Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Copying partial configuration from one F5 to another

Simon_Waters_13
Cirrostratus
Cirrostratus

‎19-May-2015 09:26

Building a clone of existing F5 with LTM and APM on different model with different IP, and different HA features.

 

Looking at options to speed the process and make it less error prone.

 

I need to export one of the Access Profiles (easy - done).

 

I need to export all the iRules (I can use the iRule editor, or SCF, or config backups. Any other methods?)

 

I need to export the HTTP Profiles.

 

I need to export the Access Policy AAA servers (although I may need to change them).

 

I probably want to export secret keys, and other TLS/x509 config elements.

 

It would be nice to export the virtual server with corresponding iRules and Access profile, and cookie settings.

 

Nodes, Pools, likely to change details, although importing and changing those is a minor and clearly defined task.

 

Is this an SCF job, or is there a cleaner way?

 

Only other thing I can think of is restore the config backup, and edit it to reflect the new reality although concerned that might require re-licensing, and other changes to the F5 basic config (e.g. HA settings) which might be worse than the effort of doing the rest manually.

 

Some articles here refer to tmsh "list", but don't say how listed elements are re-imported. Mostly done bits via the GUI previously, although have decades on *nix command line, so not afraid of the command line, more of breaking the F5 horribly.

 

0 Kudos
1 REPLY 1

Michael_Jenkins
Cirrostratus
Cirrostratus

‎19-May-2015 12:03 - last edited on ‎05-Jun-2023 14:49 by Fog

When I need to transfer configuration settings from one device to another I use 

tmsh
to grab the original config and then modify as necessary and use the command 
tmsh load sys config from-terminal merge verify
to verify the config changes on the device and then run it without the 
verify
to perform the merge. It's the fastest way I've found to copy config.

In your instance, with copying a lot of config settings, I would recommend grabbing the 

bigip.conf
settings from the 
F5 iRule Editor
(since it's easy to get from there), and then just grab the config pieces you need and remove the rest. Then you can just run the merge to update the config on the other device....

Biggest caveat here is that some things fail to copy if you don't have things like ssl certs already set up on the device... and customization files fail as well (you'll need to fix those objects after updating.)

Hope this helps.

0 Kudos
Copyright © 2023 Khoros, LLC