Hello,after Upgrade an active/standby cluster to 16.1.2.2 I ran into this:https://support.f5.com/csp/article/K14823198now I've 2 questions:1. do I have to run this commands on active or standby?2. what impact have this commands? I'm afraid of both units are active for a minute or so.Thank you

Solution:F5-Support provided me a Script "ha-sync" and after run /var/tmp/ha-sync --force -H 192.168.97.2 -D device-group-failover-21b78xxxxeverything's ok now

K14823198: ASM guided configuration not synced to peer device after upgrade impact

Nikoolayy1
MVP
May 10, 2022
restjavad restnoded are not critical processes related to F5 REST-API so it shouldn't cause big impact but still do this in a maintainance window:

https://support.f5.com/csp/article/K48615077

Also read the bug articles as they specify to run the commands first on the active then sandby

https://cdn.f5.com/product/bugtracker/ID860245.html

https://cdn.f5.com/product/bugtracker/ID835517.html
kgaigl
Cirrocumulus
May 10, 2022
thank you, but my concern is, that if the device-trust is reset, then for a (very short) time both units are active and so there would be IP Adress Conflict when the same VIP's on both units are active.
I think about the commands restcurl -X DELETE...
I will try after Office Hours
- Nikoolayy1
  MVP
  May 10, 2022
  If you are worrying about split brain you can make the standby in offline mode this way it will not take over as active even when the trust is broken between the HA pair.
kgaigl
Cirrocumulus
May 12, 2022
oh, didn't think about this, thank you
- Nikoolayy1
  MVP
  May 13, 2022
  Hello,
  
  After the upgrade please share if everything is ok and if you saw any issues so we can close the question.
  - kgaigl
    Cirrocumulus
    May 18, 2022
    I'm in contact with the support, they told me to change in Ressource Provisioning the Management from Small to Large, now:
    [root@ldb-ara31-brz-00:Standby:In Sync] ~ # restcurl shared/gossip |egrep '\"status\"|\"gossipPeerGroup\"' "status": "ACTIVE", "gossipPeerGroup": "tm-shared-all-big-ips",
    in the overview of the Security Policies the Policies are present and attached to the VS, but under Guided Configuration, the Policies are still not present.
    It looks like a displaying Error.
    tried to export/import the Policies, get an Error, Policy already exists
    tried to create a new Policy, this will also not displayed on the standby

kgaigl

Cirrocumulus

May 16, 2022

after running the described actions, it's still the same on the standby-unit:

[root@ldb-ara31-brz-00:Standby:In Sync] ~ # restcurl shared/gossip |egrep '\"status\"|\"gossipPeerGroup\"'
  "status": "UNPAIRED",
  "gossipPeerGroup": "tm-shared-all-big-ips",

kgaigl
Cirrocumulus
Jun 02, 2022
Solution:
F5-Support provided me a Script "ha-sync" and after run
/var/tmp/ha-sync --force -H 192.168.97.2 -D device-group-failover-21b78xxxx
everything's ok now

Forum Discussion

K14823198: ASM guided configuration not synced to peer device after upgrade impact

Recent Discussions

APM RDP custom parameters

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Related Content

Software Upgrade

Multiple Ways to Configure Usage Reporting in NGINX

Upgrade- Boot location Install Configuration to Yes or No.

BIG-IP Upgrades Part 2 - Upgrade Behavior

Knowledge sharing: F5 Software Upgrade/RMA process

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS