For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Makengo_134399's avatar
Makengo_134399
Icon for Altostratus rankAltostratus
Sep 25, 2013

Backup a BIP-IP VM appliance LTM and restore to a Hardware 2000 LTM series

How can I restore a backup config from a Big-IP Virtual Appliance LTM to a Big-IP 2000 series that has LTM licence. Both have version BIG-IP 11.3.0 Build 3117.0

 

8 Replies

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Sep 25, 2013

    You can try to export a .ucs archive.

    Create from CLI with: 

    tmsh save sys ucs your_archive_name_here

    You will find it in /var/local/ucs.

    Now copy it to your licensed destination machine and restore: 

    tmsh load sys ucs backup_some_stuff.ucs no-license no-platform-check

  • Makengo_134399's avatar
    Makengo_134399
    Icon for Altostratus rankAltostratus
    Sep 26, 2013

    I get an error when doing that.

     

    e no-platform-checkve:Standalone] config tmsh load sys ucs dct01.ucs no-licens Processing UCS file: /var/local/ucs/dct01.ucs

     

    Installing full UCS (11.3.0) data, excluding license file. Saving active configuration... The hostname is set to dct01 Extracting manifest: /var/local/ucs/dct01.ucs Product : BIG-IP Platform: UCS : Z100 System: C112 Version : UCS : 11.3.0 System: 11.4.0 Edition : UCS : Hotfix HF5 System: Final Hostname: dct01 Installing --full-- configuration on host dct01 Installing configuration... WARNING: This system's device certificate uses a key size that is considered insecure. It is strongly recommended that you use a certificate with a key size of at least 2048 bits. ATTENTION REQUIRED: Your previous configuration files have been archived, as listed below. If you customized any settings in these files before upgrading, you will need to manually restore those changes by using the Configuration utility or Traffic Management Shell (tmsh). Archiving /config/wa/globalfragment.xml.11.3.0 Archiving /config/wa/pvsystem.conf.11.3.0 Archiving /config/wa/pvsystem.dtd.11.3.0 Post-processing... Reloading License and configuration - this may take a few minutes... Configuration loading error: base-config-load-failed For additional details, please see messages in /var/log/ltm

     

    WARNING: There were one or more errors detected during installation. Check the error messages and take the proper actions if needed. ERROR: UCS installation failed. Operation aborted.

     

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Sep 26, 2013

    Have a look at your /var/log/ltm to see what´s wrong with your /config/bigip_base.conf, please.

     

    Perhaps there is a mismatching interface setting. In this case you can remove the VLAN / interface assingments before exporting the ucs archive.

     

  • DanS_24772's avatar
    DanS_24772
    Icon for Nimbostratus rankNimbostratus
    May 21, 2014

    I know this question was a while back - but I'm trying to do something similar

     

    I set up networking/vlans and ha, now want to import all certs/files/vips/pools/irules

     

    how can I selectively load parts of a UCS file? say I wanted to not overwrite the vlan config I've already done? extract tar, edit specific files, tar back into a ucs?

     

  • Makengo_134399's avatar
    Makengo_134399
    Icon for Altostratus rankAltostratus
    May 21, 2014

    Yoou can open your UCS file with 7-zip for example and export files /config/bigip_base.conf (this keeps vlan config and network) and /config/bigip.conf (this has most of your config: pools, virtual servers, irules.....). So you can modify your load config using nano editor (ssh to your LTM).

     

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    May 21, 2014

    As already described by Makengo, the ucs is a zipped tarball. You can easily open the archive and extract the relevant information from /config/bigip.conf, /config/bigip_user.conf, /config/partitions//bigip.conf (in case you are using admin partitions.

    The filestore directory contains private keys (in case you have decided to export them as well), certs and external monitors.

    Before trying to load the previous configuration, it will be necessary, to import the mentioned files into the filestore of the target system and use the same file name references. The bigip.conf is a textfile. Use an editor of your choice to extract all relevant configuration information (monitors, profiles [file name references need to fit for pre-imported keys & certs], nodes, pools, iRules, virtual servers).

    Copy the file to i.e. /shared/import_ve.conf Now you can use the tmsh load sys merge file command, to import the extracted configuration elements and save to startup config afterwards: 

    tmsh load sys config merge file /shared/import_ve.conf

    tmsh save sys config

    Watch your log file during the import for error messages in a 2nd shell: 

    tail -f /var/log/ltm

    This should do the job.