Complete F5 Automated Backup Solution
Problem this snippet solves:
Hi all,
Often I've been scouring the devcentral fora and codeshares to find that one piece of handywork that will drastically simplify my automated backup needs on F5 devices. Based on the works of Jason Rahm in his post "Third Time's the Charm: BIG-IP Backups Simplified with iCall" on the 26th of June 2013, I went ahead and created my own iApp that pretty much provides the answers for all my backup-needs.
Here's a feature list of this iApp:
- It allows you to choose between both UCS or SCF as backup-types. (whilst providing ample warnings about SCF not being a very good restore-option due to the incompleteness in some cases)
- It allows you to provide a passphrase for the UCS archives (the standard GUI also does this, so the iApp should too)
- It allows you to not include the private keys (same thing: standard GUI does it, so the iApp does it too)
- It allows you to set a Backup Schedule for every X minutes/hours/days/weeks/months or a custom selection of days in the week
- It allows you to set the exact time, minute of the hour, day of the week or day of the month when the backup should be performed (depending on the usefulness with regards to the schedule type)
-
It allows you to transfer the backup files to external devices using 4 different protocols, next to providing local storage on the device itself
* SCP (username/private key without password)
- SFTP (username/private key without password)
- FTP (username/password)
- SMB (using smbclient, with username/password)
- Local Storage (/var/local/ucs or /var/local/scf)
-
It stores all passwords and private keys in a secure fashion: encrypted by the master key of the unit (f5mku), rendering it safe to store the backups, including the credentials off-box
-
It has a configurable automatic pruning function for the Local Storage option, so the disk doesn't fill up (i.e. keep last X backup files)
- It allows you to configure the filename using the date/time wildcards from the tcl clock command, as well as providing a variable to include the hostname
- It requires only the WebGUI to establish the configuration you desire
- It allows you to disable the processes for automated backup, without you having to remove the Application Service or losing any previously entered settings
- For the external shellscripts it automatically generates, the credentials are stored in encrypted form (using the master key)
- It allows you to no longer be required to make modifications on the linux command line to get your automated backups running after an RMA or restore operation
- It cleans up after itself, which means there are no extraneous shellscripts or status files lingering around after the scripts execute
Enjoy!
Thomas Schockaert
Contributed by: Thomas Schockaert
How to use this snippet:
minimum version 11.4
Code :
67735
Tested this on version:
11.4- dlee_302341Nimbostratus
How do you change this script to just backup the config locally?
dlee@biztecharchitects.com it has a built in way to save the config locally.
Under Destination Parameters, for the question "Where do the backup files need to be saved?", select "on this F5" drop the drop down list.
- Andreas_SchiermNimbostratus
To work around "script has exceeded its time to live, terminating the script" errors in /var/log/ltm adjust the allowed script run time by scriptd:
TMSH:
modify /sys scriptd max-script-run-time 600 save /sys config run /cm config-sync to-group …
This is the error that I am getting when trying to use this iapp: ";
010715bc:3: The application service (/Common/f5_pratcice_backup.app/f5_pratcice_backup) has strict updates enabled, the object (icall periodic handler /Common/) must be updated using an application management interface.
It's nice to back up your F5 and I can't seem to get backups workign again. I am running 12.1.2 Build 1.0.271 Hotfix HF1.
- Seven11Nimbostratus
I want to use the Backuptool with SCP and Private Key but the login is not working. Which Format, Encryption or else is needed to get is running with a key?
Can you Post an example to see what i need to paste in the GUI.
TMOS 13.0.0 HF3
Thanks!
- Daniel_TavernieCirrostratus
now available on DevCentral CodeShare:
 
https://devcentral.f5.com/s/articles/f5-iapp-automated-backup-1114
 
(see later comment on this forum)
 
- AhmedGalal219_3Nimbostratus
Greate App thanks man it works perfectly with me in version 12.1.2
- kkohegyi_165129Nimbostratus
Hi,
It is a great App.
But when the remote destination is not reachable the script does not remove the backup file(s) from local directory.
So the /var directory may fill up and it may cause unpredictable behaviour. A little modification is necessary if anybody want to use it production environment.
- Robert_GoetzeNimbostratus
Hi, Is there a repository of all the versions(V2.0 - V2.2.5) ? I am trying to run multiple instances of the iApp on 11.6.x and think version v2.2.1 would do it or atleast maybe point me in the right direction.
Thanks in advance.
- Daniel_TavernieCirrostratus
@Robert, The only change that I am aware of that may not work in v11 is related to SMB (now using "mount -t cifs" instead of smbclient). Does v2.2.5 not load or work properly on v11.6.x?
You can find v2.0.0 at https://pastebin.com/YbDj3eMN but that does not include the changes to allow multiple instance.