ACS常用操作（實(shí)戰(zhàn)）

備份============================

acs/admin#acs backup acs repository acsre 常用

恢復(fù)，其過(guò)程會(huì)停用服務(wù),初始化時(shí)間較長(zhǎng)

acs restore  *.gpg repository acsre

===============================================================

backup / restore 備份恢復(fù)所有內(nèi)容，會(huì)停用服務(wù)，還原會(huì)重啟服務(wù)器

acs-ms/admin# backup ftp repository ppp   ----------------備份所有數(shù)據(jù)                

% backup in progress: Starting Backup...10% completed 

% Creating backup with timestamped filename: ftp-160415-0138.tar.gpg 

Please enter backup encryption password [8-32 chars]:

Please enter the password again:

% backup in progress: Backing up ADEOS configuration...55% completed 

Calculating disk size for /opt/backup/backup-ftp-1460684335

Total size of backup files are 16 M.

Max Size defined for backup files are 3880 M.

% backup in progress: Moving Backup file to the repository...75% completed 

% backup in progress: Completing Backup...100% completed

acs-main/admin# debug transfer 7     **************排障常用

acs-main/admin# debug copy 7

acs-main/admin# acs backup adconfig repository ftp --------------------------備份應(yīng)用數(shù)據(jù)

6 [7102]: transfer: cars_xfer.c[108] [admin]: ftp copy out of /opt/backup/backup-adconfig-160518-1708-1463562496/adconfig-160518-1708.tar.gpg requested

6 [7102]: transfer: cars_xfer_util.c[586] [admin]: curl version: libcurl/7.16.2 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6

7 [7102]: transfer: cars_xfer_util.c[598] [admin]: full url is ftp://192.168.159.1/adconfig-160518-1708.tar.gpg

ACS backup file 'adconfig-160518-1708.tar.gpg' successfully copied to repository 'ftp'

文件名自動(dòng)加日間標(biāo)記

acs backup xx rep ftp /注意用FTP備份超32M的數(shù)據(jù)，否則可能出現(xiàn)傳輸錯(cuò)誤。

acs-ms/admin# show backup history 查看備份歷史

acs-ms/admin# show restore history 查看還原歷史

reload 重啟ACS服務(wù)器

F12 進(jìn)入引導(dǎo)菜單

mkdir disk:/backup

dir             **************查看文件目錄

show disks        *****************類linux ----- ls -l

show application status acs   ********************查看應(yīng)用服務(wù)狀態(tài)

ACS role: PRIMARY

正常情況下為running

Process 'database'                  running

Process 'management'                running

Process 'runtime'                   running

Process 'ntpd'                      running

Process 'view-database'             running

Process 'view-jobmanager'           running

Process 'view-alertmanager'         running

Process 'view-collector'            running

Process 'view-logprocessor'         running

補(bǔ)丁安裝 patch=======================================================================

acs patch install 5-3-0-40-xx.tar.gpg repository repository-name

acs-sec/admin# acs patch install 5-3-0-40-xx.tar.gpg repository ftp

Installing ACS patch requires a restart of ACS services. Continue?  (yes/no) yes

Stopping ACS.

Stopping Management and View...............................................................

Stopping Runtime......

Stopping Database....

Cleanup.....

Stopping log forwarding .....

Installing patch version '5.3.0.40.xx'

Installing ADE-OS 2.0 patch.  Please wait... 

About to install files

Removing old war

Removing old war

Removing old war

Removing old war

Removing old war

Removing old war

Removing old war

Removing old war

monit daemon with pid [4812] killed

.Starting monit daemon with http interface at [localhost:2812]

This patch includes security fixes which requires ACS server reboot. It is highly recommended to proceed with reboot

Do you want to reboot the server ? Y/N: y 

You have choosen to reboot the server, Rebooting ...

Broadcast message from root (pts/0) (Thu May 19 16:40:37 2016):

The system is going down for reboot NOW!

