Config Sync issue (both boxes are staying "disconnected")
Need help... I currently dont have access to the boxes and Im tempted to just call support but trying to avoid it. (Not saying there is anything wrong with calling support but I know Im missing something basic!) Here are my steps (Im resetting everything): 1. Device Groups >(device group previously setup) put both boxes back to available. 2. Delete the existing device group. 3. Reset Device Trust. Choose Generate New Self-Signed Authority. 4. Device Trust>Peer list. Establish peering. (It is able to see peer no problem.) 5. Create device groups. "test-sync-failover". Put both devices in "includes". and check Network Failover. 6. Confirm both devices are in the Device List area. 7. Overview>(click self device)>choose "Sync Device to Group">Choose "Overwrite Configuration">Sync Boxes are showing disconnected. What can I check? Are there a specific log I can look at to find out why they cannot sync? Should I reset the whole darn configuration and start from scratch again?
Issues with incremental config sync cache || Unable to do incremental sync, reverting to full load for device group
I received an error similar to below : notice mcpd[2789]: 0107168e:5: Unable to do incremental sync, reverting to full load for device group /Common/syncgroup1device%cmi-mcpd peer-/Common/ltm1.example.comfrom commit id { 4 6390393316259868817 /Common/ltm1.example.com}to commit id { 3 6391877370007482801 /Common/ltm2.exmample.com}. Here, changes pertaining to commit id 3 got executed on the peer device. Undesired change like disabled pool member was enabled which caused impact to the business. The recommended action says to reduce the size and frequency of the configuration changes made to the BIG-IP system. You may also be able to mitigate this issue by increasing the size of the incremental ConfigSync cache. While I see the explanation below saying if incremental sync cache size exceeds 1024, the BIG-IP performs a full sync which is not happening in my case. In theMaximum Incremental Sync Size (KB)field, retain the default value of1024, or type a different value.This value specifies the total size of configuration changes that can reside in the incremental sync cache. If the total size of the configuration changes in the cache exceeds the specified value, the BIG-IP system performs a full sync whenever the next config sync operation occurs. Can anyone help me understand the below concerns. Q. Why the full sync doesn't happen if the incremental sync cache size goes beyond 1024. Also it caused an impact to the traffic by configuring changes specific to commit-id 3. Also I checked below command, show cm device-group <sync_group> incremental-config-sync-cache It shows multiple commit id and related configuration, Q. Is there a procedure to only keep the recent commit-id and flush the old ones so the cache doesn't go beyond default 1024KB. Q. Can the modify the cache value to the suggested 2048 and will there be any impact of it ? And will it require increasing it in future if say again the cache fills up ? modify cm device-group <sync_group> incremental-config-sync-size-max ? Specifies the maximum size (in KB) to devote to incremental config sync cached transactions. Range: 128-10240. Default:1024. Q. Is there a way we can monitor this proactively (leaving aside the preventive measures of reducing size and frequency of config changes). Hope I will get answers to the above concerns. thank DevCentral Community in advance !!!
