Prerequisites and order of operations - UCS restore from i4800 to F5 LTM VE
Hi guys. We are emulating a F5 LTM VE in an EVE-NG environment. this is done for testing purposes and I am currently in the process of trying to restore a UCS file from our BIG-IP LTM i4800 to BIG-IP LTM VE - both version 17.1.2-0.08. I am currently struggling to make a restore as I experience an error "symmetric unit key decrypt error" I have come across the article https://cdn.f5.com/product/bugtracker/ID1043141.html but have not been able to locate the root cause fo this error. do any of you guys have any experience with restore from 1 to another platform with UCS? I am currently trying to restore with command "load sys ucs [filename] no-license platform-migrate" master key has been copied with f5mku -K command and edited on new platform with f5mku -r [Masterkey] What are the prerequisites for a succesful restore from 1 platform to another? e.g. license? ressource provisioning. etc.
Modify UCS Archive so it doesn't backup epsec images
Problem this snippet solves: Currently, if you have APM installed, the UCS Archive process, also backs up the epsec images. I have written a bash script, which modifies the UCS Archive process, so that it does not include these in the UCS Archive process, and it also modifies the bigip.conf that is archived, so that it does not contain references to these images. By default, APM has it's own epsec image in /var/sam/images so when your UCS Archive is loaded to a new system, or a rebuilt system, it will just use the default epsec image for that system. This means that if you have upload a new epsec image to fix an issue, you will need to ensure that this is done on any system you restore the UCS Archive too. How to use this snippet: Just save the bash script to a file like /shared/bin/modify_ucs.sh Then run the script:- # sh /shared/bin/modify_ucs.sh The script modifies /usr/libdata/configsync/cs.dat and creates two files config_save_pre and config_save_post in the same folder. It also creates a backup of cs.dat as cs.YYYY_MM_DD_HH_MM.bak The /usr filesystem is mounted RO, so I remount it RW to do this. To remove changes: mount -o remount,rw /usr cd /usr/libdata/configsync/ mv -f `ls -1t cs.dat.[0-9][0-9][0-9][0-9]*.bak|head -1` cs.dat rm -f config_save_p[or][se]* mount -o remount,ro /usr This modification does not survive a upgrade, so you will need to run the script again after any upgrade If you are running a cron job to create a daily/weekly backup, you can just call this script before you run the tmsh save sys ucs command, as it checks to see if the modification has already been done. Code : 70454vscode ucs save edits
When using the vscode extension 'The F5 Extension' to view a local UCS file, I can search and analyze the objects with great ease. However, I cannot save any edits. I keep getting a warning message stating: Failed to save app.conf; Unable to write file /app.conf (Unknown(FileSystemError): Error: EROFS: read-only file system, open /app.conf) I was hoping to use vscode to edit bigip_base.conf without unpacking, using vi, then repacking. I even tried editing the file permissions prior to opening the UCS > chmod 666 file.ucs Is there something I'm missing or miss-understand, ...or Is this not possible? Apple Mac: Sonoma 14.5 Externsion: Last updated, 2024-04-17, 16:43:43 ThanksF5 Archiver Ansible Playbook
Problem this snippet solves: Centralized scheduled archiving (backups) on F5 BIG-IP devices are a pain however, in the new world of Infrastructure as Code (IaC) and Super-NetOps tools like Ansible can provide the answer. I have a playbook I have been working on to allow me to backup off box quickly, UCS files are saves to a folder names tmp under the local project folder, this can be changed by editing the following line in the f5Archiver.yml file: dest: "tmp/{{ inventory_hostname }}-{{ date['stdout'] }}.ucs" The playbook can be run from a laptop on demand or via some scheduler (like cron ) or as part of a CI/CD pipelines. How to use this snippet: F5 Archiver Ansible Playbook Gitlab: StrataLabs: AnsibleF5Archiver Overview This Ansible playbook takes a list of F5 devices from a hosts file located within the inventory directory, creates a UCS archive and copies locally into the 'tmp' direcotry. Requirements This Ansible playbook requires the following: * ansible >= 2.5 * python module f5-sdk * F5 BIG-IP running TMOS >= 12 Usage Run using the ansible-playbook command using the inventory -i option to use the invertory directory instead of the default inventory host file. NOTE: F5 username and password are not set in the playbook and so need to be passed into the playbook as extra variables using the --extra-vars option, the variables are f5User for the username and f5Pwd for the password. The below examples use the default admin:admin . To check the playbook before using run the following commands ansible-playbook -i inventory --extra-vars "f5User=admin f5Pwd=admin" f5Archiver.yml --syntax-check ansible-playbook -i inventory --extra-vars "f5User=admin f5Pwd=admin" f5Archiver.yml --check Once happy run the following to execute the playbook ansible-playbook -i inventory --extra-vars "f5User=admin f5Pwd=admin" f5Archiver.yml Tested this on version: 12.1
