Complete F5 Automated Backup Solution

Problem this snippet solves:

Hi all,

Often I've been scouring the devcentral fora and codeshares to find that one piece of handywork that will drastically simplify my automated backup needs on F5 devices. Based on the works of Jason Rahm in his post "Third Time's the Charm: BIG-IP Backups Simplified with iCall" on the 26th of June 2013, I went ahead and created my own iApp that pretty much provides the answers for all my backup-needs.

Here's a feature list of this iApp:

  • It allows you to choose between both UCS or SCF as backup-types. (whilst providing ample warnings about SCF not being a very good restore-option due to the incompleteness in some cases)
  • It allows you to provide a passphrase for the UCS archives (the standard GUI also does this, so the iApp should too)
  • It allows you to not include the private keys (same thing: standard GUI does it, so the iApp does it too)
  • It allows you to set a Backup Schedule for every X minutes/hours/days/weeks/months or a custom selection of days in the week
  • It allows you to set the exact time, minute of the hour, day of the week or day of the month when the backup should be performed (depending on the usefulness with regards to the schedule type)

  • It allows you to transfer the backup files to external devices using 4 different protocols, next to providing local storage on the device itself

    *   SCP (username/private key without password)
    • SFTP (username/private key without password)
    • FTP (username/password)
    • SMB (using smbclient, with username/password)
    • Local Storage (/var/local/ucs or /var/local/scf)

  • It stores all passwords and private keys in a secure fashion: encrypted by the master key of the unit (f5mku), rendering it safe to store the backups, including the credentials off-box

  • It has a configurable automatic pruning function for the Local Storage option, so the disk doesn't fill up (i.e. keep last X backup files)

  • It allows you to configure the filename using the date/time wildcards from the tcl clock command, as well as providing a variable to include the hostname
  • It requires only the WebGUI to establish the configuration you desire
  • It allows you to disable the processes for automated backup, without you having to remove the Application Service or losing any previously entered settings
  • For the external shellscripts it automatically generates, the credentials are stored in encrypted form (using the master key)
  • It allows you to no longer be required to make modifications on the linux command line to get your automated backups running after an RMA or restore operation
  • It cleans up after itself, which means there are no extraneous shellscripts or status files lingering around after the scripts execute

Enjoy!

Thomas Schockaert

Contributed by: Thomas Schockaert

How to use this snippet:

minimum version 11.4

Code :

67735

Tested this on version:

11.4
Updated Jun 06, 2023
Version 2.0
backups
devops
iApps
  • Troy_Murray_196's avatar
    Troy_Murray_196
    Icon for Cirrus rankCirrus
    Sep 08, 2017

    dlee@biztecharchitects.com it has a built in way to save the config locally.

     

    Under Destination Parameters, for the question "Where do the backup files need to be saved?", select "on this F5" drop the drop down list.

     

  • Andreas_Schierm's avatar
    Andreas_Schierm
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2017

    To work around "script has exceeded its time to live, terminating the script" errors in /var/log/ltm adjust the allowed script run time by scriptd:

    TMSH:

    modify /sys scriptd max-script-run-time 600
save /sys config
run /cm config-sync to-group …
  • Rosieodonell_16's avatar
    Rosieodonell_16
    Icon for Cirrus rankCirrus
    Nov 15, 2017

    This is the error that I am getting when trying to use this iapp: ";

     

    010715bc:3: The application service (/Common/f5_pratcice_backup.app/f5_pratcice_backup) has strict updates enabled, the object (icall periodic handler /Common/) must be updated using an application management interface.

     

    It's nice to back up your F5 and I can't seem to get backups workign again. I am running 12.1.2 Build 1.0.271 Hotfix HF1.

     

  • Seven11's avatar
    Seven11
    Icon for Nimbostratus rankNimbostratus
    Dec 06, 2017

    I want to use the Backuptool with SCP and Private Key but the login is not working. Which Format, Encryption or else is needed to get is running with a key?

     

    Can you Post an example to see what i need to paste in the GUI.

     

    TMOS 13.0.0 HF3

     

    Thanks!

     

  • kkohegyi_165129's avatar
    kkohegyi_165129
    Icon for Nimbostratus rankNimbostratus
    Jan 10, 2018

    Hi,

     

    It is a great App.

     

    But when the remote destination is not reachable the script does not remove the backup file(s) from local directory.

     

    So the /var directory may fill up and it may cause unpredictable behaviour. A little modification is necessary if anybody want to use it production environment.

     

  • Robert_Goetze's avatar
    Robert_Goetze
    Icon for Nimbostratus rankNimbostratus
    Jan 15, 2018

    Hi, Is there a repository of all the versions(V2.0 - V2.2.5) ? I am trying to run multiple instances of the iApp on 11.6.x and think version v2.2.1 would do it or atleast maybe point me in the right direction.

     

    Thanks in advance.

     

  • Daniel_Tavernie's avatar
    Daniel_Tavernie
    Icon for Cirrostratus rankCirrostratus
    Jan 17, 2018

    @Robert, The only change that I am aware of that may not work in v11 is related to SMB (now using "mount -t cifs" instead of smbclient). Does v2.2.5 not load or work properly on v11.6.x?

     

    You can find v2.0.0 at https://pastebin.com/YbDj3eMN but that does not include the changes to allow multiple instance.