cancel
Showing results for 
Search instead for 
Did you mean: 

Migrating one partition from old VIPRION to a new i7800

LFR
Altostratus
Altostratus

Hello,

I'll start soon to do a migration from an old VIPRION BIGIP to a new chassi, i7800. In the old chassi I have vCMP with several partitions.

I don't want to migrate the vCMP at once. The idea is to migrate one partition at time. I can do backup in UCS and SCF format. I appreciate help for the procedure of this kind of migration. Can I edit de UCS file and delete but the partiton I want to migrate in the maintenance window, and do that for the next partition and so on.

What else should I delete and what should I keep in the UCS file? Of couse I have SSL certificates and key, and some key with password, which I don't know.

I appreciate ideas for this. Thanks.

LFR.

6 REPLIES 6

CA_Valli
Cirrocumulus
Cirrocumulus

Hello, of course you want them to be in the same version.

One big difference will be interface numbering. This will very likely change between hardware so you'll likely have to do this part from scratch. Actually, I might even suggest you to replicate the whole vCMP host configuration from scratch since hardware differs a lot. 

Once you've done this, vCMP Guest migration should be easy, I'd suggest creating empty instances on the new i7800 (since resource provisioning varies) running the same version, assign them the VLANS (naming must be the same if you want to work with UCS), perform f5mku rekeying on new guest to match the current key in old hardware, and then upload UCS file with -nolicense option.

Sorry -- I noticed you also mentioned you want to work one partition at a time.

This is a little tricker, however partition-specific configuration files are found in /config/partitions/<partition_name>/ folder. 

One thing that might work will be copying and pasting <partition_name> files bigip.conf, bigip_base.conf and any additional files you might find there. 

Create a partition with same name on new vCMP, move into the folder, create empty files and import text config from your backup.

The problem with this will be that you won't have all the files normally available in an UCS backup (packet captures, custom scripts, etc.) since you'll just work with text config, but it's the best way that comes to my mind to work on only one partition at a time. Also, again, be careful with network settings as there might be differences (I won't expect it on vCMPs but experience suggests "take care") 

 

#.conf files for old vCMP was uploaded in /var/tmp/oldunit_partition1_bigip.conf 
#.conf files for old vCMP was uploaded in /var/tmp/oldunit_partition1_bigipbase.conf 

#step 1, create partition and confirm cfg files are present 
bash

tmsh create /auth partition <partition_name>
tmsh save sys config

touch /config/partitions/<partition_name>/bigip_base.conf
touch /config/partitions/<partition_name>/bigip.conf

tmsh save sys config

#step 2, backup current files and import partition configuration from text config

cp /config/partitions/<partition_name>/bigip_base.conf /config/partitions/<partition_name>/bigip_base.conf.backup
cp /config/partitions/<partition_name>/bigip.conf /config/partitions/<partition_name>/bigip.conf.backup

# do one file at a time 

cp /var/tmp/oldunit_partition1_bigipbase.conf /config/partitions/<partition_name>/bigip_base.conf

tmsh load sys config verify 
#confirm no errors , or address current ones -- it will show what line has problems in the file
tmsh load sys config # pull config from text
tmsh save sys config # push running configuration into text+startup config

#if this works try bigip.conf too
#for quick backup, copy the bigip_base.backup file into bigip_base.conf and load+save 

 

LFR
Altostratus
Altostratus
CA_Valli,
 
Thank you. I'll need to do a lab, I need to know how can I recreate: network vlans at bigip host; associate VLANs with the vCMP; and the pki certificates.
 
Best Regard,
LFR.

This article might help for VLAN consideration. 

As for PKI certificates, you'll find them in your UCS in \var\tmp\filestore_temp\files_d\Common_d\ certificate_d and certificate_key_d folders. 

 

I would recommend to view F5's journey tool. Some months back I had a chance to witness the demo and it's pretty cool. 

 

https://github.com/f5devcentral/f5-journeys

 

It has options to move all at once or per application basis. You would need to install few stuffs to run the tool though, but it's cool. Let me know your thoughts.

 

LFR
Altostratus
Altostratus

Hi,

From my LAB, and for my case, I found the certificates and key (and other files, like ifile) at/and do:
- I copy the directoty from UCS: /var/tmp/filestore_temp/files_d/<partition_name>_d
- to the new bigip directory: /config/filestore/files_d/

maybe because in my old bigip I have created the certificates at the partition context.

The certificate and keys file name has the format ":<partition_name>:<certificate_name>" and I copy it (with Winscp) from the UCS to bigip and I notice the names has changed to "_<partition_name>_<certificate_name>", so I need to rename the file name to replace "_" with ":".
I'm doing this at windows PC.

I have to add part of config to bigip.conf, at new bigip dir /config to add the certificate file reference (the same part of config from the UCS file), like this (at tmsh):

load sys config from-terminal merge

sys file ssl-csr /Common/<certificate_name> {
cache-path /config/filestore/files_d/Common_d/certificate_signing_request_d/:Common:<certificate_name>
revision 1
source-path /config/ssl/ssl.csr/<certificate_name>
}
sys file ssl-key /Common/<certificate_key_name> {
cache-path /config/filestore/files_d/Common_d/certificate_key_d/:Common:<certificate_key_name>
revision 1
source-path /var/run/key_mgmt/0fx0wn/ssl.key/<certificate_key_name>
}

#<CTRL-D>

save sys config

 

Please note the certificate and key file names has an extra suffix, which must match at /config/bigip.conf.

Thak you for the help.
Best Regards,
LFR.