Forum Discussion

kgaigl's avatar
kgaigl
Icon for Cirrocumulus rankCirrocumulus
May 10, 2022
Solved

K14823198: ASM guided configuration not synced to peer device after upgrade impact

Hello,

after Upgrade an active/standby cluster to 16.1.2.2 I ran into this:

https://support.f5.com/csp/article/K14823198

now I've 2 questions:

1. do I have to run this commands on active or standby?

2. what impact have this commands? I'm afraid of both units are active for a minute or so.

Thank you

application delivery
asm
Guided-Configuration
security
  • kgaigl's avatar
    kgaigl
    Jun 02, 2022

    Solution:

    F5-Support provided me a Script "ha-sync" and after run 

    /var/tmp/ha-sync --force -H 192.168.97.2 -D device-group-failover-21b78xxxx

    everything's ok now

8 Replies

Sort By
  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus
    May 10, 2022

    thank you, but my concern is, that if the device-trust is reset, then for a (very short) time both units are active and so there would be IP Adress Conflict when the same VIP's on both units are active.

    I think about the commands  restcurl -X DELETE...

    I will try after Office Hours

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP
      May 10, 2022

      If you are worrying about split brain you can make the standby in offline mode this way it will not take over as active even when the trust is broken between the HA pair.

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP
      May 13, 2022

      Hello,

       

      After the upgrade please share if everything is ok and if you saw any issues so we can close the question.

      • kgaigl's avatar
        kgaigl
        Icon for Cirrocumulus rankCirrocumulus
        May 18, 2022

        I'm in contact with the support, they told me to change in Ressource Provisioning the Management from Small to Large, now:

        [root@ldb-ara31-brz-00:Standby:In Sync] ~ # restcurl shared/gossip |egrep '\"status\"|\"gossipPeerGroup\"'
  "status": "ACTIVE",
  "gossipPeerGroup": "tm-shared-all-big-ips",

        in the overview of the Security Policies the Policies are present and attached to the VS, but under Guided Configuration, the Policies are still not present.

        It looks like a displaying Error.

        tried to export/import the Policies, get an Error, Policy already exists

        tried to create a new Policy, this will also not displayed on the standby 

  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus
    May 16, 2022

    after running the described actions, it's still the same on the standby-unit:

    [root@ldb-ara31-brz-00:Standby:In Sync] ~ # restcurl shared/gossip |egrep '\"status\"|\"gossipPeerGroup\"'
  "status": "UNPAIRED",
  "gossipPeerGroup": "tm-shared-all-big-ips",
  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus
    Jun 02, 2022

    Solution:

    F5-Support provided me a Script "ha-sync" and after run 

    /var/tmp/ha-sync --force -H 192.168.97.2 -D device-group-failover-21b78xxxx

    everything's ok now