Nexus - Backup and Rollback
Anyone who has been through a change management process can tell you that you need to have a rollback plan. Fortunately, the Nexus platform makes this a little easier for us.
Before a change is made, an administrator can create a checkpoint, which is a point-in-time snapshot of the switch configuration. If there is a problem with the change, the administrator can then rollback to the checkpoint config. A significant advantage to using this in a rollback plan is that the administrator does not need to understand all the config in the switch to roll back.
To create a checkpoint, use the checkpoint command.
switch# checkpoint NewCheckpoint ..Done
A list of checkpoints can be seen with show checkpoint sumary
switch# show checkpoint summary 1) NewCheckpoint: Created by admin Created at Thu, 02:36:53 24 Nov 2016 Size is 33,512 bytes User Checkpoint Summary -------------------------------------------------------------------------------- Description: None
To see a rollback in action, we're first going to make some config changes. In this case, we're going to add a VLAN.
switch# conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)# vlan 200 switch(config-vlan)# name NewVLAN
A list of changes between the checkpoint and the running config can be generated. In addition to the running-config, a combintation of startup-config and other checkpoints can be used.
switch# show diff rollback-patch checkpoint NewCheckpoint running-config Collecting Running-Config #Generating Rollback Patch !! ! vlan 200 name NewVLAN
There are four options for rolling back:
- Atomic - Roll back will only take effect if no errors occur; This is the default
- Best-Effort - Skip any errors, and continue rollback
- Stop-at-first-failure - Roll back until an error occurs; May result in a partial roll back
- Verbose - Show full detail during roll back
Here, the configuration is rolled back with the rollback command.
switch# rollback running-config checkpoint NewCheckpoint atomic Note: Applying config parallelly may fail Rollback verification Collecting Running-Config #Generating Rollback Patch Executing Rollback Patch Generating Running-config for verification Generating Patch for verification Verification is Successful. Rollback completed successfully.
To prove that it works, have a look at the VLAN configuration. You will notice that the VLAN created earlier is now gone.
switch# sh run vlan !Command: show running-config vlan !Time: Thu Nov 24 02:43:21 2016 version 7.3(0)D1(1) vlan 1
Up to 10 checkpoints can be created. In the case of the N7K, this is 10 checkpoints per VDC. Checkpoints are cleared when the write erase command is issued, when the reload command is issued (depending on NXOS version), or when the clear checkpoint database command is issued.
Be aware that roll backs are not supported across different NXOS versions. If this is required, a best-effort rollback could be used, and the administrator could handle any errors manually.
There are some guidelines that apply to valid checkpoint names.
ITDRollback may fail when using ITD. This is because the ITD config cannot be edited while the service is enabled.
To resolve this, first shut down the ITD service, then try the rollback.
Last update 2018-02-07 10:26