Forum Discussion
patrickdaj_7040
Nimbostratus
Nimbostratusgtm_add/bigip_add without SSH
My security team will not allow SSH between my F5 systems that is required to run bigip_add and gtm_add. There assumption is that there must be a way to do it manually since it isn't needed after initial setup. What I mean by that is, after all ltms are added with bigip_add and initial master/slave sync is done on gtms...iquery is the only required open port. I'm curious how others have dealt with this. I took a look at the scripts and I think gtm_add can be done manually like this:
! on both gtms
Paste /etc/httpd/conf/ssl.crt/server.crt into /config/big3d/client.crt of peer and /config/gtm/server.crt of self
! on slave gtm
bigstart shutdown gtmd
bigstart shutdown zrd
bigstart shutdown named
! on master gtm
f5mku -K ! take output from this
! on slave gtm
f5mku -r ! and add it here
syncher -shell iqsh
sync_zones -noreload -shell iqsh
gtmparse -l -k
bigstart start gtmd
bigstart start zrd
bigstart start named
bigip_add is a lot easier but I'll include it below.
! on ltms
Paste /etc/httpd/conf/ssl.crt/server.crt of gtm into /config/big3d/client.crt
! on gtms
Paste /etc/httpd/conf/ssl.crt/server.crt of ltm into /config/big3d/client.crt
1 Reply
patrickdaj_7040Just in case there is anyone else out there that ends up having to do this. The procedure I detailed does appear to work. At least for my version 10.2.4.
