|
|
Repository management tools are handled through any Web browser, as shown in "VPN Console: File Menu." Additionally, you can do the following:
This section provides the description and syntax for the dbBackup command that can be run from the command line to back up a repository.
The dbBackup command backs up a repository from the command line. You can run dbBackup from <MPLS VPN Directory>/bin/solaris.
dbBackup -db <dbpath> [-dest <destDir>] [-tar|-compress] [-v] [-p <progname>] [-help]
where:
-db <dbpath> is the path to the repository you wish to back up.
-dest <destDir> is the existing destination directory into which to place the backed up repository. If this parameter is not specified, the default destination directory is /tmp.
-tar indicates to tar the backed up repository into the existing destination directory.
-compress indicates to tar and compress the backed up repository into the existing destination directory.
-v indicates to supply verbose log output.
-p <progname> indicates to use <progname> to do the database backup.
-help indicates to print this message.
This section provides the description and syntax for the dbBackup command that can back up a repository using a third party backup program that is running with the same user ID as the VPN software.
The dbBackup command backs up a repository using a third party backup program. You can run dbBackup from <MPLS VPN Directory>/bin/solaris.
When you execute the dbBackup command, it automatically does the following:
1. Locks the repository
2. Executes your backup program
3. Unlocks the repository.
dbBackup -db <dbpath> -p "<progname -parameters>"
where:
-db <dbpath> is the path to the repository you wish to back up.
-p "<progname -parameters>" is the backup program name and all its parameters.
This section includes the following categories:
This feature allows you to specify which machines have access permission to the Repository Management tools. Without an access permission file, every machine has permission to use the Repository Management tools.
In UNIX, create a file in your install directory called SecureAccess.id. For example, if your install directory is My_Install_Directory, create the following file:
My_Install_Directory/etc/SecureAccess.id
Within this file, define the machines to which you want to permit and deny access permission, as specified in the section "Syntax of the Access Permission File." Then restart the httpd server by issuing the following command: wdclient restart httpd.
{permit | deny} {<IPaddress> | <MachineName> | <SubnetAddress>}
where:
You must choose one of the following two arguments:
permit gives access permission to the Repository Management tools.
deny denies access permission to the Repository Management tools.
You must choose one of the following three arguments:
<IPaddress> is the IP address of the machine.
<MachineName> is the name of the machine.
<SubnetAddress> is the address of the subnet of multiple machines.
The following example of an access permission file, SecureAccess.id, gives permission to the machine with the IP address 171.71.227.170 and the machine with the name machine1.company1.com to use the Repository Management tools. This example also denies permission to the machine with the name machine2.company1.com and the machines in the subnet 171.71.227.0/24 to use the Repository Management tools.
# start of the id file#
#
#
# end of the comment block
permit 171.71.227.170
permit machine1.company1.com
deny machine2.company1.com
deny 171.71.227.0/24
# end of the id file
This section provides the description, prerequisites, and syntax for the Repository import tool, the VpnInvImport command. This tool can be run either on the server that runs VPNSC or on a remote machine.
The VpnInvImport command enables you to populate the VpnInventory Repository by reading information from a file.
The file /tmp/VpnInvImport.log contains information about each element that was created. In addition, this tool writes output information to stdout for the Inventory Elements that are created as well as the elements that already exist. If an error occurs while populating the Repository, the program exits and a message is printed to stderr.
 |
Note This tool cannot be used to modify an existing Repository. It can only be used to populate an empty Repository or add elements to an existing Repository. This tool populates the Repository currently being used by MPLS VPN Solution. |
Be sure that the following steps are taken before implementing either of the commands listed in the "Syntax" section:
Step 2 In the $ECSP_HOME directory, source as follows.