Restore UCS from 10.1 to 11.2 fail
Hi everyone I've problem when I try to restore ucs v.10.1 to F5 v.11.2.1 and below is my issue This is result from tmsh load sys config Sep 2 16:43:43 bigip1 err mcpd[6396]: 01070920:3: Application error for confpp: Syntax OK The certificate does not match the key. To change them try 'tmsh modify sys httpd { ssl-certfile /etc/httpd/conf/ssl.crt/server.crt ssl-certkeyfile /etc/httpd/conf/ssl.key/server.key }' ************************************************************* Sep 2 16:43:43 bigip1.cot.com confpp[15748]: syntax check command FAILURE for unix_config_httpd returned: '2304' Problem is 1. big3d daemon is alway restarting 2. httpd daemon can't start so we can't access SSH or GUI (console still working) Did anyone experience this before? Thank you very muchUCS saving process failed.
Hey, Whenever i try to save archive my config, i get the following results: Saving active configuration... /bin/sh: -c: line 0: unexpected EOF while looking for matching `'' /bin/sh: -c: line 1: syntax error: unexpected end of file Fatal: executing: md5sum /config/monitors/' Operation aborted. /tmp/configsync.spec: Error creating package WARNING:There are error(s) during saving. Not everything was saved. Be very careful when using this saved file! Error creating package Error during config save. BIGpipe parsing error: 01020001:3: The requested operation failed. I've verified so i have disk free so its not that... anyone come across this before?
UCS install failing on RMA device
I've had a new unit delivered to replace a failed unit. I've got a UCS backup from the old unit, and when I attempt to install it with the procedure (tmsh load sys ucs your_ucs_file no-license) outlined in: https://support.f5.com/kb/en-us/solutions/public/12000/800/sol12880.html but the install fails with the below output (device name omitted for security): [root@:Active] config tmsh load sys ucs /var/local/ucs/-160703.ucs no-license Processing UCS file: /var/local/ucs/-160703.ucs Installing full UCS (11.2.1) data, excluding license file. Saving active configuration... The hostname is set to Extracting manifest: /var/local/ucs/-160703.ucs Product : BIG-IP Platform: Mercury Version : 11.2.1 Hostname: Installing --full-- configuration on host Installing configuration... Post-processing... WARNING: There were one or more errors detected during installation. Check the error messages and take the proper actions if needed. ERROR: UCS installation failed. Operation aborted. The configuration has been restored... [root@:Standby] config Any help or suggestions would be greatly appreciated on this! Many thanks AnthonyLoad UCS to not active volume which is in version lower than originating (need this for script)
In my case I have two boot locations with different images versions (like below): Volume Product Version Build Active Status HD1.1 BIG-IP 12.1.2 0.0.249 no complete HD1.2 BIG-IP 13.1.0 0.0.1868 yes complete I need to load UCS (predefined config version 12.1.2) to volume HD1.1. I need to load this UCS when I'm logged in on volume HD1.2 (which is active volume). I already checked "cpcfg" command but got error: "New version (12.1.2) is not >= originating version (13.1.0)" I already checked command "tmsh load sys ucs" but this command don't have option to load ucs to not active volume. I'm building a script so I need solution in this particular moment and situation. Any ideas?Comparing two UCS backup files
Is there anyway to compare two ucs files? A customer did an upgrade without follow the software compatibility matrix, apparently everything worked ok until until I detected a high cpu consume. F5 support team recommended us to do a rollback and then upgrade again following the software compatibility matrix rebuilding the configuration changes by hand. The problem is my customer doesn´t know how many changes have been made since the bad upgrade so I want to compare the current UCS and the UCS that I will get after doing the correct update process to find the configuration changes