Update to my previous comment...ended up settling for using this wonder solution. Except I made changes to it to solve the different instances having different administrator passwords.
My fork is here: https://github.com/TheDreamer/f5configbackup
I have wishlist of other things I still want to add, but haven't had time to dig into the code. At least I have backups and get a nice certificate report, which is much better than configuring the F5 to send a flood of emails that can't be stopped when the expired cert has to stay.... (I think I got tired of it and included in a mass conversion to sha2 I did a few months back.)
The first is to get email reports of backup status. Especially when backups have failed. A former admin kept changing the passwords to a compromised one and making all the units have the same password. Except he was the reason we made them different. Though repeating the mistake of directly editing bigip.conf (while auto-sync is being used) was.... given all the people with some level of being able to change things (resource admins, firewall managers, operators), even if he did a 'tmsh save /sys config' - make edits - 'tmsh load /sys config' is dangerous. In the past where I've done direct edits, a window is declared where nobody is allowed to login while I make the rush to make the change without too many errors....
Wish there was a way to move objects between administrative partitions. Of the issue of nodes getting created in the partition so not visible to common....though the firewall managers seem to have adapted....
Now I used the VM image as the starting point for our f5configbackup, any issues if I were to try doing OS updates or install vmware-tools on it? Already spent way too much time with selinux after attempting to reset passwords the wong way.