BIG-IP Sync-Failover - Sync Failed
Hi, In a project we're running a device-group in Sync-Failover* mode with Manual Sync type. After a change on the Active unit trying to sync from the Active unit to the device-group, Sync Failed with the information below: Sync Summary Status Sync Failed Summary A validation error occurred while syncing to a remote device Details Sync error on 2nd-unit: Load failed from 1st-unit 01070110:3: Node address 'node' is referenced by a member of pool 'pool'. Recommended action: Review the error message and determine corrective action on the device We're totally sure that nothing had been changed manually on the 2nd node, and both nodes were in sync before the change on 1st node. The Last Sync Type field for both nodes shows Manual Full Node. I couldn't find anything on this case; is it safe to just manipulate the configuration on the 2nd node and then sync from 2nd node to the device-group? Many thanks in advance!BigIP 10.2.2 HF3 config sync problem
Hello, I have a problem with my BigIP, the config sync isn't working : Checking configuration on local system and peer system... Peer's IP address: 192.168.168.2 Synchronizing Master Keys... Saving active configuration... Configsync Mode: Push Transferring UCS to peer... Installing UCS on peer... OperationFailed exception: Primary error : 16908289 Secondary error: 0 Error text : Error trying to determine whether configuration is encrypted or not. Obtaining results of remote configuration installation... OperationFailed exception: Primary error : 16908289 Secondary error: 0 Error text : Error opening file for read operations Error obtaining results of remote configuration installation. Error installing UCS on peer. Transport and install failed Error running config sync all. BIGpipe parsing error: 01110001:3: Error running config sync all It worked 3 days ago after adding servers in pool using tmsh, saving the config and using the ewb interface to sync the config, but today, it didn't work. I tried with the bigpipe "config sync all command" but it is the same. The ping between peer work fine, the 443 port is open, and it seems the file is correctly transfered but it doesn't install on the remote peer... Here is the file i can see on the remote peer when i try to sync : -rw-r--r-- 1 root apache 768K May 27 09:56 __sync_remote__.ucs I work in an hospital and the bigip are really critical and have many application on it. If someone can help me find a solution, it would be really great 🙂 Best Regard JérômeConfigSync issue in BIG-IP 1600 v11.3 HF5
Hi, We are facing issues while trying a config sync between the nodes of the BIG-IP. We get the following error in the Gui One or more devices are unreachable. Resolve any communication problems before attempting to sync. We checked the /var/log/ltm messages and we could see the following error Dec 6 14:54:21 LB1-KDDTS1FARMCLSFR1 info tmm[8159]: CMI peer 10.10.40.2 certificate rejected, error 19: self signed certificate in certificate chain Can you please help us in solving this issue ?
BIG-IP : iControl API retrieve device-groups and members
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Does iControl API provide methods to retrieve the following info : -- list of device-groups a device belongs to ? Main > Device Management > Device Groups > Device Group List -- device-group members Properties > Members Please note that Management.DeviceGroup class constructor doesn’t take any args – so how to specify the hostname/ip ? In other iControl classes ( such as System.ConfigSync ) the constructor accepts args ( hostname, username, password, timeout ) that are used to connect to the BIG-IP device for all of the class member methods.
failed to sync config to peer
Hi Friends, I encountered a issue about config-sync of BIGIP VE lab environment, HA is established(active/standby) but the status is "Not All Devices Synced" all the time, one of member's sync status is always "Does not have the last synced configuration". I tried v11.6.0/v11.5.3 and rebuild the config several times but still the same, config cannot be sync to peer device. Kindly help me with this frustrating issue and let me know if something missed. Thanks a lot!BIG-IP : sync-failover device-group sync options
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi For a device-group of type sync-failover, the admin browser provides these options : Automatic Sync Full Sync Maximum Incremental Sync Size (KB) Could someone please explain these options ? Are syncs on a time-schedule ? Or are syncs triggered by any change to the primary ? Or exactly what types of changes will trigger a sync ? Specifically, will a change to a data-group file ( e.g. add/delete a line ) trigger a sync ?Basic Crontab setup
I can't seem to get my bigip to run a simple cron. Below is the script run config_sync_script.py !/usr/bin/python import os failover_status = os.popen("b failover show").read().split()[1] sync_status = os.popen('tmsh show sys config-sync | grep "Status"').read().split()[1] if failover_status == 'active' and sync_status == '1': os.system('tmsh run sys config-sync') config ls -la | grep config_sync_script.py -rwxr--r-- 1 root root 274 Aug 13 09:06 config_sync_script.py crontab -l Active] config crontab -l cron tab for root 1-59/30 * * * * /usr/bin/diskmonitor 18 9 * * * /config/config_sync_script.py The time just matches a time I was working on it. In monitoring the cron log nothing happens and the script never seems to run. What am I missing?
