I am updating an iControl for a customer and I am unable to get the sync status of the active device. In version 10.x, I was able to access the DBVariable for Configsync.State and read the value for the sync state. However, in 11.x this does not provide reliable results. There is a tmsh command "show /cm sync-status" but I cannot find the equivalent iControl function to obtain this data. None of the available methods in iControl :: System (ConfigSync, HAGroup or HAStatus) seems to yeild the simple information that I am needing to determine the current sync status of the active device.

Hi Jay, This may be what you are looking for: https://devcentral.f5.com/wiki/iCon...query.ashx

Thanks Jonathan, that is the way I was retrieving the sync status on v.10x, however, that variable is not reliably populated in v.11x. I know the sync status is being stored somewhere, hence the tmsh command to view it, but I can find nothing in the 11.2 iControl.dll that reports the status.

Is it possible to execute a tmsh command within an iControl and capture the output? The iControl is written in vb.net. If this is possible then I could execute the command above and parse the output for the sync status.

I'm hoping the answer is an 'iControl' centric solution; an API or DB Variable.

Glenn and Jay, I, too, am looking for a solution to this problem. Have you had any success? John

Get sync-status | DevCentral

19 Replies

John_Matlock_42
Nimbostratus
Jan 10, 2013
The sync status has changed on several of those 6900 pairs, but iControl is still returning the old status from a couple hours ago. I may create my own thread instead of hijacking this one.

Jonathan, are you using Viprions by chance?

John
Jonathan_Scholi
Cirrostratus
Jan 10, 2013
We have Viprions, yes.
John_Matlock_42
Nimbostratus
Jan 10, 2013
So it would appear there are two issues for me:

1. "configsync.state" is always returned as -1 for Viprions

2. "configsync.state" returns with a valid code on my 6900s, but doesn't seem to update once I sync the config.

John
John_Matlock_42
Nimbostratus
Feb 01, 2013
Per F5:

The iControl methods get_last_sync_time, get_member_states, and get_sync_state were removed in BIG-IP v11.1 (ref: https://devcentral.f5.com/wiki/iControl.New-In-Version11-1.ashx, at the bottom of the page). Until such time that sync state methods are re-implemented, it may be possible to programmatically run a tmsh command (e.g., tmsh show /cm sync-status), and parse the response for current status. For more detail on determining device group status via tmsh, please refer to:

sol13946: Troubleshooting ConfigSync and device clustering (11.x)

http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html
Stefan_Klotz
Cumulonimbus
Apr 22, 2013
I'm also very interested in that topic, because I have to recode a configsync tool from v10 to v11. After a few minutes reading this seems to be somehow very difficult.

It's not only the missing sync state, but also how to handle the different options.

There is a sync_to_group and sync_from_group call, but only with one parameter "device group". What about the option in the WebGUI "Overwrite Configuration"?

As the WebGUI itself is also running with iControl in the background, the requireded commands seems to be available. But why is it so complicate to document this in the latest v11-API?

If someone is getting further in the meanwhile please let us all know.

Thank you!

Ciao Stefan :)
Stefan_Klotz
Cumulonimbus
Apr 23, 2013
In the meanwhile I made a small Perl-script which parses all the DBVariables and I executed it on a VE v11.2.1 with the following result:

Configsync.Username -> admin

Configsync.timediff -> 600

Configsync.State -> -1 - uninitialized or disabled config state

Configsync.port -> 443

Configsync.PeerUpdateInterval -> 30

Configsync.peerupdatedstatus -> 0

Configsync.PeerState -> unknown

Configsync.PeerIpaddr -> ::

Configsync.PeerConfigTimeRaw -> 0

Configsync.PeerConfigTime -> 0

Configsync.password -> unused

Configsync.Passphrase ->

Configsync.LocalSyncedTime -> 0

Configsync.LocalConfigTime -> 1366725733

Configsync.Excludes ->

Configsync.Encryption -> off

Configsync.csdone -> 0

Configsync.Autodetect -> disable

Configsync.AllowManagement -> disable

But I tested it also against a productive system running v11.3.0 HF3 and there I only get the following values:

Configsync.Username -> admin

Configsync.PeerIpaddr -> ::

Configsync.password -> unused

Configsync.LocalConfigTime -> 1366725047

Configsync.AllowManagement -> disable

Where is the difference coming from? Is it related to VE vs. appliance or is it depending on the TMOS version?

As an idea I could think of a solution, where you have to check the "LocalConfigTime" on both device seperatly and compare it. Based on which has the latest timestamp make your own preferred Configsync statement.

Any other ideas?

Ciao Stefan :)
Stefan_Klotz
Cumulonimbus
Apr 30, 2013
I found some more details, but it doesn't seem to be available in all versions.

Here on DevCentral the API includes the following two functions:

get_last_sync_time
get_sync_state

But in the latest v11.3 Assembly it's not included anymore.

What's going on here, this is really disappointed.

:EDIT: in v11.2 it's also not included, but I found it in v11.1 (but what happend if I run the script on a later version? -> I tested it and it's not working). Therefor the function sync_to_group_v2 (which provides the force option) is not available anymore, because this was first introduced in v11.2

Ciao Stefan :)
zenet_131061
Nimbostratus
Aug 13, 2013
Any luck with this? I'm looking for to retrieve the same information and noticed the methods were removed. I don't have access to tmsh, so this needs to be done through the API. I tried DBVariable.query and it did not work :(

Thank you for any ideas.