Forum Discussion
Moving config from common partition to a new partition
Hello Experts,
We are looking forward to isolating some of the services to a new partition and the main reason is that the customer needs to assign a specific user to monitor some of the services and not all of them, so by assigning the user to a specific partition, he is still able to see the configuration in the common partition.
Referring to the below questions, has anyone faced the same scenario or is there a recommended procedure to follow this task?
I was thinking of starting on the standby node, and remove the virtual servers (and ensure that the sync typce in the HA is manual), then start creating them again on the new partition.
Is there any other workaround that we can check?
Thanks in advance.
- JRahm
Admin
Hi Mohamed_Salah_, perhaps others would disagree with me (and please do...I'm interested in alternative solutions here) but I'm not a fan of making changes on the standby. I'd rather deal with them on the active unit in a transaction. So my process for something like this would be:
- backup the current configuration
- Start a transaction
- Create the new partition
- Remove the objects from common partition that you want to move into the new partition
- Recreate the objects in the new partition
- End the transaction (you can test the transaction as well without commiting to the configuration)
- Save the configuration
Mohamed_Salah_ @
For the scenario where i have to migrate the configuration by pick and choose only for certain configuration items likeVIP, pool or pool members or profiles or SSL profiles I extensively use following MAGIC command command in tmsh mode
load sys config merge from-terminalPress CTRL-D to submit or CTRL-C to cancel
Very helpful command for Enter configuration.
To use this command we have to do preparation few steps as follows:
Step 1
=======use Bigip.conf file either by running qkview and download that qkview file outside of the F5 box using WINSCP.
qkview -s0 -f "/var/tmp/$(/bin/hostname)_$(date +%Y-%m-%d-%H-%M-%S).tgz"
Step 2
=========Upload this qkview file to to the f5 ihealth site as follows:
https://ihealth.f5.com/qkview-analyzer/
You must have credentials to login on this site, if not create one logins which is absolutely free.
Step 3
========from there you can see bigip.conf and bigip_base.conf files for LTM, for other modules there are more files need to consider like for GTM, ASm or APM,
for knowing more about configuration files read this
https://support.f5.com/csp/article/K26582310
Most of the times these 2 files will work for LTM:
/config/bigip.conf
High-level traffic management and system configuration, such as virtual servers, profiles, access policies, iRules, and authentication settings None
/config/bigip_base.conf
Base-level network and system configuration, such as VLANs, self IPs, device service clustering (DSC), and provisioning Nonefor every partition there will be one file for each , so suppose you have 3 partitions then you must have 3 bigip.conf files and 3 bigip_base.conf files, one file for each partiton.
Step 4
=======
Once you got the required files, I gather/copy all the configuration items in one separate notepad files from source partiton to destinaition partiton, usually one set in a partuicular order like virtual servers, pools , profiles etc etc, so that i can identify all the configuration items with dependency on each other are gather all in one place for easy reference and get ready.
Step 5
==========Now when i am ready i either change the objects partition name from /Common/Virtual_Server to the destination partiton like /DMZ1/Virtual_Server, for all the objects, if you are running this command from /Common partion in tmsh
load sys config merge from-terminal
Its better if you change the partion to the destination partiton using cd command
cd /DMZ
Then you dont have to change the object names or else i guess you have to remove /Common from the object names, so check on those simple things
Now once you know which objects to enter first to maintian the order so that not to get an error for dependent objects, you can easily migrate configuration in no time.
I usually migrate any length of configuraiton from few lines like 10-15 lines upto 7000-10000 lines very very easily, just need to plan and organize and check all the items and their dependent config items, if you know all those order and sequence of items, you can easliy pick and chose what configuration items to move from one partitoin to another or from one box to aother or from one hardware to another hardware box .
Please wite back to me if you still need a more details.
Prerequisites
You must meet the following prerequisite to use this procedure:
You have Advanced Shell (bash) access to the BIG-IP system.
You are proficient with basic Linux commands.https://support.f5.com/csp/article/K12278
https://support.f5.com/csp/article/K13830181
References for load /sys config merge from-terminal with sample examples
https://support.f5.com/csp/article/K81271448
https://www.xglobe.com/knowledgebase/networking/f5-load-balancer/f5-copy-ltm-config-to-another-devic...
https://community.f5.com/t5/technical-forum/migrating-older-f5-big-ip-has-3-partitions-amp-route-domains-rd/m-p/306903#M264587
"load sys config merge " with the help of an example
You can use the load sys config merge command to import the configuration as written in bigip.confIf you want to write to a particular partiton change your folder using
cd /Partition1
or
cd /Partiton2
and then use the load sys config merge command so that the configuration will be written in bigip.conf file for that specific partition or else you have to give in the name reference like we give
/Common/VIP1
......
/partition1/VIP10
/Partition2/VIP20
Do write back to me for more details and i will try to share details with an example
HTH
