Forum Discussion
NimbostratusReplace one LTM unit with another one in HA-pair without service disruptive
Hello!
I would like to make sure how to replace failed unit with the new one in HA cluster ( 2x LTM) without service disruptive. Accourding to this document http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8086.html whole process is pretty simple (restore backup on new unit, poweroff, connect new unit to network, turn on new unit) and after that cluster should be up and running without doing additional steps ??
I ask this question because i heard that sometimes it is needed to reset device trust - is it true ?
Regards Tom
4 Replies
EmadCirrostratus
Yes! you have to create new device trust.
The best possible way is you install new unit, only Access Management console, shut/disconnect Ethernet ports on switch level, activate license , restore backup with out license, make this new device forced offline and no-shut/Connect Ethernet ports on switch level. After that you can make new device trust, enable network fail-over and config sync.
natheCirrocumulus
Hmmm...now I didn't think you had to reset device trust. I'm trying to recall when I last had to do this (was a while back now).
I'm sure this is what I did: power on replacement unit, logon to the bigip via a console connection and do the config bit. Then connected the mgmt interface to logon and do the base config, i.e. license, provisioning. I then restored the failed box's UCS file (with the no-license flag). Once UCS file restored and the config looks good then re-attach all the network cables/ serial failover if using hardware failover too. I then did a configsync from the active to this new standby appliance and all was good.
Of course resetting device trust is the next option if you get any sync failures once you're restored the ucs file.
Happy to be corrected on this but I'm sure I didn't need to reset the trust.
Hope this helps,
N
Tom_112729Thank you for your answer. I have few questions regarding last steps you talked about. I put below only steps which aren't done yet or aren't clear to me.
1 "Make this new device forced offline" - it's clear 2 "no-shut/Connect Ethernet ports on switch level" - it's clear 3 "After that you can make new device trust" - can it be done without any service disruptive? (if there would be service disruptive i have to get permission for service window from business) - would it be "enough" to reset trust ? 4 "enable network fail-over" - is it mean release offline new_unit ? //we have configured network failover ( two units are conencted directly without switch) 5 config sync - it's clear
Regards Tom
- Emad
3 "After that you can make new device trust" - can it be done without any service disruptive? (if there would be service disruptive i have to get permission for service window from business) - would it be "enough" to reset trust ?
Ans :When you add offline device in cluster then it wont create an issue(your new device should not get in active active state by any mean)
4 "enable network fail-over" - is it mean release offline new_unit ? //we have configured network failover ( two units are conencted directly without switch)
Ans: That is after you reset or create new device trust validate configuration i.e network failover, config sync. and then perform any change on Online Active device. Perform Configuration sync to validate configurations.
