F5 Automated Backups - The Right Way
Hi all,
Often I've been scouring the devcentral fora and codeshares to find that one piece of handywork that will drastically simplify my automated backup needs on F5 devices. Based on the works of Jason Rahm in his post "Third Time's the Charm: BIG-IP Backups Simplified with iCall" on the 26th of June 2013, I went ahead and created my own iApp that pretty much provides the answers for all my backup-needs.
Here's a feature list of this iApp:
- It allows you to choose between both UCS or SCF as backup-types. (whilst providing ample warnings about SCF not being a very good restore-option due to the incompleteness in some cases)
- It allows you to provide a passphrase for the UCS archives (the standard GUI also does this, so the iApp should too)
- It allows you to not include the private keys (same thing: standard GUI does it, so the iApp does it too)
- It allows you to set a Backup Schedule for every X minutes/hours/days/weeks/months or a custom selection of days in the week
- It allows you to set the exact time, minute of the hour, day of the week or day of the month when the backup should be performed (depending on the usefulness with regards to the schedule type)
- It allows you to transfer the backup files to external devices using 4 different protocols, next to providing local storage on the device itself
- SCP (username/private key without password)
- SFTP (username/private key without password)
- FTP (username/password)
- SMB (using smbclient, with username/password)
- Local Storage (/var/local/ucs or /var/local/scf)
- It stores all passwords and private keys in a secure fashion: encrypted by the master key of the unit (f5mku), rendering it safe to store the backups, including the credentials off-box
- It has a configurable automatic pruning function for the Local Storage option, so the disk doesn't fill up (i.e. keep last X backup files)
- It allows you to configure the filename using the date/time wildcards from the tcl [clock] command, as well as providing a variable to include the hostname
- It requires only the WebGUI to establish the configuration you desire
- It allows you to disable the processes for automated backup, without you having to remove the Application Service or losing any previously entered settings
- For the external shellscripts it automatically generates, the credentials are stored in encrypted form (using the master key)
- It allows you to no longer be required to make modifications on the linux command line to get your automated backups running after an RMA or restore operation
- It cleans up after itself, which means there are no extraneous shellscripts or status files lingering around after the scripts execute
I wasn't able to upload the iApp template to this article, so I threw it on pastebin: http://pastebin.com/YbDj3eMN
Enjoy!
Thomas Schockaert
Published Mar 13, 2014
Version 1.0Thomas_Schocka1
Altocumulus
Joined May 04, 2012
Thomas_Schocka1
Altocumulus
Joined May 04, 2012
- I've made a third edition. http://download.domingo.dk/data/public/backup-iapp.php
- THiNimbostratusHi tried to load this in to 11.6.0 (both HF1 & HF3). When importing the template, it loads, but LTM log gets the following warning: Jan 29 12:20:54 beta warning mcpd[6837]: 01071859:4: Warning generated : /Common/f5.automated_backup.v2.0.3-tdd definition:234: warning: [use curly braces to avoid double substitution][$everyxminutes*60] /Common/f5.automated_backup.v2.0.3-tdd definition:243: warning: [use curly braces to avoid double substitution][$everyxhours*3600] /Common/f5.automated_backup.v2.0.3-tdd definition:253: warning: [use curly braces to avoid double substitution][$everyxdays*86400] /Common/f ...... So is this intentional or is there something wrong in the syntax?
- Abdessamad1CirrostratusThanks a lot Thomas for sharing this iApp. THi , the error in v11.6.0 can be resolved by adding braces to each "expr" command ( for exp: expr {$everyxminutes*60} ).
- Max_Q_factorCirrocumulusThomas, this is a great iapp, is there anyway you can add some object variables so we can have multiple iApp instances on a box? say one for local backups and one for remote backups?
- jdcarp_179627NimbostratusI had issues targeting backups to an SMB file server in a Active Directory domain. So I modified this template to request allow users to specify the workgroup -- https://dl.dropboxusercontent.com/u/43115505/f5-iapps/f5.automated_backup/f5.automated_backup.v2.0.4-jc.zip. ** Warning: This does NOT work with Windows 2012 R2 file servers. The template will write a 0 KB .ucs files. My guess is this is due to the old version of smbclient 3.0.33 that is included in the BIG-IP software releases. It is up to F5 to update smbclient.
- B1r0AltostratusVery good thanks... saved me a lot of troubles. Is there a way to backup only if there has been an actual change in the configuration?
- B1r0AltostratusSorry guys. I was configuring a second UCS backup schedule to be run weekly instead of the daily SCF one, but I couldn't save it as it was returning this message: 010715bc:3: The application service (/Common/SConf_Backup_to_server.app/SConf_Backup_to_server) has strict updates enabled, the object (icall periodic handler /Common/f5.automated_backup-handler) must be updated using an application management interface. How can I change the template so it creates a new handler for each new iApp? Also adding a check that monitors if there were any actual changes. I did in the past my own script run by a cron event, but it got removed when I upgraded from 11.4.x to 11.6.x Thanks, Roberto
- TacticalDragon_NimbostratusHello Thomas, I just found your script, it's pretty awesome from what I see here. I am having trouble setting up sftp from my F5 to a cifs share. Currently my backup files live under ./var/local/ucs and my cifs share is under \\servername\sharename$ I have a private public key already created.
- sachin_80710NimbostratusHi, somebody please me in how to start using this code. There no steps on to use it. Copy complete code then ? Thanks, Sachin
- coriolis_75734NimbostratusAnyone come across this error? (script did not successfully complete: (Host key verification failed. lost connection while executing "exec $scriptfile" line:18)) I've copied the private key into the iApp and placed the public key in the right place on the FTP server? I've also successfully connected using sftp and specifying the file manually.