cancel
Showing results for 
Search instead for 
Did you mean: 

copy config from BIGIP 2000 to VE incl filestore fails...

skunk
Nimbostratus
Nimbostratus

Hello, I do have a tricky situation - and running out of ideas.

There is a BigIP 2000 running 11.6.5.2, LTM and APM, multiple Partitions, lots of iRules and 100+ Datagroups. As an upgrade is needed, we want to test that on a VE. I only have GUI and ssh access to that virtual machine via the management IP.

 

How can i copy the full config from the BIGIP 2000 onto the VE?

I have tried a ucs (no-license and no-plattform), but that failed.

So used a scf and modified the network settings before, but failed due to the references to the datagroups.

Then copied the full filestore manually over, also the partition folder incl all bigip.confs.

But failed again, as probably this known issue kicks in: "K50710744: Using tmsh to load the configuration from the terminal or from a file fails when an external file is referenced"

For some partitions and their datagroups i followed the recommendation and created manually, and saw them in GUI.

So the VE had all partitions, SSL, and datagroups, as well as the objects in Common created.

used 'tmsh load sys config file' per partition but no success again.

Gave it another try today - lost again: the original admin/root accounts got overwritten. but can use my "personal-admin" via ssh, but tmsh is not possible, GUI does not come up, and I have no root account - so, need someone on the VCenter to access, log in via root and restore my init_ucs from the VE.

 

Probably there is something simple i miss here! Can someone please share some light?

Thanks in advance!

 

 

 

 

7 REPLIES 7

Hi skunk,

 

BIG-IP 2000:

1. Backup UCS

save /sys ucs /var/local/ucs/MyUCS.ucs

2. Download UCS

3. Look f5mku

f5mku -K

 

BIG-IP VM:

1. Upload MyUCS file to /var/local/ucs folder

 

If the interface numbering of the devices is the same, skip to step 8.

 

2. Create temp folder in /var/local/ucs

cd /var/local/ucs mkdir abc cd abc

3. Unzip UCS

tar -xzf /var/local/ucs/MyUCS.ucs

4. Open bigip_base.conf folder

nano config/bigip_base.conf # or vi config/bigip_base.conf

5. Change all interface names in bigip_base.conf

1.1 > 1.0 1.2 > 2.0 1.3 > 3.0 ...

6. Save bigip_base.conf

7. Zip files

tar -czf /var/local/ucs/newMyUCS.ucs *

8. Enter Bıg-IP 2000's f5mku value

f5mku -r <big-ip2000 f5mku value>

9. Restore UCS

tmsh load sys ucs newMyUCS.ucs no-license no-platform-check

Article for f5mku: https://support.f5.com/csp/article/K9420

skunk
Nimbostratus
Nimbostratus

Hi eaa,

thanks for that detailed answer! I did not know about the f5mku before 😉 thanks again.

Well, now as i got access back, I got the key and installed it on the VE.

Interface namings are the same 1.1 = 1.1.

I got messages that interface settings were wrong and set  "media-fixed 10000T-FD" on all int: 1.1 - 4

As the 2000 has 1.1 - 1.8 and 2.1 & 2 (here is a trunk), i deleted the interface config 1.5-1.8, and also changed the trunk interfaces to 1.3 and 1.4.

followed your guideline, no errors!

But now it shows:

 01071635:3: /Common/management-ip: Conflicting configuration. Management-ip can't be created manually while DHCP is enabled. Do 'tmsh modify sys global-settings mgmt-dhcp disabled' before manually changing the management-ip. Unexpected Error: Loading configuration process failed.

 

why ? the management ip is configured:

list sys management-ip

sys management-ip 10.107.127.6/26 {

   description static-fallback

}

 

and dhcp is disabled:

 list sys global-settings mgmt-dhcp

sys global-settings {

   mgmt-dhcp disabled

}

 

this stops the load process, but what can I change here? Any help is welcome.

 

 

Hi skunk,

 

Can you change mgmt with using config command?

In cli (not tmos):

config

 

 

skunk
Nimbostratus
Nimbostratus

Hi eaa,

no , i can't as:

MCP must be in the running or base phase to run this script.

 

tmsh show sys mcp-state

-------------------------------------------------------

Sys::mcpd State:

-------------------------------------------------------

Running Phase                  platform

Last Configuration Load Status base-config-load-failed

 

Can you try load config?

tmsh load sys config

If not success:

https://support.f5.com/csp/article/K02091043

skunk
Nimbostratus
Nimbostratus

i restored another ucs which i took a few days ago - all fine, and VE came back. admin / root account and all processes fine.

startet with your guideline: put key on the VE, and then load the modified UCS, but again:

 

Oct 15 21:53:35 xxxxxxxk1 err mcpd[7184]: 01071635:3: /Common/management-ip: Conflicting configuration. Management-ip can't be created manually while DHCP is enabled. Do 'tmsh modify sys global-settings mgmt-dhcp disabled' before manually changing the management-ip.

 

its done on the GUI, ran the config utility, checked via tmsh ... ? no idea what else too check.

skunk
Nimbostratus
Nimbostratus

so, tested this now:

old ucs from the VE i can restore / load without an issue.

all managment IPs are static: on VE and BIGIP, verified that mgmt-dhcp is disabled on VE too.

on the VCenter i am told that no dhcp settings made as well.

modified the bigip_base.conf from the BIGIP.ucs with interface and trunk settings, as well new mgmt iP.

did f5mku -r (as mentionde above and in K9420).... and load the ucs -> receive still the message above: "01071635:3: /Common/management-ip: Conflicting configuration."

I search and found that Bug ID 653928, which is not a match and states there must be further errors.

looking at ltm log shows:

Oct 16 16:13:50 xyz err mcpd[7201]: 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure

Oct 16 16:13:50 xyz notice mcpd[7201]: 01071029:5: Symmmetric Unit Key decrypt

Oct 16 16:13:50 xyz notice mcpd[7201]: 01071027:5: Master key OpenSSL error: 1496362520:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:601: ▒

 

that error point me to K24780830, and again to K9420

 

😮 feels like a loop - somebody any hint for me please? Thanks a lot.