Clustering among VCMPs and Tenants ( rSeries )
Hello guys, we are approaching a migration from a vCMP cluster to a Tenant ( on r5600 ) cluster . VLAN/Networks betweeen old and new nodes will be the same and the migration will be VIPs based ( not every vs at once ). I was wondering if it is possible to add Tenant nodes to the already vCMP device group so that we can continue to have a synced configuration during the migration . Has anyone ever configured a mixed device group with vCMPs and Tenants running on r-series ? thank you in advance105Views0likes2CommentsvCMP host and guest modify management IP
Hi, I need help to modify the management IP of vCMP host and guest and migrate them to new subnet. Existing Setup Two vCMP host on different chassis both having management IP from the same subnet vCMP host 1 management IP: 192.168.1.1/24 vCMP host2 management IP 192.168.1.2/24 There are multiple guest on each of these vcMP host which are in HA setup. They are bridged and have management IP configured within the same subnet as vCMP host. vCMP guest1 management: 192.168.1.3/24 vcMP guest 2 management : 192.168.1.4/24 New Setup I want to move them to new subnet but again both host and guest will be sharing the IP from the same subnet . If the new subnet is 172.19.1.0/24 then : vCMP host 1: 172.19.1.1/24 vCMP host 2 172.19.1.2/24, vCMP guest 1 : 172.19.1.3/24 vCMP guest2: 172.19.1.4/24 My question is can we change the host IP first or guest? Will changing the host IP affect the guest? What is best practice and sequence of steps to follow?57Views0likes2CommentsHA setup for non VCMP
We have 2 Hardwrae models BIG-IP i5800 and 5050(c109) F5 support forming HA with different hardware models while the software versions are identical. But in this scenario, since one of the platform is vCMP and the other is not, it might not as expected. 5050(c109) does NOT support Virtualization(vCMP) Then, Things we need is that our5050(not vCMP) can form HA with only 1 guest inside the vCMP host? (our i5800 has 2 guests, but we need HA only between 5050 and 1guest in 5800), Can it possible ?533Views0likes1CommentAnsible - Bricking freshly installed vcmp guests with ansible
Hello fellow F5 admins, currently I try to establisheda workflow, where new vcmp guests are created and configured with a standard basic config (and even building a HA setup). The creation part is working, but here begin the problems: tl;dr Question: What is the properway to bootstrap a freshly installed vcmp guests(or appliance), when you are forced to change the default passwords on 1st login, without doing it by hand? The only solution I found (link below) will lock me out of the system forever. Long Version: Freshly installed systems enforce a password change for admin user on 1st access. This password change cannot be accomplished with the standard ansible module "bigip_user". If you try, you will get an error telling you, password has expired and it has to be changed. I then found an article about the security password policy and how one is supposed to change the password with ansible (https://techdocs.f5.com/en-us/bigip-14-0-0/big-ip-system-secure-password-policy/secure-password-policy-chapter-title.html) So I gave it a try and the password was changed "a" password, but not the one provided by the playbook variable. Neither GUI nor SSH or REST login will work. I am locked out. Befor you ask: yes the password in ansible-vault style is correct, because it is used to create the guest on the vcmp hosts. Here is my playbook: --- - name: Test vCMP-Guest hosts: vcmp_guests gather_facts: false vars: f5_api_admin_user: admin f5_api_admin_password: !vault | $ANSIBLE_VAULT;1.1;AES256 35613438373864653838386266616364666366363332646635303036343266646664656333643932 6462363934306365636265313038376436353032303330370a656434643837343165316333393932 66616133376433303136366664303563373034353630656531663864323433663166653539303937 3937646663613064390a663631623733376339353735633362633139383635386661376137653434 6237 bigip_provider: server: "{{ ansible_host }}" server_port: 443 user: "{{ f5_api_admin_user }}" password: "{{ f5_api_admin_password }}" validate_certs: false transport: rest tasks: - name: Set admin Password uri: url: "https://{{ ansible_host }}/mgmt/shared/authz/users/admin" method: PATCH body: '{"oldPassword":"admin","password":"{{ f5_api_admin_password }}"}' body_format: json validate_certs: false force_basic_auth: true user: admin password: admin headers: Content-Type: "application/json" register: result delegate_to: localhost - name: Debug ansible.builtin.debug: var: result - name: Try to get system info f5networks.f5_modules.bigip_device_info: gather_subset: - system-info provider: "{{ bigip_provider }}" register: output delegate_to: localhost - name: Debug ansible.builtin.debug: var: output The Output of the the passwordreset task look fine to me: TASK [Debug] ******************************************************************************************************************************************************************************** task path: ~/guest-playbook.yml:47 ok: [test-guest] => { "result": { "cache_control": "no-store, no-cache, must-revalidate", "changed": false, "connection": "close", "content_length": "330", "content_security_policy": "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data: http://127.4.1.1 http://127.4.2.1", "content_type": "application/json; charset=UTF-8", "cookies": {}, "cookies_string": "", "date": "Fri, 29 Sep 2023 11:48:50 GMT", "elapsed": 0, "expires": "-1", "failed": false, "json": { "displayName": "Admin User", "encryptedPassword": "<removed>", "generation": 0, "kind": "shared:authz:users:usersworkerstate", "lastUpdateMicros": 0, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "selfLink": "https://localhost/mgmt/shared/authz/users/********", "shell": "/sbin/nologin" }, "msg": "OK (330 