I am working on a F5 LTM migration, where a pair of LTM running 14.1.x will be migrated to 2 VMs. All configs can be migrated via UCS loading, but there are LACP configured for their network interfac...
1) SSL certificate repository is not normally contained in SCF file, use proper tar-file syntax if you need to export those as well
2) platform migration might still introcuce some challanges, for example interface naming might not match between baremetal hardware and the new VM's. If the objects names aren't exact matches, configuration import will still fail. This might also apply to LACP -- if this is the case, you might have better luck with importing manually the configuration.
I'm sometimes tasked to perform acceptance testing on some customer configuration, which often translates to me creating a VM environment from a baremetal unit backup. I'm pretty confident with bigip configuration files, and the quickest way for me to complete those configuration is just to just overwrite my VM configuration files with configurations that are extracted from a ucs/scf backup:
# first, I manually configure VM with appropiate network settings
# next, I import the other unit configuration files on the VM with SCP, let's assume I'm using /shared/tmp/ folder
# lastly, I use these commands to import every file until configuration is fully loaded
cp /config/bigip.conf /config/bigip.conf.backup
cp /shared/tmp/other-hardware-bigip.conf /confing/bigip.conf
tmsh load sys config verify
tmsh load sys config
tmsh save sys config
# for SSL, the keys in UCS file can be found under \var\tmp\filestore_temp\files_d\Common_d\certificate_key_d\
# I use SCP to copy them all in /config/filestore/files_d/Common_d/certificate_key_d/
# same thing for certificates which are in same path ..\certificate_d
#then, I use tmsh command to import all crt/keys. It does not accept wildcards but it's easy to script
# https://support.f5.com/csp/article/K14031 for reference
tmsh install /sys crypto key <SSL-key-name> from-local-file <path-to-key-file>
tmsh install /sys crypto cert <SSL-certificate-name> from-local-file <path-to-certificate-file>
#remember that SSL files aer referenced in the bigip.conf file, so if you need them you should import them before overwriting the bigip.conf file.