Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Mar 11, 2020

Matching Configuration Problem.

Hey, all. I am serving as a hot site for a customer, but have recently run into a bit of a snag. My colleague that previously helped this customer left the company about six months ago and due to an all around lack of communication, some things slipped through the cracks.

 

So the issue is that the changes the customer has made to their Big IP have not been copied to our side in a while and now I have some catch up to do. This is not a mirrored network, just a "functional equivalent". So the VIPs, pools, irules, etc... Are the same, but the management, routes, etc... are different. So I cannot just load the UCS and call it good (unfortunately).

 

I'm looking for the best way to do this. When I compared the conf files from the UCS they provided and against mine there were over 6000 lines of code of difference.

 

Is it possible that I can just copy out the entire LTM section of their UCS file and paste it over the LTM section of mine? Is there a better way to do this that anyone has experience with?

 

Thanks.

 

 

4 Replies

  • Hi Gdoyle!

     

    The Single Configuration Files SCF could works for you, these are flat configuration files that you can modify previous to load the configuration, be noticed that the Network Routes are allocated on the bigip.conf file also if you import configuration some strings ( like passwords, secrets and passphrases) will be encrypted on the files and you must load the F5MKU from the origin device to the destination device to solve this. You could identify the encrypted strings cause begins with "$M".

     

    K13408: Overview of single configuration files (11.x - 15.x)

     

    K9420: Installing UCS files containing encrypted passwords 

     

     

  • load sys config merge file <file-name>
    load sys config merge from-terminal

    will be your friends ...

    • gdoyle's avatar
      gdoyle
      Icon for Cirrostratus rankCirrostratus

      Thanks, S Blakely. My one concern is that there are other sections in here (e.g. security) that I do not want to merge. Is it possible to strip everything except the LTM portion of that from the bigip.conf file they supply, load that as something like "bigip-tomerge.conf," and then merge from there?

      • Simon_Blakely's avatar
        Simon_Blakely
        Icon for Employee rankEmployee

        Yes - I recommend breaking things down into smaller sections, and you need to apply dependencies first.

        profiles

        policies

        nodes

        pools

        virtuals

         

        You still may have issues with things like SSL certificates/keys, and I recommend trying to migrate them manually - you can copy the filestore (using rsync) but I generally don't recommend it, as it is hard to get the filestore and config right