Forum Discussion

LFR's avatar
LFR
Icon for Altostratus rankAltostratus
Mar 09, 2022

Migrating one partition from old VIPRION to a new i7800

Hello,

I'll start soon to do a migration from an old VIPRION BIGIP to a new chassi, i7800. In the old chassi I have vCMP with several partitions.

I don't want to migrate the vCMP at once. The idea is to migrate one partition at time. I can do backup in UCS and SCF format. I appreciate help for the procedure of this kind of migration. Can I edit de UCS file and delete but the partiton I want to migrate in the maintenance window, and do that for the next partition and so on.

What else should I delete and what should I keep in the UCS file? Of couse I have SSL certificates and key, and some key with password, which I don't know.

I appreciate ideas for this. Thanks.

LFR.

application delivery
migrate one partition to new bigip

6 Replies

Sort By
  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Mar 13, 2022

    I would recommend to view F5's journey tool. Some months back I had a chance to witness the demo and it's pretty cool. 

     

    https://github.com/f5devcentral/f5-journeys

     

    It has options to move all at once or per application basis. You would need to install few stuffs to run the tool though, but it's cool. Let me know your thoughts.

     

  • CA_Valli's avatar
    CA_Valli
    Icon for MVP rankMVP
    Mar 10, 2022

    Hello, of course you want them to be in the same version.

    One big difference will be interface numbering. This will very likely change between hardware so you'll likely have to do this part from scratch. Actually, I might even suggest you to replicate the whole vCMP host configuration from scratch since hardware differs a lot. 

    Once you've done this, vCMP Guest migration should be easy, I'd suggest creating empty instances on the new i7800 (since resource provisioning varies) running the same version, assign them the VLANS (naming must be the same if you want to work with UCS), perform f5mku rekeying on new guest to match the current key in old hardware, and then upload UCS file with -nolicense option.

    • CA_Valli's avatar
      CA_Valli
      Icon for MVP rankMVP
      Mar 10, 2022

      Sorry -- I noticed you also mentioned you want to work one partition at a time.

      This is a little tricker, however partition-specific configuration files are found in /config/partitions/<partition_name>/ folder. 

      One thing that might work will be copying and pasting <partition_name> files bigip.conf, bigip_base.conf and any additional files you might find there. 

      Create a partition with same name on new vCMP, move into the folder, create empty files and import text config from your backup.

      The problem with this will be that you won't have all the files normally available in an UCS backup (packet captures, custom scripts, etc.) since you'll just work with text config, but it's the best way that comes to my mind to work on only one partition at a time. Also, again, be careful with network settings as there might be differences (I won't expect it on vCMPs but experience suggests "take care") 

       

      #.conf files for old vCMP was uploaded in /var/tmp/oldunit_partition1_bigip.conf 
#.conf files for old vCMP was uploaded in /var/tmp/oldunit_partition1_bigipbase.conf 

#step 1, create partition and confirm cfg files are present 
bash

tmsh create /auth partition <partition_name>
tmsh save sys config

touch /config/partitions/<partition_name>/bigip_base.conf
touch /config/partitions/<partition_name>/bigip.conf

tmsh save sys config

#step 2, backup current files and import partition configuration from text config

cp /config/partitions/<partition_name>/bigip_base.conf /config/partitions/<partition_name>/bigip_base.conf.backup
cp /config/partitions/<partition_name>/bigip.conf /config/partitions/<partition_name>/bigip.conf.backup

# do one file at a time 

cp /var/tmp/oldunit_partition1_bigipbase.conf /config/partitions/<partition_name>/bigip_base.conf

tmsh load sys config verify 
#confirm no errors , or address current ones -- it will show what line has problems in the file
tmsh load sys config # pull config from text
tmsh save sys config # push running configuration into text+startup config

#if this works try bigip.conf too
#for quick backup, copy the bigip_base.backup file into bigip_base.conf and load+save

       

  • LFR's avatar
    LFR
    Icon for Altostratus rankAltostratus
    Mar 11, 2022
    CA_Valli,
     
    Thank you. I'll need to do a lab, I need to know how can I recreate: network vlans at bigip host; associate VLANs with the vCMP; and the pki certificates.
     
    Best Regard,
    LFR.
  • LFR's avatar
    LFR
    Icon for Altostratus rankAltostratus
    Mar 14, 2022

    Hi,

    From my LAB, and for my case, I found the certificates and key (and other files, like ifile) at/and do:
    - I copy the directoty from UCS: /var/tmp/filestore_temp/files_d/<partition_name>_d
    - to the new bigip directory: /config/filestore/files_d/

    maybe because in my old bigip I have created the certificates at the partition context.

    The certificate and keys file name has the format ":<partition_name>:<certificate_name>" and I copy it (with Winscp) from the UCS to bigip and I notice the names has changed to "_<partition_name>_<certificate_name>", so I need to rename the file name to replace "_" with ":".
    I'm doing this at windows PC.

    I have to add part of config to bigip.conf, at new bigip dir /config to add the certificate file reference (the same part of config from the UCS file), like this (at tmsh):

    load sys config from-terminal merge

    sys file ssl-csr /Common/<certificate_name> {
    cache-path /config/filestore/files_d/Common_d/certificate_signing_request_d/:Common:<certificate_name>
    revision 1
    source-path /config/ssl/ssl.csr/<certificate_name>
    }
    sys file ssl-key /Common/<certificate_key_name> {
    cache-path /config/filestore/files_d/Common_d/certificate_key_d/:Common:<certificate_key_name>
    revision 1
    source-path /var/run/key_mgmt/0fx0wn/ssl.key/<certificate_key_name>
    }

    #<CTRL-D>

    save sys config

     

    Please note the certificate and key file names has an extra suffix, which must match at /config/bigip.conf.

    Thak you for the help.
    Best Regards,
    LFR.