Solari_86372
Nimbostratus
NimbostratusF5 GTM communication
Hi all,
Excuse the novice post, I'm quite new to getting this kind of thing working and have read through some posts I've found on the site. I do have a manual but it's quite brief and not much help here...
I'm trying to get two GTMs communicating but am having a bit of an issue... they are both up and running, and I configured both GTMs public IPs in the servers section with bigip health monitor and virtual server discovery enabled.
the steps I've taken so far to get them talking are:
i) Changed sync group name to something more appropriate.
2)
On the first GTM:
[root@glb01:Active] config cd /config/httpd/conf
[root@glb01:Active] conf cd ssl.crt
[root@glb01:Active] ssl.crt ls
server.crt
[root@glb01:Active] ssl.crt openssl x509 -x509toreq -in server.crt -out server.csr -signkey /config/httpd/conf/ssl.key/server.key
Getting request Private Key
Generating certificate request
[root@glb01:Active] ssl.crt openssl x509 -req -in server.csr -signkey /config/httpd/conf/ssl.key/server.key -days 3650 -out server.crt
Signature ok
subject=/C=--/ST=WA/L=Seattle/O=MyCompany/OU=1222281709/CN=dhcp-71/emailAddress= root@dhcp-71
Getting Private key
[root@glb01:Active] ssl.crt bigip_add [dest ip]
3) The same was done on the second GTM, and then:
[root@glb012:Active] ssl.crt gtm_add [dest ip]
WARNING: Running this script will wipe out the current configuration
files (wideip.conf, named.conf and named zone files) on the BIG-IP GTM
Controller on which this script is run. The configuration will be
replaced with the configuration of the remote BIG-IP GTM Controller
in the specified sync group
The local BIG-IP GTM MUST already be added in the configuration of the
other GTM.
Are you absolutely sure you want to do this? [y/n] y
==> Running 'bigstart shutdown gtmd' on the local system
==> Running 'bigstart shutdown zrd' on the local system
==> Running 'bigstart shutdown named' on the local system
Retrieving remote and installing local BIG-IP's SSL certs ...
Enter root password if prompted
Password:
Verifying iQuery connection to 203.18.109.66. This may take up to 30 seconds
Retrieving remote GTM configuration...
Retrieving remote DNS/named configuration...
Sync_zones script failed to retrieve DNS/named configuration:
13294:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844:
---
New, (NONE), Cipher is (NONE)
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID: B5B3639B5D832B69BC3314201A2DBACC63E01B4C42C7FB611CD4F541B641774D
Session-ID-ctx:
Master-Key:
Key-Arg : None
Start Time: 1225330204
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: unexplained error (code 255) at io.c(453) [receiver=2.6.9]
Could not sync /var/named//config/named.conf!
Restarting gtmd
Restarting named
Restarting zrd
[root@glb02:Active] ssl.crt
if I run the bigip_add script again, iqdump shows more normal heartbeat output again btu replication doesn't work. Am I missing something simple here?
Thanks in advance!
EDIT: I followed the guide I found on here (http://devcentral.f5.com/Wiki/default.aspx/AdvDesignConfig/GTMDeployment.html) after deleting the certificates I'd created, but still no joy..
