F5 GTM communication

Hi all,

 

 

Excuse the novice post, I'm quite new to getting this kind of thing working and have read through some posts I've found on the site. I do have a manual but it's quite brief and not much help here...

 

 

I'm trying to get two GTMs communicating but am having a bit of an issue... they are both up and running, and I configured both GTMs public IPs in the servers section with bigip health monitor and virtual server discovery enabled.

 

 

the steps I've taken so far to get them talking are:

 

 

i) Changed sync group name to something more appropriate.

 

 

2)

 

On the first GTM:

 

 

[root@glb01:Active] config cd /config/httpd/conf

 

[root@glb01:Active] conf cd ssl.crt

 

[root@glb01:Active] ssl.crt ls

 

server.crt

 

[root@glb01:Active] ssl.crt openssl x509 -x509toreq -in server.crt -out server.csr -signkey /config/httpd/conf/ssl.key/server.key

 

Getting request Private Key

 

Generating certificate request

 

[root@glb01:Active] ssl.crt openssl x509 -req -in server.csr -signkey /config/httpd/conf/ssl.key/server.key -days 3650 -out server.crt

 

Signature ok

 

subject=/C=--/ST=WA/L=Seattle/O=MyCompany/OU=1222281709/CN=dhcp-71/emailAddress= root@dhcp-71

 

Getting Private key

 

[root@glb01:Active] ssl.crt bigip_add [dest ip]

 

 

3) The same was done on the second GTM, and then:

 

 

[root@glb012:Active] ssl.crt gtm_add [dest ip]

 

WARNING: Running this script will wipe out the current configuration

 

files (wideip.conf, named.conf and named zone files) on the BIG-IP GTM

 

Controller on which this script is run. The configuration will be

 

replaced with the configuration of the remote BIG-IP GTM Controller

 

in the specified sync group

 

The local BIG-IP GTM MUST already be added in the configuration of the

 

other GTM.

 

 

Are you absolutely sure you want to do this? [y/n] y

 

 

==> Running 'bigstart shutdown gtmd' on the local system

 

==> Running 'bigstart shutdown zrd' on the local system

 

==> Running 'bigstart shutdown named' on the local system

 

Retrieving remote and installing local BIG-IP's SSL certs ...

 

Enter root password if prompted

 

Password:

 

Verifying iQuery connection to 203.18.109.66. This may take up to 30 seconds

 

 

Retrieving remote GTM configuration...

 

 

Retrieving remote DNS/named configuration...

 

 

Sync_zones script failed to retrieve DNS/named configuration:

 

13294:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844:

 

---

 

New, (NONE), Cipher is (NONE)

 

SSL-Session:

 

Protocol : TLSv1

 

Cipher : 0000

 

Session-ID: B5B3639B5D832B69BC3314201A2DBACC63E01B4C42C7FB611CD4F541B641774D

 

Session-ID-ctx:

 

Master-Key:

 

Key-Arg : None

 

Start Time: 1225330204

 

Timeout : 7200 (sec)

 

Verify return code: 0 (ok)

 

---

 

rsync: connection unexpectedly closed (0 bytes received so far) [receiver]

 

rsync error: unexplained error (code 255) at io.c(453) [receiver=2.6.9]

 

Could not sync /var/named//config/named.conf!

 

 

Restarting gtmd

 

Restarting named

 

Restarting zrd

 

[root@glb02:Active] ssl.crt

 

 

if I run the bigip_add script again, iqdump shows more normal heartbeat output again btu replication doesn't work. Am I missing something simple here?

 

 

Thanks in advance!

 

 

EDIT: I followed the guide I found on here (http://devcentral.f5.com/Wiki/default.aspx/AdvDesignConfig/GTMDeployment.html) after deleting the certificates I'd created, but still no joy..