Question goes out to anyone in a Multi Support User Environment, ranging from App Developers, Web Developers, Engineering, to Basic Help Desk.
This is for the inexperienced user group who are not managing the devices.
When running in an HA Pair where Sync is Manual or just in general configured in an HA Pair it's typical for someone who is not knowledgeable to login and make a change on the standby Unit, causing them to go out of "Sync"
We have two IP addresses to login to each individual F5. Is there a trigger somewhere on the initial login pages where they can be set to determine which one is "Active or Standby".
End Goal is for someone to go to an F5 Management Portal, login and be at the "Active" F5.
I believe you would just have to know which is active and know to login to that one. BIGIQ might solve this, as you could login to that as a central location and make changes there, but you would still need to push it to all the nodes.
This is a little clunky but you can create a partition which is not part of the sync or failover group. (system -> users -> partitions) (Device group: None, traffic group: local only non floating).
Create a virtual which sits only on the device with the custom partition. This would be your management portal.
Create an iRule which uses HA::status to tell you if the unit you're hitting is active. If it is active then redirect to the management url of that unit. If it is not active then redirect to the management url of the other unit.
Only problem is if the device you are hitting is completely down, then the management portal is down, however, how often does that happen? There may be some way to circumvent it, but i'm not thinking of it right off the top of my head.
I was trying to find an iRule variable that would tell you the machine name or hostname of the bigip unit you are on but I'm just not finding it. It may not exist. If this were a thing you could use it in combination with HA::status to redirect with a virtual server that is on the HA traffic group and sync group.
A simple way to get around this is have the people log into the shared floating IP shared between the F5s. This will log the user into the active box which ever it is.
box-a - 10.10.10.2 - active
box-b - 10.10.10.3 - standby
floating ip - 10.10.10.4
when logging into 10.10.10.4 you will receive the UI for box-a. But if there was a fail over then you would receive the UI for box-b
this seems like the easiest way to get this working,
a warning though, you are enabling management access on a self IP, so be sure to do this a network which is not reachable from untrusted network (like the internet).