For csh users, enter:
source vpnenv.csh
For sh and ksh users, enter:
. ./vpnenv.sh
|
Note Perform Step 3 and Step 4 when running MPLS VPN Solution as a user other than the VPNSC owner. |
Step 3 If you choose to run the tool on a remote machine rather than on the same server that runs VPNSC, be sure the Naming Server (NS) and the VpnInvServer running on the VPNSC server have their permissions set correctly. For example: to allow a user (<username>) to run this tool on a remote machine, enter the following commands on the VPNSC server:
chmodit NS i+<username>
chmodit VpnInvServer i+<username>
|
Note The lowercase letter "i" indicates to invoke. |
Step 4 If the environment variable IT_DAEMON_PORT is not already set, enter the following command:
setenv IT_DAEMON_PORT 1570
Be sure you have implemented the prerequisites, as specified in the "Prerequisites" section, before implementing either of the following commands:
java VpnInvImport -xml |-old <filename> [<hostname>]
where:
-xml indicates to read from an XML formatted file.
-old indicates to read from the same format as earlier versions of this tool.
|
Note If the format of the input file, the Document Type Definition, is not known, run the VpnInvExport1.2 tool explained in the "Repository Export Tool" section. All values are case sensitive. Therefore, be sure the Boolean variables are all specified in lowercase. Also be sure that the character & is replaced by & before using XML import format. This is required because the character & has a special meaning in XML. |
|
Note In the -old format, objects are delimited beginning with <objectname> and ending with </objectname>, for example the objects would be between <VsmProviderAdminDomain> and </VsmProviderAdminDomain>. The list of attributes supported are the same as specified in the Document Type Definition of the XML file, however, unlike the -xml format, these tags are not nested. For example: in the -xml format, a VsmRegion block would come within a VsmProviderAdminDomain block, but in the -old format, they would be two separate blocks. |
<filename> is the name of the file from which to read data.
<hostname> is the name of the host where the Naming Server is running, for example: abc.efgh.com, where abc is the machine name. When this optional parameter is not specified, the default is localhost.
or
java VpnInvImport -h|help
where:
-h and help (case insensitive) request help text about the VpnInvImport command.
This section provides the description, prerequisites, and syntax for the Repository export tool, theVpnInvExport1.2 command. This tool can be run either on the server that runs VPNSC or on a remote machine.
The VpnInvExport1.2 command allows the entire VPNSC Repository to be exported into a flat file. With this Repository Export tool, you can get output of the VpnInventory Repository in text format.
Be sure that the following steps are taken before implementing either of the commands listed in the "Syntax" section:
Step 2 In the $ECSP_HOME directory, source as follows.
For csh users, enter:
source vpnenv.csh
For sh and ksh users, enter:
. ./vpnenv.sh
|
Note Perform Step 3 and Step 4 when running MPLS VPN Solution as a user other than the VPNSC owner. |
Step 3 If you choose to run the tool on a remote machine rather than on the same server that runs VPNSC, be sure the Naming Server (NS) and the VpnInvServer running on the VPNSC server have their permissions set correctly. For example: to allow a user (<username>) to invoke this tool on a remote machine, enter the following commands on the VPNSC server:
chmodit NS i+<username>
chmodit VpnInvServer i+<username>
|
Note The lowercase letter "i" indicates to invoke. |
Step 4 If the environment variable IT_DAEMON_PORT is not already set, enter the following command:
setenv IT_DAEMON_PORT 1570
Be sure you have implemented the prerequisites, as specified in the "Prerequisites" section, before implementing either of the following commands:
VpnInvExport1.2 -xml |-old <filename> [<hostname>]
where:
-xml indicates to dump the VPNSC Repository into a flat file in XML format. The Document Type Definition (DTD) is part of the output in the XML document.
-old indicates to dump the VPNSC Repository in the same format as earlier versions of this tool.
|
Note In the -old format, objects are delimited beginning with <objectname> and ending with </objectname>, for example the objects would be between <VsmProviderAdminDomain> and </VsmProviderAdminDomain>. The list of attributes supported are the same as specified in the Document Type Definition of the XML file, however, unlike the -xml format, these tags are not nested. For example: in the -xml format, a VsmRegion block would come within a VsmProviderAdminDomain block, but in the -old format, they would be two separate blocks. |
<filename> is the name of the file to which to dump the Repository.
<hostname> is the name of the host where the Naming Server is running, for example: abc.efgh.com, where abc is the machine name. When this optional parameter is not specified, the default is localhost.
or
VpnInvExport1.2 -h|help
where:
-h and -help requests help text about the VpnInvExport1.2 command.
Posted: Thu Sep 21 12:05:02 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.