
#Killing all the SSH session
Get-SSHSession | Remove-SSHSession

Schedule this script and the f5 appliance backup is automated.

Note: The account used to connect to F5 should have “Advanced shell” Terminal Access and the Management port should allow SSH

System  ››  Platform
System  ››  Users : User List

 

Thank you for reading my post. Hope this is helpful to you.