Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

K14823198: ASM guided configuration not synced to peer device after upgrade impact

Go to solution
kgaigl
Cirrostratus
Cirrostratus

‎10-May-2022 02:43

Hello,

after Upgrade an active/standby cluster to 16.1.2.2 I ran into this:

https://support.f5.com/csp/article/K14823198

now I've 2 questions:

1. do I have to run this commands on active or standby?

2. what impact have this commands? I'm afraid of both units are active for a minute or so.

Thank you

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
kgaigl
Cirrostratus
Cirrostratus

‎02-Jun-2022 00:04

Solution:

F5-Support provided me a Script "ha-sync" and after run 

/var/tmp/ha-sync --force -H 192.168.97.2 -D device-group-failover-21b78xxxx

everything's ok now

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
Nikoolayy1
MVP
MVP

‎10-May-2022 05:09 - edited ‎10-May-2022 05:11

restjavad restnoded are not critical processes related to F5 REST-API so it shouldn't cause big impact but still do this in a maintainance window:

 

https://support.f5.com/csp/article/K48615077

 

Also read the bug articles as they specify to run the commands first on the active then sandby

 

https://cdn.f5.com/product/bugtracker/ID860245.html

 

https://cdn.f5.com/product/bugtracker/ID835517.html

0 Kudos

Go to solution
kgaigl
Cirrostratus
Cirrostratus

‎10-May-2022 05:22

thank you, but my concern is, that if the device-trust is reset, then for a (very short) time both units are active and so there would be IP Adress Conflict when the same VIP's on both units are active.

I think about the commands  restcurl -X DELETE...

I will try after Office Hours

0 Kudos

Go to solution
Nikoolayy1
MVP
MVP
In response to kgaigl

‎10-May-2022 07:24

If you are worrying about split brain you can make the standby in offline mode this way it will not take over as active even when the trust is broken between the HA pair.

Go to solution
kgaigl
Cirrostratus
Cirrostratus

‎11-May-2022 22:38

oh, didn't think about this, thank you

0 Kudos

Go to solution
Nikoolayy1
MVP
MVP
In response to kgaigl

‎13-May-2022 02:53

Hello,

 

After the upgrade please share if everything is ok and if you saw any issues so we can close the question.

0 Kudos

Go to solution
kgaigl
Cirrostratus
Cirrostratus
In response to Nikoolayy1

‎17-May-2022 23:41

I'm in contact with the support, they told me to change in Ressource Provisioning the Management from Small to Large, now:

[root@ldb-ara31-brz-00:Standby:In Sync] ~ # restcurl shared/gossip |egrep '\"status\"|\"gossipPeerGroup\"'
  "status": "ACTIVE",
  "gossipPeerGroup": "tm-shared-all-big-ips",

in the overview of the Security Policies the Policies are present and attached to the VS, but under Guided Configuration, the Policies are still not present.

It looks like a displaying Error.

tried to export/import the Policies, get an Error, Policy already exists

tried to create a new Policy, this will also not displayed on the standby 

0 Kudos

Go to solution
kgaigl
Cirrostratus
Cirrostratus

‎15-May-2022 22:22

after running the described actions, it's still the same on the standby-unit:

[root@ldb-ara31-brz-00:Standby:In Sync] ~ # restcurl shared/gossip |egrep '\"status\"|\"gossipPeerGroup\"'
  "status": "UNPAIRED",
  "gossipPeerGroup": "tm-shared-all-big-ips",
0 Kudos

Go to solution
kgaigl
Cirrostratus
Cirrostratus

‎02-Jun-2022 00:04

Solution:

F5-Support provided me a Script "ha-sync" and after run 

/var/tmp/ha-sync --force -H 192.168.97.2 -D device-group-failover-21b78xxxx

everything's ok now

0 Kudos
Copyright © 2023 Khoros, LLC