Forum Discussion

Roman_Melekh's avatar
Roman_Melekh
Icon for Altocumulus rankAltocumulus
May 09, 2023

Backup F5 BigIP using RestAPI and PowerShell (again?)

Hello! I went through the Forum and I saw a lot of related messages but none of them actually answered my question.

The documentation [I found] leaves to be desired and I hope that the community is able to help me. 

I am looking for a simple "backup everything and store as a file" solution and it looks like it is much more than just 2-3 RestAPI calls. 

So, I am able to connect and get a token. Now, I am googling the "Create Backup" command and nothing works. Could you please point me to the exact link that will create a new backup? I also think that it could be a "story" to download the backup, so I will be happy to get any advice on that also. Thanks.

 

  • Thanks for the link. I am going to share it with my team players to be reviewed.

    But, anyway, having both options to compare will be smart. 

    I found two commands for saving-loading data and I need somebody who knows what is it to help me.

     

    Save/Load config -  tm/sys/config
    Save/Load UCS -  tm/sys/ucs

    What does "config" and what does "USC"?
    I am looking for an option to be able to restore all settings. 

    I did create a backup file using tm/sys/ucs but not sure if this is the right way. It looks like it is very simple (when everything is working):

    $headers = @{
        "Content-Type" = "application/json"
        "X-F5-Auth-Token" = "$token"
    }
    
    
    $body = @{
        
        "command" = "save"
        "name" = "testBackup.ucs"
        "includePrivateKeys" = $true
        "isEncrypted" = $false       
        "description" = "This one is done from PowerShell"
    
    } | ConvertTo-Json
    
    
    $result = Invoke-RestMethod -Uri "https://$server/mgmt/tm/sys/ucs" -Method Post -Headers $headers -Body $body 

     

     

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP

      Roman_Melekh So config is the configuration on the device and is essentially loading what is in the config file on the device when you use the load command and saving the CLI changes you made to the config file on the device. A UCS is an archive file of the entire configuration and all settings on the F5 device. Please keep in mind that, depending on the code version, the UCS uses a master-key to encrypt and decrypt certain pieces of configuration in the UCS backup. It is important that you save the master-key of the device in a secure location so if you ever have to replace your device with a new one because the existing failed you will have to set the master-key to the same one as it was before or the UCS will not load properly. The UCS also stores the license of the device which is a unique pairing to the previous device so you will have to use the appropriate load command with the UCS so it doesn't load the license. You can use command "f5mku -K" without the quotations to view the existing master-key.

  • Roman_Melekh I would rather run the backup process locally on the F5 rather than having a device run remote commands and copy files off. You can do this all using the following link with the only catch being that every time you run a code upgrade you will most likely have to set it all up again. Luckily if you setup a step by step guide to this it should be easy enough to run each time you perform a code upgrade since they don't typically happen too often. You will need to know which remote system you will be copying your backups to but that should be easy enough.

    https://my.f5.com/manage/s/article/K13418