bytes)", "pragma": "no-cache", "redirected": false, "server": "Jetty(9.2.22.v20170606)", "status": 200, "strict_transport_security": "max-age=16070400; includeSubDomains", "url": "https://<removed>/mgmt/shared/authz/users/********", "x_content_type_options": "nosniff", "x_frame_options": "SAMEORIGIN", "x_xss_protection": "1; mode=block" The next task, will already fail with a "unauthorized" message. From now on, I cannot access the system any more, and believe me, I tried a lot. One interesting Thing: When I don't use a ansible-vault encrypted password and instead set the variable directly to the string, login is possible, BUT only to the GUI. I cannot do rest api calls with this password. When I change the admin password again (from within GUI), I can however use rest api again. When I change it back to the original one, api calls will fail. There is one difference I noticedin /var/log/audit in the case, when I set the password as clear-text: User authentication is logged like this and the api request fails: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) After setting a new password within the GUI oder tmsh and running the same api request, audit messaged changed like this and the request is successfull: [...] AUDIT - user admin - RAW: rest(pam_audit): user=admin(admin)[...] When I now change the password back to the previous one, api request fails again [...]AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown)[...] What on earth is going on? How is one supposed to bootstrap a vcmp guest from ground up without manually interaction for setting passwords and stuff? Any usefull advice isthoroughly appreciate. Cheers IchnafiSolved810Views0likes3CommentsSnapshot capability of VE Guests on VCMP
Hi all, I wish to investigate on the backup/restore capcacity beyond ucs backup. With VEs running on VMWare we can take adavantage of VMWare's snapshot capability to have images of the VE before we operate on it. Are there similar capabilities available on my 5250V/VCMP? Cheers, Gabe469Views0likes3CommentsHow to rebuild vCMP guest VM - Viprion deployment
Hi, I wonder if anyone had issue vCMP guest VM failure on one slot. I have three slot Viprion with guests set to all slots. After upgrade guest started but the guest VM on slot 2 failed. So now guest is running only on two slots. Slot 2 VM seems to be completely dead: No way to SSH using this slot member IP ssh slot 2 from slot 1 not working vconsole [guest name] 2 from host not working I was not able to test tmsh reboot slot 2 from guest slot 1 (Primary) but I highly doubt it will work. Sure I will try reboot guest chassis (like tmsh reboot slot all ) but what if slot 2 VM will not boot again? Any proven procedure? My idea is to: Change guest state to configured Disable guest on slot 2 Change state to provisioned - according to info collected: VM will be deleted vdisk will be preserved I think vdisk on slot 2 should be removed - hope can be done via host GUI vCMP ›› Virtual Disk List After clean up: Change state to configured Enable guest on all slots (original setting) Change state to provisioned, I assume that: VM will be created vdisk will be copied from primary slot Change state to deployed Should it work? Any better/safer way? Piotr680Views0likes2CommentsHow to rebuild vCMP guest VM - Viprion deployment
Hi, I wonder if anyone had issue vCMP guest VM failure on one slot. I have three slot Viprion with guests set to all slots. After upgrade guest started but the guest VM on slot 2 failed. So now guest is running only on two slots. Slot 2 VM seems to be completely dead: No way to SSH using this slot member IP ssh slot 2 from slot 1 not working vconsole [guest name] 2 from host not working I was not able to test tmsh reboot slot 2 from guest slot 1 (Primary) but I highly doubt it will work. Sure I will try reboot guest chassis (like tmsh reboot slot all ) but what if slot 2 VM will not boot again? Any proven procedure? My idea is to: Change guest state to configured Disable guest on slot 2 Change state to provisioned - according to info collected: VM will be deleted vdisk will be preserved I think vdisk on slot 2 should be removed - hope can be done via host GUI vCMP ›› Virtual Disk List After clean up: Change state to configured Enable guest on all slots (original setting) Change state to provisioned, I assume that: VM will be created vdisk will be copied from primary slot Change state to deployed Should it work? Any better/safer way? Piotr193Views0likes0CommentsThreshold for HA-group within vCMP guest not working
We have a cluster out of 3 BIG-IP 5250v with vCMP enabled running 11.5.4 as the host version. We have two guests created, one with 4 CPUs and the other with 2 CPUs. The guests are running 12.1.0 HF1. HB/Sync VLAN is assigned to physical interfaces 1.x, but for all user VLANs we are using a 40Gb trunk (2.1 - 2.4), which will be shared for both guests. Within the guest I created a HA-group for this trunk, but when I try to enter the value 2 in the Threshold field I'm getting the following error message: 01071569:3: Ha group threshold for trunk 2 is greater than the maximum number of members 0. Did I something wrong or is this a bug? Do you need any further information? Thanks for your help! Ciao Stefan 🙂212Views0likes2Commentsblade 1 quorum state decreasing from running to quorum
Hello everybody! I have just got these logs in my LTM: "Blade 1 quorum state decreasing from RUNNING to QUORUM" "Blade 1 quorum state decreasing from QUORUM to RUNNING" This environment is a 2x Viprion 2400 with 3x Blades 2100 each. We have configured 2 vcmp using 4x cores and 3x slots each. I could also notice that both admin and vcmp CPU are very high. Maybe this log is trying to say something about it and I am not able to identify. I have already searched about it on AskF5 and here. However, I could not find anything. Can anyone help me?285Views0likes3Comments