Complete F5 Automated Backup Solution

Problem this snippet solves:

Hi all,

Often I've been scouring the devcentral fora and codeshares to find that one piece of handywork that will drastically simplify my automated backup needs on F5 devices. Based on the works of Jason Rahm in his post "Third Time's the Charm: BIG-IP Backups Simplified with iCall" on the 26th of June 2013, I went ahead and created my own iApp that pretty much provides the answers for all my backup-needs.

Here's a feature list of this iApp:

  • It allows you to choose between both UCS or SCF as backup-types. (whilst providing ample warnings about SCF not being a very good restore-option due to the incompleteness in some cases)
  • It allows you to provide a passphrase for the UCS archives (the standard GUI also does this, so the iApp should too)
  • It allows you to not include the private keys (same thing: standard GUI does it, so the iApp does it too)
  • It allows you to set a Backup Schedule for every X minutes/hours/days/weeks/months or a custom selection of days in the week
  • It allows you to set the exact time, minute of the hour, day of the week or day of the month when the backup should be performed (depending on the usefulness with regards to the schedule type)

  • It allows you to transfer the backup files to external devices using 4 different protocols, next to providing local storage on the device itself

    *   SCP (username/private key without password)
    • SFTP (username/private key without password)
    • FTP (username/password)
    • SMB (using smbclient, with username/password)
    • Local Storage (/var/local/ucs or /var/local/scf)

  • It stores all passwords and private keys in a secure fashion: encrypted by the master key of the unit (f5mku), rendering it safe to store the backups, including the credentials off-box

  • It has a configurable automatic pruning function for the Local Storage option, so the disk doesn't fill up (i.e. keep last X backup files)

  • It allows you to configure the filename using the date/time wildcards from the tcl clock command, as well as providing a variable to include the hostname
  • It requires only the WebGUI to establish the configuration you desire
  • It allows you to disable the processes for automated backup, without you having to remove the Application Service or losing any previously entered settings
  • For the external shellscripts it automatically generates, the credentials are stored in encrypted form (using the master key)
  • It allows you to no longer be required to make modifications on the linux command line to get your automated backups running after an RMA or restore operation
  • It cleans up after itself, which means there are no extraneous shellscripts or status files lingering around after the scripts execute

Enjoy!

Thomas Schockaert

Contributed by: Thomas Schockaert

How to use this snippet:

minimum version 11.4

Code :

67735

Tested this on version:

11.4
Updated Jun 06, 2023
Version 2.0
backups
devops
iApps
  • NetworkNerd_135's avatar
    NetworkNerd_135
    Icon for Nimbostratus rankNimbostratus
    Jun 05, 2015
    F5 Automated Backups - The Right Way https://devcentral.f5.com/s/articles/f5-automated-backups-the-right-way On that page, there's a pastebin link to: http://pastebin.com/YbDj3eMN
  • Squeak's avatar
    Squeak
    Icon for Cirrus rankCirrus
    May 30, 2016
    If I want to specify which Route domain do I just add the "%x" after the destination address I want to use? Is is possible at all to use "%"?
  • Xian_Zhong_2015's avatar
    Xian_Zhong_2015
    Icon for Nimbostratus rankNimbostratus
    May 31, 2016
    Hi Thomas I have encounter this issue totally similar to another user posted back in 2014. The problem is as such: "Has anyone got this to work 100% properly? I am not able to restore from FTP. I have no problem with making a job FTP the UCS file (without passphrase) to a FTP server. But when I download it back to the F5, and try to restore it from the file, it fails with: Saving active configuration... Current configuration backed up to /var/local/ucs/cs_backup.ucs. tar: Skipping to next header tar: Archive contains obsolescent base-64 headers gzip: stdin: invalid compressed data--format violated tar: Child returned status 1 tar: SPEC-Files: Not found in archive tar: Error exit delayed from previous errors Fatal: executing: tar -zxf /var/local/ucs/20140919_backup_test.com.ucs SPEC-Manifest SPEC-Files Operation aborted. /var/tmp/configsync.spec: Error installing package Config install aborted. Unexpected Error: UCS loading process failed. I am not sure what this mean, but I have notices that the version is “unknown” when opening the backup file on the F5. Furthermore, if I set the job to save on F5 instead of FTP, I can restore it without problem, and the version is now shown right version. Please advice. P.S. This is testet in both version 2.0, 2.0.1-tdd and 2.0.2-tdd " Please advice what could be a solution to this.
  • Sylvain_Q's avatar
    Sylvain_Q
    Icon for Nimbostratus rankNimbostratus
    Jun 27, 2016
    After the SFTP scheduled backup runs, it doesn't seems to delete the file in /var/local/ucs folder. Is there a way to be sure that the deletion is in place?
  • Richard_Reszler's avatar
    Richard_Reszler
    Icon for Nimbostratus rankNimbostratus
    Jul 18, 2016

    Error is "Error parsing template:can't eval proc: "script::run" field not present: "hostname" while executing "tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname" (procedure "script::run" line 2) invoked from within "script::run" line:1"