Pool Member Nodes: Different Partitions, Same IP Address
In summary, I have created multiple partitions. I'm attempting to perform a merge configuration. I get an error stating that I cannot use the same IP address for two separate nodes that reside in different partitions. Is this be design? I'm performing a migration from A10. Can F5 have nodes in different partitions with the same IP address? Here is my error via the CLI: 0107003a:3: Pool member node (/WEB/pcf-prod-gorouter1) and existing node (/APP/pcf-prod-gorouter1) cannot use the same IP Address (10.66.36.12). As you can see by the names of the nodes, they reside in different partitions. Thanks in advance for the assistance.
AAA for Big-IQ CLI/TMSH Login
Hi, I have tried to use AAA server for authentication and authorization Big-IQ web GUI login. I configured on Big-IQ web GUI and find out that it doesn't work to authenticate user who log in into TMSH/CLI. Is there separate configuration to authenticate user through AAA server for CLI/tmsh? Thank you
iStats v13 command help
Hi, Here is help displayed by cli istats command: Usage: istats [-s ] [] is one of: 'set' 'incr' 'get' 'remove' 'dump' 'drop_row' 'drop_column' 'clear_row' is a single quoted argument: "keyspace ... " (like "ltm.pool /Common/mypool counter mystat") is one of: 'counter' 'gauge' 'string' 'text' 'signed' 'unsigned' 'bin' 'dec' 'hex' 'timestamp' 'timeval' 'uinthex' must be specified for 'set' and 'incr', and must be an integer for 'incr' The for a gauge may be negative. Use 2 dashes before the negative value (like 'incr "... gauge ..." -- -1') I wonder if there are is any info how to use operations like drop_row, drop_colum, clear_row What is [-s ] description "keyspace ... " - what is keyspace and column? If possible some example of key using all above elements and multiple columnsIs there any description what can be stored in types: 'text' 'signed' 'unsigned' 'bin' 'dec' 'hex' 'timestamp' 'timeval' 'uinthex'And how those behave in relation to value used. What is difference between timestamp and timeval. I had ipression that those can be set without using value (like automatically place current time at the moment key is created in value) but it seems not be the case.PiotrUpgrade Verification - CLI tips and tricks
I mentioned recently in a conversation that I use to use the CLI to generate a snapshot of the bigip run state for pre/post comparison after an upgrade. By accident, I ran across these scripts today so here they are for your enjoyment. They are circa big-ip v12 so update as needed, feel free to post updated versions in the reply and i will tick them as the answer even. Pre-Change (Now supports partitions) # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.pre # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.pre Post Change # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.post # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.post Comparison # diff bigip-virtual-state.pre bigip-virtual-state.post # diff bigip-pool-state.pre bigip-pool-state.postTMSH CLI to modify objects with keyword variables in them
I am curious if there was a way to modify VIPs w/o specifically defining them within the command .. for example : modify ltm virtual Test-Donkey-HTTPS profiles delete { tcp-600 } profiles add { tcp } modify ltm virtual Prod-Donkey-HTTPS profiles delete { tcp-600 } profiles add { tcp } modify ltm virtual Stage-Donkey-HTTPS profiles delete { tcp-600 } profiles add { tcp } So above, I would like to replace all "Donkey" VIPs in one shot to adjust their profiles. Thank you!F5 show running config diff cli or gui V11
we run 2 BIG IP LTM in active standby. there are a multiple engineers in the team who work on the active unit on a daily basis... changes are manually synced to the standby. is there an easy way for running config diffs based on recent changes or say the standby unit's config ? quite often we will log into the active unit and it will be out of sync (indicating changes have been made to the running config) we need a way to display these changes before syncing to the standby unit...
tacacs not working for CLI access only on active unit
We are facing an issue where tacacs users are not able to login the CLI (ssh) of Active F5. GUI login is working fine for TACACS users on active F5. The SSH session via putty prompts for credential, but the putty window disappear as soon as he enters the credential. TACACS users are able to login to gui and cli perfectly fine on standby box. Checks performed: The route for tacacs server is through management ip and reachable.(gui is working for active). There are no failure logs in /var/log/secure|audit. Configuration for role group for tacacs on F5 is allowed for tmsh and is having adminstrator access. sshd[14095]: pam_bigip_authz: authenticated user XXXXX with role 0 (Administrator) in partition [All]. When accessed the ssh through root account. Was able to login but something wierd exception (below) was given when I tried accessing tmsh utility by running the 'tmsh' command from bash utility. Exception: (can't open command history file (/root/.tmsh-history-root), Read-only file system (framework/CmdHistoryFile.cpp, line 90), exiting…
