Forum Discussion

Simon_Waters_13's avatar
Simon_Waters_13
Icon for Cirrostratus rankCirrostratus
May 19, 2015

Copying partial configuration from one F5 to another

Building a clone of existing F5 with LTM and APM on different model with different IP, and different HA features.

 

Looking at options to speed the process and make it less error prone.

 

I need to export one of the Access Profiles (easy - done).

 

I need to export all the iRules (I can use the iRule editor, or SCF, or config backups. Any other methods?)

 

I need to export the HTTP Profiles.

 

I need to export the Access Policy AAA servers (although I may need to change them).

 

I probably want to export secret keys, and other TLS/x509 config elements.

 

It would be nice to export the virtual server with corresponding iRules and Access profile, and cookie settings.

 

Nodes, Pools, likely to change details, although importing and changing those is a minor and clearly defined task.

 

Is this an SCF job, or is there a cleaner way?

 

Only other thing I can think of is restore the config backup, and edit it to reflect the new reality although concerned that might require re-licensing, and other changes to the F5 basic config (e.g. HA settings) which might be worse than the effort of doing the rest manually.

 

Some articles here refer to tmsh "list", but don't say how listed elements are re-imported. Mostly done bits via the GUI previously, although have decades on *nix command line, so not afraid of the command line, more of breaking the F5 horribly.

 

APM
application delivery
deployment
devops
iRules
management
security
TMSH

1 Reply

Sort By
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    May 19, 2015

    When I need to transfer configuration settings from one device to another I use 

    tmsh
    to grab the original config and then modify as necessary and use the command 
    tmsh load sys config from-terminal merge verify
    to verify the config changes on the device and then run it without the 
    verify
    to perform the merge. It's the fastest way I've found to copy config.

    In your instance, with copying a lot of config settings, I would recommend grabbing the 

    bigip.conf
    settings from the 
    F5 iRule Editor
    (since it's easy to get from there), and then just grab the config pieces you need and remove the rest. Then you can just run the merge to update the config on the other device....

    Biggest caveat here is that some things fail to copy if you don't have things like ssl certs already set up on the device... and customization files fail as well (you'll need to fix those objects after updating.)

    Hope this helps.