/opt/CSCOacs/patches/5-3-0-40-xx

Patch '5-3-0-40-10' version '5.3.0.40.10' successfully installed

ACS is already running.

Upgrading an ACS Deployment from 5.3 to 5.5===========================

Note When you upgrade from ACS 5.3 to ACS 5.5 using the “Reimaging and Upgrading an ACS Server method, 

you must install patch 8 or a subsequent patch before you start upgrading to ACS 5.5.

Note When you upgrade from ACS 5.3 to 5.5 using the "Upgrading an ACS server using the ApplicationUpgrade Bundle" method,

 it is mandatory to install the following patches one by one in the order specified:

1 Install ACS 5.3 patch 8 (ACS 5.3.0.40.8) or a subsequent patch. You need to install patch 8 or a subsequent patch prior to the upgrade or the upgrade may fail.

2 Install the "Pointed-PreUpgrade-CSCum04132-5.3.0.40" patch over patch 8 or a subsequent patch before you start upgrading from ACS 5.3 version.

bugs: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCum04132/?referring_site=bugquickviewredir

升級(jí)后可能出現(xiàn)的問(wèn)題ssh不了，

建議操作在console操作升級(jí)，如果出現(xiàn)則打最新補(bǔ)丁，在console下操作，關(guān)閉sshd服務(wù) 這個(gè)方法不一定可行。

==========================================================================================

4.upgrade 注意文件名以.tar.gz結(jié)尾---??！        

application upgrade ACS_5.3.tar.gz repository-name =====注意操作完不要按任何按鍵等待重啟

ACS displays the following confirmation message:

Do you want to save the current configuration? (yes/no) [yes]?

Step 3 Enter yes .

When the ACS upgrade is complete, the following message appears:

% CARS Install application required post install reboot...

The system is going down for reboot NOW!

Application upgrade successful

from the Monitoring and Report Viewer, choose Monitoring Configuration > System Operations > Data Upgrade Status .

The Data Upgrade Status page appears, indicating the status of the Monitoring and Report Viewer data upgrade.

When the database upgrade completes, ACS displays the following message:

Upgrade completed successfully. 升級(jí)完后確認(rèn)這個(gè)狀態(tài)為升級(jí)成功！

查看日志

show logg app

acsLogForward.log

acsupgrade.log.1

show acs-log filename xxx 對(duì)應(yīng)日志文件名，查看詳細(xì)日志內(nèi)容

show tech  升級(jí)前查看空間大小  /storeddata  這個(gè)空間是否夠解壓升級(jí)包

show version  查看版本信息

acs5.5以上，cli密碼限制在8位或以上。

ACS 默認(rèn)密碼策略

password-policy

  lower-case-required

  upper-case-required

  digit-required

  no-username

  disable-cisco-passwords 

  min-password-length 6     長(zhǎng)度

  password-lock-enabled      默認(rèn)鎖定10分鐘

  password-lock-retry-count 5  次數(shù)

acs-sec/admin# acs reset-config  5.3需要重置才能改序列號(hào)，5.5后可以不用重置

This command deletes the current ACS configuration 

and resets the ACS configuration to factory defaults.

Cisco recommends that you perform a backup before you execute this command.

Are you sure you want to reset the configuration now?  (yes/no) yes

Stopping ACS.

Stopping Management and View......................

Stopping Runtime..................

Stopping Database....

Stopping Ntpd...

Cleanup...

Resetting configuration to factory defaults.

Starting ACS ....

To verify that ACS processes are running, use the 

'show application status acs' command.

Secure Access Control System (ACS 5.x and later) Troubleshooting

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113485-acs5x-tshoot.html

ACS 5.2/5.3 backup & restore  

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113639-ptn-113639.html

5.3 to 5.5 Manifest file not found in the bundle問(wèn)題解決方案

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/200333-Troubleshoot-Manifest-file-not-found-Err.html#anc6

補(bǔ)丁包下載

https://software.cisco.com/download/release.html?mdfid=283883841&release=5.3.0.40&softwareid=282766937

鏈接官方網(wǎng)站全有。