Forum Discussion
Ajene
Altocumulus
AltocumulusMigrate APM Config between versions
Hi everyone! I've been performing a large migration for a customer and all has been going fine. However, I'm now working on a set of appliances that have the APM feature enabled. What is the best ...
CA_Valli
MVP
MVPAccess policies will likely refer several other objects that have been configured in APM, depending on the scope they will likely be other Authentication servers, VPN resources, webtops, logging profiles etcetera. Basically everything in the GUI menu that isn't "access profile" is an object that supports your authentication flow and that might or might not be in use.
Of course, they must be imported as well in new configuration. If you're familiar with references and names it will be pretty easy to find out if an object is missing and which one it is.
When I work on different/incompatible versions I usually pursue the text-config way since it allows me to perform bulk edits within a few minutes, so I'd still suggest it expecially if you have more than one policy to import.
I would create an .ucs file of v12.1.5 appliance, unzip it to retrieve /partitionname/bigip.conf file, and copy-paste in a new file all the objects that begin with "access" or that are related to APM.
Then I would do the same with the new BIG-IP appliance files, and use something like notepad++ to compare these lines. Some objects are defaults and I'd just leave them the way they are, but you'll likely need every other missing object in your new configuration.
Then I would connect to new appliance's CLI (standby appiance if they're in production), back up the configuration:
cp /config/partitions/partitionname/bigip.conf /config/partitions/partitionname/bigip.conf.backup
and edit the .conf file, I personally like VIM
vi /config/partitions/partitionname/bigip.conf
paste all your lines (you can just paste it all at the beginning) , save file, and run:
tmsh load sys config verify partitions partitionname
if succesful,
tmsh load sys config
tmsh save sys config ## this will also re-order your text config file and put pasted lines in their supposed order/place
if unsuccesful, read missing object's name, try to find it in UCS config files and make sure it exists in new file
grep <name> /config/partition/partitionname/bigip.conf
confront it as well with default object type (in new version) to find lines that might have changed syntax
for quick backup, run "cp bigip.conf.backup bigip.conf" ; i believe "tmsh save sys config" should also work since you only edited text config without actually loading it, and this will overwrite any edit you made on .conf files
hope this helps
CA